RE: question on securing out-of-band management (ver. 2)

["Desai, Ashish" <Ashish.Desai () fmr com>]

 One correction, doing SSL between the appliance and the backend server
is less taxing that than customer->server, because the appliance can
reuse the SSL session for all request and not create new SSL session 
(which is where the overhead is).

Appliances offer other benefits that is a little hard to do with
servers.

1. Eases management of SSL certs. 
Would you like to manage 500 SSL certs on one machine or 500 machines?

2. Load balancing
The applicance can load balance the traffic to multiple web servers.
To do that at the server level would require DNS level load balancing
which has its own issues.

3. Transparent failover.
If you want to failover customer traffic from site A to site B, the
device can do it more easily DNS changes, in which case you are are the
mercy
of the client to obey DNS.

Applicance is not really about "improved" security, it more about
improving your
system management process.

Ashish

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of golovast
Sent: Sunday, February 05, 2006 4:41 AM
To: firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] question on securing out-of-band management (ver.
2)

trimmed....

I wanted to ask if the people who read this list would consider using an

appliance a secure configuration? Technically, the traffic is not going
over the
 public network, however, obviously it's unencrypted. Is the trade off
for 
improvements with appliance worth it? 
If so, do any of you have experience with an appliance? 
I've looked at Radware, F5, ncipher..etc. 

Thanks again.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards