Hardware SSL Accelerator + JSSE

Similar Messages

• SSL Accelerator hardware for WebLogic

  Hi All,
  Does any one know if WebLogic supports Sun SSL Crypto hardware, ie: SSL Accelerator
  hardware, Sun Part # X113A ?
  Thank You

  Hi Michael,
  Thank you very much for your help. I will keep checking the
  released version for SSL/Hardware support.
  Regards,
  Tuan
  Michael Young <[email protected]> wrote:
  Hi Tuan.
  The next major release of WLS due out this spring will have support for
  hardware SSL accelerators. I don't have any detail beyond what I just
  stated. Keep an eye out for the beta program for the WLS beta release.
  This is not the WLS 7.0 preview currently on
  http://commerce.bea.com/downloads/weblogic_server.jsp. The beta program
  should be out sometime in the next few weeks.
  Regards,
  Michael
  Tuan Phan wrote:
  Hello Michael,
  Thank you very much for your help. Does BEA have plan
  to support any hardware based SSL in the future, how soon ?
  Thank You
  Tuan Phan
  Michael Young <[email protected]> wrote:
  Hi.
  WLS does not currently work with hardware SSL accelerators.
  Regards,
  Michael
  Tuan Phan wrote:
  Hi All,
  Does any one know if WebLogic supports Sun SSL Crypto hardware,
  ie:
  SSL Accelerator
  hardware, Sun Part # X113A ?
  Thank You--
  Michael Young
  Developer Relations Engineer
  BEA Support
  Michael Young
  Developer Relations Engineer
  BEA Support

• EP6.0 SP15 SSL Accelerator card setup

  Hi
  SAP support the use of SSL Accelerator cards as per OSS Note 686293.  However, I can find no details on the configuration of how to set them up for the use with the SAP web server used in the SAP Portal.  The products appear to provide support out of the box for mainstream we servers (MS IIS, Apache etc) but don't indicate how they need to be configured to be used with SAP.
  Can anyone assist?  They're Cavium SSL Accelerator cards.
  Regards
  David

  Just got the bad news from SAP Support.
  Although the note indicates that EP6.0 supports the use of hw SSL accelerator cards - the note itself is "misleading".  The SSL Provider is part of the SAP sw shipment and there is no SAP ICC partner interface to certify the integration of SSL accelerators.  The only SAP solution for EP6.0 at this time is to use them in a SSL Reverse Proxy infont of the portal solution to offload the overhead of SSL before it hits the portal.  The reason I'm not using Webdispatcher is that I'm also trying to fulfill a requirement for standalone ITS on these same servers. Needless to say there are no dates set for when SSL Accelerator cards can be used with Netweaver stack DIRECTLY!!.
  SAP support message below for completeness (from SAP AG Developement Manager so can be taken as gospel) - hope it saves someone else time if thinking of going down this route.   <u>Please post reward points if you have found this information useful!</u>
  SAP Note 686293 is misleading. All releases of EP 6.0 do not support
  SSL hardware accelerators.
  The SSL provider is part of the SAP shipment and there is no SAP ICC
  partner interface to certify the integration of SSL accelerators.
  If you realy require SSL hardware accelerators you should use a
  standalone solution (SSL reverse proxy) to terminate the SSL connection
  in front of the EP system.
  Regards
  David Irwin

• Fine details of SSL Acceleration

  Hello all,
  I'm looking for someone to explain (or send a link) of the minute
  details of how a SSL Acceleration appliance works.
  Specifically I'm very curious about when the SSL handshake between the
  user and the appliance is done, how does the SSL accelerator pull
  secure pages that AREN'T encryted from the web-server.
  Also very interested in how the accelerator passes on IP information
  of the client to the web server for logging purposes.
  Thanks in advance!
  Kipp B.

  Look at http://www.internetweek.com/reviews00/rev111300.htm for a just-out
  review of what accelerators are out there. Some of them are separate
  appliances that decrypt the SSL traffic and forward it as clear text to the
  Weblogic. It may or may not be what you look for, though, but the review
  itself is worth reading.
  "Cedric Rochet" <[email protected]> wrote in message
  news:[email protected]..
  Hi all,
  Does weblogic support hardware card to accelerate SSL encryption without
  using
  a web server such as IIS or NES?
  Thanks for help,
  Cedric

• How do I use an SSL Accelerator with iWS 6?

