AnSSL load balanceris a load balancer that also performs encryption and decryption of data transported via HTTPS, which uses the Secure Sockets Layer (SSL) protocol (or its successor, the Transport Layer Security [TLS] protocol) to secure HTTP data as it crosses the network. The load balancer intercepts incoming client requests and distributes them across a group of backend servers, which increases website performance, reliability, and scalability.
To review general information about load balancers, seeSave80% Compared to Hardware Load Balancers.
SSLandTLSare the standard protocols for encrypting HTTP data before it is sent across a network, which prevents it from being read by unauthorized third parties who intercept it. It is vital for protecting sensitive data such as credit card numbers and Social Security numbers transmitted over a public network like the Internet.
An SSL load balancer acts as the server‑side SSL endpoint for connections with clients, meaning that it performs the decryption of requests and encryption of responses that the web or application server would otherwise have to do. The process varies somewhat depending on the security of the network between the load balancer and server:
- If the load balancer and server are on the same secured network (generally this means being behind a firewall), the SSL load balancer is usually configured to decrypt the request, extract the information needed for load balancing, and forward the request to the server in the clear (unencrypted). It encrypts the server’s response before returning it to the client.
- If the network between the load balancer and server is not secure, the SSL load balancer is usually configured to decrypt the request, extract the information needed for load balancing, and re‑encrypt the request before forwarding it to the server. The process is reversed for the response from server to client.
Offloading the decryption and encryption process, which is computationally intensive, frees web and application servers to perform the work they are designed for, which speeds content delivery and improves the overall user experience. If the network between load balancer and servers is secure, you only need to install and manage the SSL certificates on the load balancer instead of every web and application server. This significantly reduces administrative overhead if the group of servers is large.
