Cisco SCA Series Secure Content Accelerator

Similar documents
Взято с сайта

High-Availability Solutions for SIP Enabled Voice-over-IP Networks

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD

Cisco CallManager 4.0-PBX Interoperability: Lucent/Avaya Definity G3 MV1.3 PBX using 6608-T1 PRI NI2 with MGCP

Cisco Voice Services Provisioning Tool 2.6(1)

Traffic Offload. Cisco 7200/Cisco 7500 APPLICATION NOTE

END-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO MEDIA CONVERGENCE SERVER 7845H-2400

Cisco Extensible Provisioning and Operations Manager 4.5

Cisco Aironet In-Building Wireless Solutions International Power Compliance Chart

CISCO IP PHONE 7970G NEW! CISCO IP PHONE 7905G AND 7912G XML

DATA SHEET. Catalyst Inline Power Patch Panel

E-Seminar. Voice over IP. Internet Technical Solution Seminar

CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE

ANNOUNCING NEW PRODUCT OFFERINGS FOR THE CISCO CATALYST 6500 SERIES

Cisco ONS SDH 12-Port STM-1 Electrical Interface Card

THE POWER OF A STRONG PARTNERSHIP.

Cisco 2651XM Gateway - PBX Interoperability: Avaya Definity G3 PBX using Analog FXO Interfaces to an H.323 Gateway

ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL STUB ROUTER FUNCTIONALITY

NEW CISCO IOS SOFTWARE RELEASE 12.2(25)EY FOR CISCO CATALYST 3750 METRO SERIES SWITCHES

Cisco 3745 Gateway - PBX Interoperability: Avaya Definity G3 PBX using Q.931 PRI Network Side Interfaces to an H.323 Gateway

THE CISCO SUCCESS BUILDER PROGRAM THE CISCO SMALL OFFICE COMMUNICATIONS CENTER: AFFORDABLE, PROVEN COMMUNICATIONS SOLUTIONS FOR SMALL ORGANIZATIONS

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD

Cisco ubr7200-npe-g1 Network Processing Engine for the Cisco ubr7246vxr Universal Broadband Router

CONFIGURING EPOLICY ORCHESTRATOR 3.0 AND MCAFEE 8.0i WITH CISCO CALLMANAGER

Cisco Catalyst 2950 Series Software Feature Comparison Standard Image (SI) and Enhanced Image (EI) Feature Comparison

Cisco MDS 9000 Family and EMC ECC Integration

NEW METHOD FOR ORDERING CISCO 1700 SERIES MODULAR ACCESS ROUTERS AND CISCO 1800 SERIES INTEGRATED SERVICES ROUTERS SOFTWARE SPARE IMAGES

NEW JERSEY S HIGHER EDUCATION NETWORK (NJEDGE.NET), AN IP-VPN CASE STUDY

Using TAPS with +E.164 Directory Numbers

Cisco Enterprise Content Delivery Network Solution Cisco Content Engines

CISCO 7200 SERIES NETWORK PROCESSING ENGINE NPE-G1

CISCO NETWORK CONNECTIVITY CENTER BUSINESS DASHBOARD

Cisco EtherChannel Technology

USING MCAFEE VIRUSSCAN ENTERPRISE 8.0I WITH CISCO CALLMANAGER

CISCO SFP OPTICS FOR PACKET-OVER-SONET/SDH AND ATM APPLICATIONS

USING TREND SERVERPROTECT5 WITH CISCO CALLMANAGER

CISCO FAX SERVER. Figure 1. Example Deployment Scenario. The Cisco Fax Server solution consists of the following components:

MULTI-VRF AND IP MULTICAST

END-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO FLEXWAN MODULE FOR USE WITH THE CISCO 7600 SERIES ROUTERS AND CATALYST 6500 SERIES SWITCHES

Cisco Unified CallManager 4.0-PBX Interoperability: Mitel 3300 ICP Release 4.1 PBX to a Cisco 6608 Gateway using T1 QSIG with MGCP

