Riverbed Accelerates SSL Encrypted Traffic

Riverbed extends its award winning application acceleration capability to SSL traffic by providing end-to-end secure traffic acceleration. Prior to this breakthrough, traffic from encrypted web applications wasn't "visible" to Steelhead appliances and was passed through untouched; no attempt was made to optimize or accelerate that encrypted traffic.

In order to apply application acceleration and WAN optimization techniques to SSL traffic, the data and protocols must be visible, which means they must be decrypted on both sides of a WAN, yet remain encrypted while traversing all three segments of a given connection: from the server to the server-side WDS appliance, between the two WDS appliances across the WAN, and from client-side WDS appliance to client. Furthermore, the management of SSL certificates and private keys must be done in the datacenter, as to not introduce a new security vulnerability.

Riverbed has introduced an innovative patent-pending approach to accelerating SSL traffic across the WAN without breaking the centralized trust model favored by security architects. Riverbed's solution is complementary to many existing SSL Offload solutions (see below on the differences). Despite SSL offload vendors (also known as Application Front End or AFE) describing their products as "SSL Acceleration" solutions, they are architecturally different from Riverbed's, and remain complementary.

The Steelhead appliances are deployed into enterprise infrastructure and become part of the trusted environment. Traffic is then decrypted, optimized with all of RiOS's streamlining capabilities, and re-encrypted on its way from one site to another; all of that is accomplished without distributing certificates out to branch offices. All certificates and private keys are maintained in the data center, sustaining the centralized certificate-management approach favored by enterprise IT architects. Some other application acceleration appliances that support encrypted traffic require the distribution of certificates to branch offices, which creates a major security vulnerability within the infrastructure .

RiOS 5.0 continues to improve on Riverbed's industry-leading SSL acceleration functionality by making it even easier to setup and manage. Enhancements include auto-discovery of Steelhead appliance SSL peers, support for digital certificate domain-level wildcards, and manageability improvements for administering trust relationships. These new features simplify SSL acceleration across the enterprise to enable greater scalability and reduce administrative overhead.

By enabling traffic to be decrypted and re-encrypted in a safe manner, enterprises can accelerate SSL encrypted applications without trading off security and performance.