  I have an application that uses iWS 6 sp2 and iAS 6 sp4. The web server exposes a https port. I can get this port to work fine with a certificate requested against the internal module. When I use the module supplied by the SSL accelerator (Sun Crypto Accelerator 1) I can install and view a certificate, but I cannot start the web server. I get the following error in my logs:
  [18/Mar/2002:15:57:17] failure ( 2820): Invalid configuration: File /usr/local/iplanet/servers/https-www.exsel.org.uk/config/server.xml, line 22, column 390: SEC_ERROR_BAD_DER - Certificate is improperly DER encoded : unable to find certificate Server-Cert
  I can see a certificate by this name in the cerfticate database for the additional module. I can view it and it looks good (I'm generating my own certificates at the moment - so I know that the internal and external certificates were generated in the same way).
  Has anyone any experience of using this combination of things?

  I think you are getting your certificates crossed up some how. "Server-Cert" is normally the name of the internal certificate. See what the name of the one installed on your accelerator is and change the name in server.xml to match that. Be sure to backup up all your files first!

• Hardware Graphics Acceleration

  As many users have noticed, there’s a new feature which is introduced in Office 2013 called "Hardware Graphics Acceleration", which sometimes is also called as "GPU rendering". The purpose of course is to improve performance.
  As stated in the System Requirements for Office 2013, Graphics hardware acceleration requires a DirectX10 graphics card and a 1024 x 576 or higher resolution monitor.
  A graphics processor helps increase the performance of certain features, such as drawing tables in Excel 2013 or transitions, animations, and video integration in PowerPoint 2013. Use of a graphics processor with Office 2013 requires a Microsoft DirectX
  10-compliant graphics processor that has 64 MB of video memory. These processors were widely available in 2007. Most computers that are available today include a graphics processor that meets or exceeds this standard. But, if you or your users do not have
  a graphics processor, you can still run Office 2013.
  (http://technet.microsoft.com/en-us/library/ee624351(v=office.15).aspx)
  The option of hardware graphics acceleration can be found in any Office applications from
  FILE -> Options -> Advanced ->
  Display -> Disable hardware graphics acceleration:
  This setting can be controlled by the following registry key:
  Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure
  that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, 
  http://support.microsoft.com/kb/322756
  HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Graphics
  DWORD: DisableHardwareAcceleration
  Value: 1 to disable, 0 to enable
  Administrators can deploy this setting using Group Policy as well. Follow the steps below:
  Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these
  problems can be solved. Modify the registry at your own risk.
  1. Add the following files to your domain controller: Office15.admx and
  Office15.adml files to your domain controller and then
  2. In the Local Group Policy Editor, select the Miscellaneous node of the
  Microsoft Office 2013 tree. This setting is shown in the following figure.
  For more information about how to use .admx and .adml files for Group Policy administration, go to the following Microsoft TechNet website:
  How to manage Group Policy ADMX files
  Please note the change is global: Changing this option in a single Office program also applies to other remaining Office programs. So you don't need to follow these steps for all Office programs one by one. If you want to just disable animations in Word
  but leave them on in Outlook, no we can’t.
  When do we need to disable Hardware Graphics Acceleration?
  I’ve seen in some cases users complain that Office Applications are laggy and slow, sometimes even hang/freeze. They have tried many things but couldn’t figure out the root. Actually, the animation sometimes can slow the performance down, once they disable
  the Hardware Graphics Acceleration, the problem is gone.
  There are also issues like blurred text/font, cursor hangs randomly in Office applications, we can disable this simple option to see if this fixes the problem.
  Please note, the Hardware Graphics Acceleration option is not the only option that may cause issues. For example, an user needs to turn off the animation to improve the performance of Excel, but it doesn’t have any effects after disabling Hardware Graphics
  Acceleration. Now let’s check this Windows setting:
  On the Desktop, right click on This PC(or Computer) icon, select
  Properties, then Advanced system settings on the left side, under
  Advanced tab, click on the Settings button for
  Performance.
  Now we see this:
  Uncheck the box for Animate controls and elements inside windows, click
  OK button.
  Now the problem should be gone.
  Another case:
  If you have blurred text/font issue in Word, you may consider to disable Hardware Graphics Acceleration. If this doesn’t help, what to do next?
  Please go to FILE tab -> Options ->
  Advanced -> Under Disable hardware graphics acceleration, there’s a checkbox for
  Use Subpixel positioning to smooth fonts on screen, uncheck it and click
  OK. The blurred text/font should be gone.
  Summary
  In this article I introduced how to configure Hardware Graphics Acceleration from applications, the registry and Group Policy. There are also some issues it may cause and what we should do to resolve them. If you have any ideas about this topic or any other
  comment, please feel free to post in the forum, thank you.
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  prasoonblueluck,
  Have you installed these drivers?
  John B @ forum.notebookreview.com

• SSL Accelerated Service and device groups

  I have a need to set up SSL accelerated services on a data center WAE and one edge WAE. In reading through the Cisco Wide Area Application Services SSL Application Optimiser Deployment Guide (2010), it states that best practice is to create an SSL device group and configure the SSL service and generate the keys through that group.
  Simple question:  Should only the data center WAE be placed in that group, or should also the edge WAE be in the group?  The devices are running 4.3.3.

