Marvin, Thank you for the reply. Would you mind sharing your cluster configuration? We are testing our installation on a four-node Tomcat cluster, using JBOSS Cache to replicate the TicketRegistry. We are planning to serve 80K users and I am concern right now on how much users and how many nodes this setup can scale to. Any clustering war stories from the community will be greatly appreciated.
Thanks, Rolly Ferolino University of Phoenix On Thu, Feb 4, 2010 at 12:48 PM, Marvin Addison <[email protected]>wrote: > > What is the best practice for hosting the SSL certificate? > > There's no best practice here. If you want to leverage the SSL > offloading capabilities of your load balancing hardware, host the > certificate on the LB and forward the request to a non-SSL port on the > application server. If you feel the SSL handling capability of your > LB is negligibly better than your application servers, host the > certificate on each app server. I would argue there may be a security > risk in the first scenario since you are trusting the network behind > your LB, but this is a reasonable assumption in many cases. > > I should note that we think SSL offloading is largely vendor snake oil > and we like the ability to control our app server configuration, > including SSL handling, instead of having to cooperate with our LB > admins for the SSL setup. (They're great, it's just that we have > adopted a strategy of "keep the LB stupid" which has worked well for > us. Additionally our "big iron" ServerIron devices only recently got > the SSL offloading working to the satisfaction of our LB admins. > YMMV.) > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Rolly Ferolino [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
