Legacy platform

SSL acceleration

If you have many users and are planning on encrypting the Sterling™ Order Management System Software screens with SSL, you should consider the use of off-board hardware-based SSL accelerators.

SSL encryption/decryption are expensive operations and can reduce application server throughput by over 30%.

Currently, we have tested the use of an F5 Big-IP v9 as an off-board SSL acceleration engine and as an SSL Proxy. As an SSL Proxy, all page requests going to the F5 are sent as HTTPS. The Big-IP performs all the SSL processing and forwards all the requests to the application servers that are available and secured.

If you plan to use a Big-IP, you should be aware of the following Big-IP specific configuration requirements in the HTTP Profile configuration tab:

  • If you use WebLogic application servers, you have to set the header insert parameter to WL-Proxy-SSL: true. This header directive informs WebLogic that there is an SSL Proxy sitting in front of the application server.
  • If you use WebSphere® application servers, you need to configure the redirect rewrite parameter to ALL.

We recognize that there are other SSL acceleration technologies available. Please keep in mind that we have, to date, only tested against the F5 Big-IP v9.

Also keep in mind that SSL acceleration is targeted towards the Sterling Order Management System Software Console. The Applications Manager and the System Management Console do not require SSL.