  Only the data center wae's need to be placed in the SSL device group.
  Regards
  -Smita

• ATI Primary and Nvidia Secondary for Hardware MPE Acceleration

  Hi everyone,
  I'm not sure if this has been discovered yet. I think it is very exciting, and very important for anyone with an AMD (ATI) GPU who wants hardware MPE acceleration.
  It is possible to use Hardware MPE acceleration while using an ATI video card as your primary adapter, and a lesser CUDA Nvidia GPU as a secondary adapter not connected to any monitor.
  My system:
  CPU: 1090T
  Mobo: 890GX
  RAM: 8 1333
  RAID: No
  GPU1: 5870
  GPU2: GTS 450
  As you can see, I have a Nvidia and AMD GPU in the same system. The 5870 is obviously by far the most powerful of the two, and it is what I use to record rendered footage using FRAPS.
  Recently, I became aware of the powers of hardware MPE. I concluded that the best way to obtain HMPE and maintain my FRAPS recording was to purchase a GTX 480. However, this was out of my wallets league as I could not sell the 5870.
  I was already aware that PhysX (A CUDA physics calculation library) could only be run on Nvidia CUDA GPUs (Like HMPE). Many Nvidia card users used secondary CUDA cards to accelerate physics calculation in games. ATI card users could not use a secondary Nvidia card for physics calculation as the Nvidia driver locked down PhysX in the presence of an active ATI GPU. Luckily a clever fellow called GenL managed to hack the Nvidia drivers to force PhysX to work in the presence of an ATI GPU.
  I hypothesised that if I performed that hack, HMPE would gain access to CUDA in a similar fashion to PhysX, thus allowing me to buy a far cheaper GTS 450 and pair it as an HMPE renderer with my 5870. After buying a GTS 450, I failed at implementing the hack and was about to give up.
  HMPE worked when my monitor was connected to the GTS 450, but if i tried to start PPro with the 5870 connected to any monitor HMPE was unavailable.
  I had two monitors connected to my GTS 450, and was playing around with adding stupid amounts of HMPE accelerated effects to an AVCHD clip. Realising that it was impractical to constantly switch the DVI cable from 5870 to GTS 450 I decided to leave my primary monitor connected to the 5870 and give up on HMPE. So, I reached around behind my computer and did it, but crucially did not quit PPro before I did so.
  When the screen flickered back to life, the yellow HMPE preview bar was still yellow. The timeline still scrubbed perfectly smoothly. HMPE was still working with a 5870 as the primary monitor: The PPro window was on the 5870 monitor, and the 5870 was rendering the window!
  I found that provided I did not close PPro, I could switch between HMPE and SMPE at will, all while using the 5870 as the primary adapter.
  I tested this using a 10 second composition of 3 AVCHD 1920x1080 Clips with CC, drop shadow, gaussian blur, edge feather, Basic 3D, transform, Ultra Key, drop shadow applied, rotatating amongst each other. I could still switch even if the 5870 was the only card connected to a monitor.
  Rendering this test clip via PPro direct export takes 30 seconds in HMPE mode with the 5870 and 1.43 in SMPE mode with the 5870.
  However: Rendering performance in AME stays the same whether I selected HMPE or SMPE. I believe this is because AME is a separate application that 're-detects' the ATI card and disables HMPE before beginning the encode, in the same manner that restarting PPro while using the 5870 removes the HMPE option. Rendering the clip in SMPE and HMPE modes using the GTS 450 gave the same 30 second vs 1.43 minute result.
  Therefore, as long as you are happy to encode via direct PPro export you will still see the benefit of HMPE while using an AMD card as the primary adapter.
  I hope this is as terribly excited to other users of ATI cards as it was for me. This has saved me several hundred dollars.
  Cheers,
  NS2HD

  Interesting results. I own a system manufactured by BOXX, a system developer out of Texas who really knows their stuff. I had asked them if it would be possible to purchase a CUDA enabled card and put it in my secondary slot and use it for MPE while maintaining my current (nvidia) card to run my monitors (also giving me the ability to run four screens). They said that no, according to the Adobe developers they were working with, Premiere could only use MPE off the CUDA card if the monitor previewing your work was plugged into that card. I guess they were wrong!
  Also, from my understanding, you don't see lesser results with AME because it's a separate program that starts separately, you see the lesser results because it has not yet been coded to take advantage of CUDA.