Quick Start Guide Cisco CTE 1400 and Design Studio

Introducing Cisco Catalyst 4500 Series Supervisor Engine II-Plus-10GE and Cisco Catalyst 4500 Series 48-Port 100BASE-X SFP Line Card

Cisco VIP6-80 Services Accelerator

E-Seminar. Wireless LAN. Internet Technical Solution Seminar

Cisco CallManager Server Upgrade Program

CISCO TRANSPORT MANAGER 4.7

Cisco AVVID The Architecture for E-Business

Cisco Unified CallConnector for Microsoft Office Quick Reference Guide 1

C ISCO INTELLIGENCE ENGINE 2100 SERIES M OUNTING AND CABLING

CISCO AC/DC POWER SOLUTION FOR USE WITH CISCO OPTICAL PLATFORMS

CISCO ONS SONET 12-PORT DS-3 TRANSMULTIPLEXER CARD

Cisco VPN 3002 Hardware Client

Cisco Value Incentive Program Advanced Technologies: Period 7

IP Communications for Small Offices Using Cisco CallManager Express and Cisco Unity Express

Cisco Systems Intelligent Storage Networking

CISCO WDM SERIES OF CWDM PASSIVE DEVICES

Cisco Optimization Services

Strategic IT Plan Improves NYCHA Resident Services While Reducing Costs US$150 Million

Cisco AS5300 Gateway - PBX Interoperability: NEC NEAX 2400 PBX using T1 PRI Interfaces to an H.323 Gateway

Cisco Unified Wireless IP Phone 7920 Multi-Charger

Third party information provided to you courtesy of Dell

Cisco Unity 4.0(4) with Cisco Unified CallManager 4.1(2) Configured as Message Center PINX using Cisco WS-X6608-T1 using Q.SIG as MGCP Gateway

Cisco ONS SONET 48-Port DS-3/EC-1 Interface Card

CiscoWorks Security Information Management Solution 3.1

Cisco 7304 Shared Port Adapter Modular Services Card

Cisco MGX 8000 Series Multiservice Switch Broadband ATM Switching Module

Cisco Catalyst 4500 Series Power Supplies and External AC Power Shelf

NEW CISCO IOS SOFTWARE RELEASE 12.2(25)FY FOR CISCO CATALYST EXPRESS 500 SERIES SWITCHES

The Cisco Unified Communications Planning and Design Service Bundle

NETWORK ADMISSION CONTROL

Cisco Router and Security Device Manager Intrusion Prevention System

END-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO CATALYST 6500 SERIES OC-12 ATM MODULE

The information presented in this document was created from devices in a specific lab environment. All of the devices started with a cleared (default)

Cisco 2651XM Gateway - PBX Interoperability: Ericsson MD-110 PBX using Q.931 BRI User Side Interfaces to an H.323 Gateway

Enhancing Availability, Performance, and Security for BEA WebLogic Clusters Using Cisco CSS Series Content Services Switches 1

Cisco Unified CallManager Licensing Pricing Model

CISCO IOS SOFTWARE RELEASE 12.3(11)YK

WLAN Small Business Guide

CISCO 10GBASE XENPAK MODULES

Cisco Persistent Storage Device

Cisco MCS 7815-I2-UC1 Media Convergence Server

Cisco MDS 9000 Family Small Form-Factor Pluggable Devices

DATA SHEET. Catalyst Port Fast Ethernet Interface Modules THE CISCO CATALYST PORT FAST ETHERNET INTERFACE MODULES ARE IDEAL FOR

CISCO CENTRALIZED WIRELESS LAN SOFTWARE RELEASE 3.0

Cisco ONS MA SONET Multiservice Platform

H.B. Fuller Company Reducing Costs and Improving Communications with IP Telephony

