Website HTTPS Encryption Solution

Demand background

In traditional Web services, HTTP protocol is used for data transmission. Since HTTP protocol adopts full plaintext transmission, a lot of sensitive information can be easily incepted, bringing adverse effects to users and website operators.

Currently, websites tend to adopt the HTTPS protocol. The U.S. and U.K. have made all websites in the two countries transform to adopting the HTTPS protocol by December 31, 2016 and October 1, 2016, respectively. A lot of Internet companies, such as Google, Baidu, and JD.com, have completely adopted the HTTPS protocol. Across the world, more than 50% of websites have enabled the HTTPS protocol, but the application of HTTPS in China is relatively fallen behind, with the vast majority of websites still based entirely on HTTP connection access.

Note: Data source from "Baidu Security Index"

Traditional website HTTPS encryption solution

The traditional method recognized in the industry is to use the Secure Sockets Layer (SSL), which uses digital certificates and encryption algorithms to convert HTTP plaintext data into HTTPS encrypted data, and the implementation can be divided into hardware and software.

Implemented with server hardware accelerator card:

1. Dedicated PCIe hardware accelerator card is expensive.

2. Specific configuration is required and there are restraints on the environment and software version.

Implemented with server software:

1. Massive CPU resources are occupied and the number of concurrent connections of Web services drops sharply.

2. Relevant settings are required at the server end, which is complicated and difficult to manage.

H3C website encryption delivery solution

In response to the demand of website HTTPS application and the shortage of traditional solutions, H3C launched a solution based on load balancing (application delivery) products, which carries all SSL encryption and decryption work on load balancing devices. It can effectively reduce the impact of traditional solutions on performance and security.

The load balancing devices are deployed at the front end of the Web server, and SSL encryption/decryption is left to the load balancing (application delivery) devices without occupying the computing resources of the Web server, allowing the Web server to focus on Web services, and improving the concurrency support capability of the server.

The clients access the Web server through encrypted HTTPS.

It supports SM 2/3/4 GM algorithms.

Benefits

It is easy to manage, with the plug-and-play feature and zero configuration of the Web server. It can be quickly deployed for Web service transformation.

Leaving the work of SSL encryption/decryption to the load balancing devices reduces the pressure on the server side and can increase the server processing capacity by 80%, compared with traditional solutions.

Unified management to reduce O&M workload