• Urgent!! SRA gateway and SSL accelerator??

  I access url in portal destop, but it can not work.
  My gateway is working behind ssl accelerator, and gateway url is http://gateway.com, port is 880, external virtual host url is https://home.com. The profile platform.conf.default is like this,
  gateway.customurl=true
  gateway.httpurl=https://home.com:443
  gateway.virtualhost=gateway.com home.com
  but in desktop url http://www.sun.com is written to https://home.com/http://sun.com, but it canot be accessed.
  If I browse it like https://home.com/http://sun.com/, it work well.
  Please help me config it.
  Many Thanks
  Peter

  Thank you Jerry.
  We use the Radware's accelerator board that is one factory in china.
  The follows are the gateway profile list:
  gateway.cdm.cacheSleepTime=60000
  gateway.protocol=http
  gateway.jdk.dir=/usr/jdk/entsys-j2se
  gateway.userProfile.cacheCleanupTime=300000
  gateway.userProfile.cacheSize=1024
  gateway.external.ip=192.18.22.45
  gateway.logdelimiter=&&
  gateway.httpurl=https://home.com:443
  gateway.data.dir=/var/opt/SUNWps
  portal.server.instance=default
  gateway.port=880
  gateway.debug=on
  gateway.bindipaddress=192.18.20.33
  gateway.certdir=/etc/opt/SUNWps/cert/default
  gateway.host=gateway.com
  gateway.logging.password=RcyB48rxF7cxHv8As45shg\=\= Z0Wk2ebVID0XtY+eg30gsg\=\=
  gateway.sockretries=3
  gateway.enable.customurl=true
  gateway.userProfile.cacheSleepTime=60000
  gateway.enable.accelerator=true
  gateway.cdm.cacheCleanupTime=300000
  gateway.favicon=
  gateway.notification.url=notification
  gateway.httpsurl=
  portal.server.port=80
  gateway.virtualhost=portal.com 192.18.20.33 home.com
  gateway.allow.client.caching=true
  gateway.retries=6
  gateway.dsame.agent=http\://portal.com\:80/portal/RemoteConfigServlet
  portal.server.host=portal.com
  gateway.user=noaccess
  gateway.trust_all_server_certs=true
  gateway.debug.dir=/var/opt/SUNWps/debug
  portal.server.protocol=http
  gateway.ignoreServerList=true
  At first, the user has full access.
  We can login the portal server using https://home.com, and the urls also are written correctly, but when click the link like https://home.com/http://www.sun.com, there is not '/' at the end of this url, it can not work formally. But if I append '/' to the end of this url, and browse it in url address, it works well.
  Could you give me some advice?
  Many Thanks
  Peter

• Preview slower with hardware GPU acceleration enabled than software only?

  Sorry if this had been asked before.
  But somehow my preview/playback was slower and choppy once I enable the hardware GPU acceleration(I mean I select the 'mercury playback engine gpu acceleration' under Project-Settings-General')
  I followed the following tips to enable my graphic card, (thanks David)
  http://www.studio1productions.com/Articles/PremiereCS5.htm
  I was working on a clip of approx 3 mins long with majority of the footage(1920 and 720) from a DSLR, some 1920 clips from gopro hd2 and some 1440 clips from a P&S camera(scale to 1920 to match the sequence setting). main effects applied (magic bullet looks).
  Before I enabled my graphic card and selected it from the project setting, the preview was ok, nearly smooth all the way except some sections with dynamic links, but once I turn it on, the preview became ridiculously choppy, I couldn't believe my eyes, so I turned it off (select mercury playback engine software only), did playback again, it became much smoother!(or just as smooth as it was when it was under that setting, it's just that comparison gave me a bad impression of my hardware gpu acceleration).
  btw: I'm running on a low spec laptop
  Core™ i7-2670QM 2.2GHz turbo to 3.1GHZ
  8GB DDR3 memory
  NVIDIA GeForce 555M 1GB graphics
  750G HDD(I partition to 150G system drive and 600G media drive) 5400RPM (I know, it's slow)
  currently have about 80G and 400G empty space on two drives respectively.
  15.6” HD display (max resolution 1366x768)
  I know the machine is not a proper workstation to work with CS6, but the hardware gpu acceleration was slower than the software only gpu acceleration was beyond my understanding, not a minor difference we are talking about, it was much much slower!
  Have I done something wrong?
  Any tips would be appreciated.