Cisco Unified Wireless Network Software Release 3.1

Portable Product Sheets Cat 4500 Supervisors last updated July 22, 2009

CISCO AIRONET 1230AG SERIES ACCESS POINT

Cisco StackWise Technology

Cisco T3/E3 Network Module for Cisco 2600, 3600, and 3700 Series Routers

SAFE Nimda. Attack Mitigation WHITE PAPER

Cisco 7600 Multiprocessor WAN Application Module for Broadband Aggregation

Cisco Router and Security Device Manager Cisco Easy VPN Server

Cisco 7200VXR Series NPE-G2 Network Processing Engine

CISCO GIGABIT INTERFACE CONVERTER

Cisco 806 Broadband Router

Innovation in Accessibility

iclass SE multiclass SE 125kHz, 13.56MHz 125kHz, 13.56MHz

Cisco IT Data Center and Operations Control Center Tour

Transcription:

Data Sheet Cisco SCA 11000 Series Secure Content Accelerator Cisco SCA 11000 Series secure content accelerators are device-based solutions that expand the transaction capacity of any Web site by offloading the processor-intensive tasks related to Secure Sockets Layer (SSL) traffic. Moving the SSL security processing from a Web server to the Cisco SCA 11000 Series liberates capacity of the Web servers to focus on processing Webified applications and databases much more efficiently, thereby accelerating the entire site. As more SSL traffic is introduced in the data center, the ability to perform local load balancing across back-end servers is hindered. In addition, intrusion detection systems (IDSs) are blinded and are unaware of the activity occurring between the remote client and the back-end server. These problems occur because the entire Layer 5 information is encrypted. Using Cisco s SSL products, network administrators and networking engineers can reclaim this control and improve site security by offloading the SSL traffic and de-encrypting it before it gets to the back-end server. The de-encrypted traffic can be switched to an IDS system for monitoring or directly load balanced across several back-end severs. The Cisco SCA 11000 is a component of Cisco s family of solutions for SSL acceleration, which also includes integrated SSL processing modules for the Cisco CSS 11500 Content Services Switch and the Cisco 6500 Catalyst Series switches and Cisco 7600 Internet routers. Cisco s SSL product offerings provide Web sites of all sizes the performance they require for optimal SSL processing. The comprehensive set of solutions, and seamless integration with Cisco Data Center products, such as server load balancers, put Cisco and the Cisco SCA 11000 Series in the forefront of SSL technology on the market today. The Cisco SCA 11000 Series was designed from the ground up to enhance any public key infrastructure (PKI) you decide to deploy. Web designers and networking staff can choose between two distinct models of Cisco SCA 11000 Series, both of which provide linear scalability and fault tolerance and both interoperate with all Cisco server-load-balancing (SLB) products: the Cisco CSS 11000 and 11500 series content services switches; the Cisco Content Switching Module (CSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Internet Router; and the Cisco LocalDirector Series. The combination of SSL offloading and intelligent load balancing of SSL traffic forms a perfect union, improving both the performance and availability of any Internet or intranet Web site. Table 1 compares the two versions of SSL offloaders. All contents are Copyright 1992 2002 All rights reserved. Important Notices and Privacy Statement. Page 1 of 6

Table 1 SSL Offloaders SSL appliance SCA SSL appliance SCA2 Performance Rivest, Shamir, Adelman (RSA) operations per second 200 4000 or greater Connection rates 200 800 Concurrent sessions 5000 30,000 SSL session ID cache 75,000 300,000 No. of proxy servers 255 512 Bulk encryption (rc4-128-md5) 30 Mbps 70 Mbps Cryptology hardware Rainbow BC 5821 RSA hardware Yes Yes Hardware-based bulk encryption Yes Yes Benefits The Cisco SCA 11000 frees origin Web server capacity by offloading all encryption, decryption, and secure processing for a Web site. It also eliminates the need for SSL server software, and requires no special software on the servers or the Cisco server load balancers. The Cisco SCA 11000 Series boosts the performance of any secure Web site up to 250 times through dedicated SSL processing hardware. It supports 800 new SSL connections per second, 20,000 concurrent sessions, and 300,000 sustained sessions. SSL session initiation and aggregation capabilities can be used to secure nonsecure TCP applications, or to offer end-to-end (back-end) encryption to sites with strict security requirements, such as financial, health care, and government institutions. The Cisco SCA 11000 Series provides advanced client certificate support and Hypertext Transfer Protocol (HTTP) header insertion for integration with Directory Services and Single-Sign-On platforms. Secure URL Rewrite provides the industry s only secure method of integrating SSL offloading technology with Web-based applications. The Cisco SCA 11000 Series centralizes and manages the widest range of digital certificates to ensure complete independence from the Web server, and works with any Web server, application server, or TCP-based application platform. All contents are Copyright 1992 2002 All rights reserved. Important Notices and Privacy Statement. Page 2 of 6

