Deploy SSL Offload in Citrix NetScaler VPX/ADC Using IBM Cloud HSMIBM Cloud Hardware Security Module (HSM) and Citrix NetScaler VPX/Application Delivery Controller (ADC)
SSL Offload is a common requirement in many application deployments—one that provides authentication and encryption while relieving servers from the SSL certificate processing burden.
At IBM Cloud, two powerful and flexible products can be combined for your SSL offload use cases: IBM Cloud Hardware Security Module (HSM) and Citrix NetScaler VPX/Application Delivery Controller (ADC).
Based on Gemalto Safenet Luna, IBM Cloud HSM is a dedicated and single-tenant hardware appliance that centralizes and manages cryptographic key information. Please visit our IBM Cloud official documentation articles to learn more about HSM.
Citrix NetScaler VPX/ADC has been a part of the IBM Cloud catalog for a while; this dedicated virtual appliance offers load balancing capabilities on both the private and public IBM Cloud network, not to mention its acceleration and security features available for applications and services associated with it.
Integrating IBM Cloud HSM with Citrix VPX
Citrix VPX renders versatility and full control over your deployment, so, naturally, IBM Cloud HSM is its perfect companion!
The basic idea here is for VPX to procure an SSL certificate using the cryptographic material (keys) obtained from the HSM. To achieve this, a secure link must be established between both components, where HSM acts as a server and recognizes VPX as a client. Likewise, VPX acknowledges HSM as a valid source to generate keys.
Once that’s done, then it’s only a matter of incorporating that certificate into your SSL offload solution.
The below diagram illustrates the process using a basic SSL offload scenario.
In this example, sequence numbers 1 through 4 depict the steps required to create the keys and generate the certificate. Sequence number 5 represents the HTTPS traffic request to the application URL, which is protected by the SSL certificate in question and properly configured to do SSL offload.
Ready to get started?
IBM Cloud has got you covered with great documentation in our official Cloud repository.