Wanted To understand if how does SSL offloading help in load balancing. If SSL Offloading feature is not enabled does it impact the key functionality of the load balancer or does SSL offloading help in optimizing the traffic.?

[Suraj Nair]

1. Wanted To understand if how does SSL offloading help in load balancing.
2. If SSL Offloading feature is not enabled does it impact the key functionality of the load balancer or does SSL offloading help in optimizing the traffic.?
3. Further If SSL certificates installed have expired does SSL offloading still work or the installed certificates also needs to be renewed?

[Andrew Scott]

Hello Suraj

It helps as typically SSL (or really TLS as it is now) can be a heavy workload for a server that isn't designed for it. The initial handshake can have some additional loading for the server. Offloading it to the NetScaler has potentially two benefits.

1. You can possibly have fewer application servers to serve the same number of users, as the loading is lighter with the NetScaler in place.
2. Alternatively, you can scale to bigger numbers of users with the application estate being the same size.

Take over the world!

How much less? We quote typically 60% as the benefit, so if you are running this environment in the cloud that could be quite a saving.

You need it enabled...

You need the certificate in date! Having expired certs encourages you users to ignore warnings and can allow a hacker to do some sort of man-in-the-middle attack. Also, certs are not that expensive (or should not be)..

I hope that helps.

[Suraj Nair]

Thanks Andrew, that did help,

Just follow-up on certificates, is it also required for all the Web application URLs that we onboard?

The context is when an organization has multiple URL's accessed by clients and traffic passes through LB as per architecture. So every application URL that we onboard for SSL offloading once that certificate expires, needs to be renewed on a timely manner for the SSL offloading functionality to be performed?