SSL Features in the Traffic Manager

Decryption and Encryption

The Traffic Manager can decrypt SSL traffic within a virtual server. This can be useful for two reasons:

•After decryption, the Traffic Manager's traffic analysis features can be used on the whole request. Service protection methods can filter for malicious content, viruses or Web worms; and rules can inspect the headers and body of the request to make an informed routing decision. Without decrypting the packets very little information is available.

•Decryption requires processing power. It might be more efficient if the Traffic Manager decrypts requests before passing them on to the nodes, reducing the load on the back-end servers.

If your virtual server is decrypting SSL traffic in order to use TrafficScript rules, you typically encrypt it again before sending it to the nodes. Encryption is handled by the pools you create in your Traffic Manager configuration, providing complete end-to-end security in your system.

SSL Certificates Catalog

The Traffic Manager uses an SSL certificate catalog to provide a centralized store of SSL server certificates, client certificates, certificate authorities and certificate revocation lists that your SSL services can use.

A virtual server manages traffic to a default service, and optionally to a number of "SSL sites" defined in the virtual server configuration. Each SSL site associates either an IP address or a hostname with a maximum of two SSL certificates from the catalog. For further information, see Serving Multiple Sites Using a Single Virtual Server.