Load balancing secure sockets layer accelerator
First Claim
1. A load balancing acceleration device, comprising:
- a processor, memory and communications interface;
a TCP communications manager capable of interacting with a plurality of client devices and server devices simultaneously via the communications interface;
a secure communications manager to negotiate a secure communication session with one of the client devices;
an encryption and decryption engine instructing the processor to decrypt data received via the secure communication session and direct the decrypted data to one of said server devices via a second communication session; and
a load balancing engine associating each of said client devices with a respective one of said server devices based on calculated processing loads of each said server devices,wherein the decryption engine and the load balancing engine bypass an application layer of a network stack by decrypting the data from the secure communication sessions of the clients and outputting the decrypted data to the associated server devices without processing the data with the application layer of the network stack.
2 Assignments
0 Petitions
Accused Products
Abstract
A load balancing SSL acceleration device. The device includes a processor, memory and communications interface. A TCP communications manager capable of interacting with a plurality of client devices and server devices simultaneously is provided, along with a secure communications manager. The apparatus further includes an encryption and decryption engine instructing the processor to encrypt data from a secure communications session and direct it to said second communication session. Still further, the apparatus includes a load balancing engine associating ones of said client devices with ones of said servers for a communications session based on calculated processing loads of each said server. In a further aspect, a method for performing SSL acceleration of data communications between a plurality of customer devices attempting to communicate with an enterprise having a plurality of servers is disclosed.
-
Citations
24 Claims
-
1. A load balancing acceleration device, comprising:
-
a processor, memory and communications interface; a TCP communications manager capable of interacting with a plurality of client devices and server devices simultaneously via the communications interface; a secure communications manager to negotiate a secure communication session with one of the client devices; an encryption and decryption engine instructing the processor to decrypt data received via the secure communication session and direct the decrypted data to one of said server devices via a second communication session; and a load balancing engine associating each of said client devices with a respective one of said server devices based on calculated processing loads of each said server devices, wherein the decryption engine and the load balancing engine bypass an application layer of a network stack by decrypting the data from the secure communication sessions of the clients and outputting the decrypted data to the associated server devices without processing the data with the application layer of the network stack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for performing acceleration of data communications between a plurality of customer devices attempting to communicate with an enterprise having a plurality of servers, comprising:
-
providing an intermediate acceleration device enabled for secure communication with the customer devices, wherein the acceleration device has an IP address associated with the enterprise; receiving with the acceleration device communications directed to the enterprise in a secure protocol from one of the customer devices; decrypting data packets of the secure protocol with the acceleration device to provide decrypted packet data; without processing the data packets with an application layer of a network stack, selecting with the acceleration device at least one of the plurality of servers in the enterprise based on a load calculation including processing sessions of other servers in the enterprise and associating the selected server with a communications session from the one of the clients; and forwarding the decrypted packet data from the acceleration device to the selected server of the enterprise. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification