Juniper shrinking SSL traffic for the WAN
- — 23 October, 2007 08:24
Juniper Networks' WAN acceleration gear will soon support optimizing SSL traffic, making better use of corporate bandwidth by reducing the amount of bits it takes to transmit SSL traffic across wide-area links.
Because it is encrypted, SSL traffic cannot be optimized by Juniper devices until an upcoming software release, so depending on the percentage of traffic that is SSL encrypted, data reduction over the WAN is less significant than it might be otherwise.
Riverbed Technology and Blue Coat Systems already perform this SSL support.
With the software upgrade, Juniper is adding SSL to its AppFlow technology, which provides the acceleration needed for applications that cannot benefit from more generalized TCP acceleration until their own protocol limitations are removed. In the case of SSL, the most significant limitation is that it is encrypted.
Juniper addresses SSL traffic by decrypting it within its WX devices. The WX appliances sit at both ends of corporate WAN links and through a variety of compression and optimization techniques squeeze more data across the connections.
After decrypting the local SSL traffic, a WX shrinks it as much as it can and sends it over the WAN in IPSec tunnels to other WX devices. The WX on the far side will terminate the IPSec tunnel, reassembles the traffic and reencrypt it in an SSL session headed toward the client or server at that end.
Private SSL keys are stored at data center WX appliances only, and session keys are pushed through a IPSec tunnels to the remote WX devices.
The company is also announcing AppFlow for CIFs Server Message Block (SMB) signing that accelerates and preserves SMB signaling that is used to avoid man-in-the-middle attacks.
Juniper also is introducing content distribution features for its WX devices that pushes virus updates, files that teams need to do their work, training videos and the like to branch office WX appliances where users can access them without each one having to connect over the WAN to servers.
The package of software upgrades is available in November.