Some time in the future, I may need to build a dedicated SSL farm (as described in Making applications scalable with Load Balancing) or something similar to handle lots of SSL traffic. While it's not an immediate issue for me, I'd like to plan a little bit ahead. So my question is:
Is it more cost effective to use dedicated hardware for this, or can I reuse application servers, maybe with a hardware add-on card? Or is it better to have this integrated in load balancers (contrary to what the above-mentioned article stated in 2006)?
A few links to specific hardware would be nice, too – I currently don't really know where to start looking.
Best Answer
AFAIK the article still stands.
If you really need a farm with several load balanced SSL reverse proxies and a fair few web/application servers behind them, I would suggest looking at a blade solution. That's not cheaper than simple 1 U rackmount servers, but it will save you some rack space. Most major server manufacturers do blade solutions (Dell, HP, IBM, etc.). Some links: IBM | Dell | HP
I would build the load balancers from Linux servers (redundant pairs connected via Heartbeat, see LVS project), and have dedicated little networks for the proxy traffic and the traffic from the second load balancer to the web/application servers.