"Ultimately there are two ways to do SSL Acceleration or SSL
off-load. It can be done on the server side by installing an SSL
Accelerator card, which has special custom processors designed to
perform the public key encryption algorithms in hardware rather
than software. A quick search on Google will provide a number of
guides on how to use those cards with projects such as Apache. This
solution has the server performing the SSL transaction but the SSL
transaction is processed on the card rather than using server
resources. In fact, adding one of the higher end versions of these
cards to the solution in this article would further increase its
performance. However, it may simply be cheaper to add more
horsepower to the server itself than to invest in expensive SSL
off-load cards.
"The other way to do SSL acceleration is to install a device in
front of the web servers, this is typically an appliance or switch
with comparable hardware to the SSL accelerator card. These devices
often provide other features such as load balancing. They typically
have higher transactions per second and thruputcapacity than a
single server with an SSL accelerator card. The SSL accelerator in
front of the servers takes the incoming SSL transactions, decrypts
them, and then forwards them on to the servers as HTTP. This is
still secure as the connection between the SSL accelerator and the
servers is a private local network, there is no unsecured
transaction going over the public Internet. This is the type of
solution provided in this article, but instead of using an
expensive SSL accelerator, it leverages the power of open source
and off the shelf server processors."