  Here's my guess.
  MB Looks runs on the GPU at all times, though not in the same way as Adobe's 'accelerated' effects.  With CUDA off, the graphics card was free to process the Looks effects at full speed.  With CUDA on, PP took some of those resources and Looks processed slower.
  Remove Looks and replace it with PP's native accelerated effects and you'll see what all the hoopla is about.

• SSL Acceleration between iPlanet and WLS

  I was wondering if anybody has successfully deployed a SSL accelerator card for SSL acceleration between iPlanet and WLS?

  This is a feature in the latest release, WebLogic Server 6.1.0
            <http://e-docs.bea.com/wls/docs61/////adminguide/nsapi.html#101168>. It is
            not available for WebLogic Server 5.1.0.
            Regards,
            -- Ian
            "Abhinandan" <[email protected]> wrote in message
            news:3ba5dfa9$[email protected]..
            > Can i get SSL communication between iPlanet and Weblogic 5.1? if yes then
            how??
            

• Can I pilot SSL acceleration single subnet and exclude SSL acceleration on rest of network.

  I have a large WAAS deployment and would like test SSL acceleration on a single regional IP subnet pointing to the main Data Centre all in the same device group. The SSL feature seems to be either on/off per host/IP Address. I would like to do the rollout SSL acceleration in a phased manner if possible.                  

  Hi,
  Cisco WAAS has an option to create self-signed certificates and private keys/ Generate certificate signing request (Our own CA) or this can imported from existing certificate and key if we have them.
  When a connection is requested, the WAN optimization device in the data center splits the original SSL connection from the client to the SSL server into two SSL connections. To the client the connection appears as the SSL server, and to the SSL server it appears as the SSL client. To act as the SSL server, the data center WAN optimization device needs an authentication certificate for each SSL service it is optimizing. When the WAN optimization device intercepts a connection request from a client, it uses the SSL server IP address/domain name to associate the certificate with the client.
  You can refer below link for configuring the SSL and moreover you can view the white paper for example
  http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/configuration/guide/policy.html#wp1191888

• What SSL accelerator and load-balancer does anyone recommend?

  Hi:
  I wanted to find out:
  Does anyone recommend SSL accelerator cards/boards or SSL accelerator appliances?
  What SSL accelerator and load balancer does aynone recommend to help 9iAS?

  Ana_Alm wrote:
  Hi there!
  I just downloaded and installed OS X Lion, and I'm loving it so far.
  However, I've seen that Mountain Lion will have some new features when it comes to social apps (what I call the ones that combine twitter, facebook, rss readers and so on).
  So, does anyone knows any cools apps for that? I'm currently using Socialite, that combines all those three, but it has a few issues I don't particularly like. Plus, I'm using Adium for a msn client. I'm also thinking about downloading that beta version of "Messages" that will be realeased on Mountain Lion.
  So, what do you think? Give me your ideas
  Thanks a lot in advance!
  As Mountain Lion has not been released to the public yet, then most of us have no idea which companies have updated the development of their Apps for  ML. It is in Development phase so any App you try is at your own risk.
  Good Luck
  Pete

• SSL Accelerated Services

  Hi All,
  I'm about to create the first SSL accelerated services for my customer and need to confirm a design point in advance of my deployment window.
  I have one *.xyz.com wildcard domain and server port and 2 certificates.  One of the certs is for an interim environment and the other for the main environment which is not yet live.  Can I associate both certificates to the same wildcard domain & port?  I'd ideally like to do this to allow for a seamless transition between the two environments or do I need to delete the interim cert and install the main one on the transition date?
  Thanks
  Claire

  I dont think you can associate both certificates to the same wild card domain & port. You can use one at a time.

• WAAS statistics for SSL accelerated services

    Hi all,
  the customer has configured two SSL accelerated services on the core WAVEs. He would like to monitor both these services separatelly. He uses SSL accelerated report, but there is summary statistics from both services. Is possible to create an application per SSL service for the collection statistics? For example: when I will have two SSL accelerated services ssl1 and ssl2, is possible to monitor statistics for ssl1 and monitor statistics for ssl2?
  Thank you
  Roman

  I dont think you can associate both certificates to the same wild card domain & port. You can use one at a time.