1. Field of the Invention
Embodiments described herein are directed to a system for increasing realized secure sockets layer (“SSL”) encryption and decryption connections without significant impact to client response. The system combines monitoring of server load with dynamic adjustment of static SSL parameters to optimize an entire system of devices.
2. Related Art
Secure Sockets Layer (“SSL”) is a protocol for transmitting private documents in a public data communication network. SSL operates by using a key to encrypt data that is transferred over an SSL connection. The SSL protocol typically uses Transmission Control Protocol/Internet Protocol (“TCP/IP”) and allows the following: 1) an SSL-enabled server to authenticate itself to an SSL-enabled client; 2) the client to authenticate itself to the server; and 3) both machines to establish an encrypted connection. An encrypted SSL connection requires the encryption by the sending software, and the decryption by the receiving software, of all information sent between a server and a client, thereby providing a high degree of confidentiality. Confidentiality is important for both parties to any private transaction. In addition, all data sent over an encrypted SSL connection is protected with a mechanism for detecting tampering—that is, for automatically determining whether the data has been altered from the point of transmission from the sending software until the data is received by the receiving software.
In current systems, SSL encryption and decryption devices (“SSL devices”) operate independently of the servers upon which they are performing the SSL operations. That is, they do not use information from the servers to determine loading of the device that is performing the SSL encryption and decryption. Load refers to the amount of data, i.e., traffic that the device carries. Parameters for configuring the SSL performance are static, if existent at all. When thresholds for the number of connections that an SSL device will accept are available, they are static because they are the only information available to the device. Without information about server loading, the SSL device cannot make dynamic choices or decisions. The SSL device can, for example, determine when it can no longer sustain more connections. The SSL device is unable, however, to determine which server can sustain the same. The result is that overall SSL performance of a system of servers and SSL devices, with the constraint of no significant client impact, is limited by the performance of the SSL device. This is because static algorithms that determine SSL offload to individual servers cannot meet a no significant-impact guarantee.
A system for increasing realized SSL encryption and decryption connections is thus designed to combine monitoring of server load with adjustment of SSL parameters to optimize the system of devices. The result of this dynamic system is increased SSL performance without significant impact to end-user response.