Ok sounds good. Thanks for the input. Gerd
-------- Weitergeleitete Nachricht -------- Von: Vincent Bernat <ber...@luffy.cx> An: Conrad Hoffmann <con...@soundcloud.com> Kopie: Gerd Mueller <gerd.muel...@mikatiming.de>, haproxy@formilux.org <haproxy@formilux.org> Betreff: Re: ssl offloading Datum: Fri, 1 Apr 2016 11:29:16 +0200 ❦ 1 avril 2016 11:11 +0200, Conrad Hoffmann <con...@soundcloud.com> : > > I can't really back this up with reliable numbers, but a company I > once > worked for experimented with such hardware. The outcome was, and I > would > still always recommend this today, to rather throw more regular > hardware at > the problem. Modern processors have a lot special instructions > specifically > for cryptographic operations (maybe make sure you are making full use > of > that) and are way cheaper than specialized SSL hardware. Stuff like > SSL > changes a lot and often needs immediate security fixes, so going with > general purpose hardware where you are not dependent on some vendor > support > will likely make your life easier at some point. > > That's just an opinion after all, of course. I agree with you. x86 hardware is far less expensive and performant than dedicated hardware. Dedicated hardware is only useful if your team don't want to handle software (but in this case, you can also look at the Aloha appliance). Go for the maximum number of GHz and as many cores as you want since the performance scales almost linearly.