Overview SSL is the industry standard for secure Web communication, and any Web site delivering e-commerce services or secure personalized information over the Web must efficiently handle SSL traffic. Processor-intensive SSL computations, including site authentication and encryption of data, can quickly bog down Web servers, which are not designed for heavy SSL transaction processing. In fact, up to 95 percent of the processing power of a server can be consumed by SSL processing. When a mission-critical Web server becomes overloaded from processing secure transactions and cannot process other Web transactions, the result is lost customers, lost revenue, and lost productivity. The Cisco SCA 11000 Series performs all SSL protocol processing for a Web site, supporting up to 800 new connections per second and up to 30,000 concurrent connections. This allows Web, e-commerce, and application servers to function at peak performance levels. The one-rack-unit-high, rack-mountable product offers two 10/100 Ethernet ports and features redundant power supplies for mission-critical networks. Boost E-Business Performance The success of an organization s e-business initiatives depends on user experience. When secure transactions are slow to process, it can impact not only revenue and customer satisfaction on public-facing Web sites, but also the productivity of employees who may be using SSL on intranet sites for the transmittal of secure data such as personnel, benefit, or sales forecasts data. The Cisco SCA 11000 Series uses powerful onboard processors and an embedded real-time operating system to provide all secure transaction functions. By offloading all secure transaction processing, the Cisco SCA 11000 Series lets Web servers do the job they were designed for serving Web content and processing e-commerce transactions. SSL Initiation and Aggregation (back-end SSL) In addition to terminating inbound SSL sessions, the Cisco SCA 11000 Series can also initiate outbound SSL sessions. This enables numerous security functions, including the retrieval of secure information from remote sites for applications such as Web services. The Cisco SCA 11000 Series aggregates multiple SSL sessions and provides a single SSL session to back-end servers. Cisco SLB can evenly distribute these back-end SSL sessions, increasing server capacity and improving return on investment (ROI). SSL aggregation can even be used in conjunction with cookie persistence. Client Certificate Support with HTTP Header Insertion Client certificates are becoming increasingly popular among sites looking to offer the strongest security possible. Unlike other security products that offer extremely limited support, or no client certificate support at all, the Cisco SCA 11000 Series supports configurable client certificate handling, and can also extract client certificate information for presentation to back-end servers using HTTP headers. The Cisco SCA 11000 Series provides the flexibility to integrate existing security infrastructures, such as directory services, PKIs, or Single-Sign-On platforms, with leading-edge SSL technology. All contents are Copyright 1992 2002 All rights reserved. Important Notices and Privacy Statement. Page 3 of 6

