On Mon, 26 Jul 2004 22:38:23 -0500 (CDT), Nate Carlson <natecars at real-time.com> wrote: > You can also have the proxy server make a cleartext connection to the > internal web server - this is what many large web sites do to support SSL. > Basically, connections are made to the load balancing/ssl accelerator box > (which does crypto very fast), and then forwarded in the clear (over a > private network, hopefully) to the backend cluster node. The problem with doing that is then you are limited by the speed of the load balancer. What happens when you max that out? Often, it is better to use an SSL aware load balancer that forwards the SSL connections intact to the backend servers and lets them decrypt them. Then you can scale simply by adding another backend machine to the cluster. This is how Zeus Load Balancer works. You are of course right that making SSL connections to the backend servers is a stupid idea. -- David Phillips <david at acz.org> http://david.acz.org/ _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list