Secure URL Rewrite The Cisco SCA 11000 Series can be seamlessly inserted into your environment without the need to rewrite existing Web applications or compromise your existing level of security. In an offloaded environment, the back-end servers generally talk HTTP rather than HTTP Secure (HTTPS). Therefore, dynamically rendered pages will often generate links referring to HTTP resources rather than HTTPS resources. In first-generation SSL offloaders, this was handled in an inefficient and nonsecure fashion by sending the client a redirect back to the correct HTTPS resource. With the exclusive Secure URL-Rewrite feature, the Cisco SCA 11000 Series can prevent such risky inefficiencies by recognizing any inconsistency and correcting it before an error is sent to the client. This saves unnecessary redirects, prevents secure data from being transmitted in the clear, and also averts the need to have application developers rewrite applications to support an offloaded environment. Centralize and Manage Certificates The Cisco SCA 11000 Series supports up to 255 key pairs (keys and certificates) and has the ability to handle both global and chained certificates. The Cisco SCA 11000 Series also eliminates the need to install and manage special acceleration cards and SSL certificates on every Web server. Private and public keys are stored on the Cisco SCA 11000 to ensure complete independence from the Web server and to eliminate the hassles of setting up the secure processing properties of host applications. Scales for High Availability The Cisco SCA 11000 Series works seamlessly with all Cisco SLBs to enable load balancing of multiple Cisco SCAs in an SSL farm. This one-armed configuration allows Cisco SCA 11000s to connect to the Cisco CSS 11000s and 11500s) via a single 100-MB Ethernet port, instead of the two ports one ingress, one egress required by alternative solutions. The key benefit is adding SSL capacity without impacting Web site and network availability, eliminating site downtime. Works with Any Servers SSL transactions slow server processing time considerably no matter what type of Web server is used, Linux, Solaris, or Windows NT. In fact, according to Networkshop, SSL processing can cause a Web server to deliver up to 50 times fewer connections per second (Networkshop: Scaling Security in E-Commerce Applications). With the Cisco SCA 11000 Series, Web servers are freed from the burden of SSL transaction processing to allow them to perform Web content delivery more efficiently. Ordering Information Product Part Numbers CSS-SCA-2FE-K9 CSS-SCA2-2FE-K9 Table 2 shows product specifications for both the Cisco SCA 11000 Series Secure Content Accelerator models. All contents are Copyright 1992 2002 All rights reserved. Important Notices and Privacy Statement. Page 4 of 6

Table 2 Specifications Specifications Number of ports Two 10/100 transmission ports Network cabling Cable type: UTP Category 5 (100m) Connector type: RJ-45 Configuration software OS support Windows NT 4.0; Red Hat Linux 5.0, 6.0, 6.1, 6.2 Standards IEEE 802.3 10BASE-T EthernetIEEE 802.3u 100BASE-TX Fast Ethernet Protocols Carrier sense multiple access collision detect (CSMA/CD) Ethernet Encryption algorithms Data Encryption Standard (DES) ARC4 ARC2 Port description Network ports: Two 10/100BASE-TX Console port: DB9 serial port Failover port: DB9 serial port Reset switch: Push to reset hardware; configuration data maintained Data transfer rates 20 Mbps (full duplex) Fast Ethernet 100 Mbps (half duplex) 200 Mbps (full duplex) Memory 64-MB RAM; 16-MB Flash ROM Regulatory compliance FCC Class A; CISPR-22-A; VCCI-A; CSA and CE Compliant to: EN55022 Class A, EN55024, EN50082-1, EN60950 Public key cryptography algorithms RSA-512 RSA-024 RSA-2048 Hash algorithms Secure hash algorithm 1 (SHA1) Message digest algorithm 5 (MD5) Physical and environmental specifications Dimensions Weight (L x W x D): 8.875 x 19 x 1.75 (one rack unit) 6 lb (2.7 kg) Environmental operating range Temperature: 32 to 104 F (0 to 40 C) Humidity: 10 to 85% non condensing Altitude: Up to 3048 meters (10,000 ft) Power requirements Operating voltage: 100 240V; 50 60 Hz 1.0A Consumption: 20W Power supply: Internal redundant power supplies All contents are Copyright 1992 2002 All rights reserved. Important Notices and Privacy Statement. Page 5 of 6

Corporate Headquarters 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters Cisco Systems Europe 11, Rue Camille Desmoulins 92782 Issy-les-Moulineaux Cedex 9 France www-europe.cisco.com Tel: 33 1 58 04 60 00 Fax: 33 1 58 04 61 00 Americas Headquarters 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883 Asia Pacific Headquarters Capital Tower 168 Robinson Road #22-01 to #29-01 Singapore 068912 www.cisco.com Tel: 65 317 7777 Fax: 65 317 7799 Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica Croatia Czech Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong SAR Hungary India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe Copyright 2002, All rights reserved. Catalyst, Cisco, Cisco Systems, Cisco IOS, and the Cisco Systems logo are registered trademarks or trademarks of and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0207R)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback