Secure Sockets Layer (SSL) offloading at your load balancer

Diffusion™ clients can connect to your solution using Transport Layer Security (TLS) or Secure Sockets Layer (SSL). The TLS/SSL can terminate at your load balancer or at your Diffusion server.

Note: If you have sensitive client data that you must secure, use a secure connection all the way from the client to the Diffusion server. Either do not perform SSL offloading at the load balancer or re-encrypt the connection between load balancer and the Diffusion server.

Secure client connections are decrypted at the load balancer. Between the load balancer and the Diffusion server, the connection is not secured.

SSL offloading is when you terminate the TLS at the load balancer. The processing burden of encrypting and/or decrypting a Diffusion client connection made over SSL can then be is offloaded to a component that can perform SSL termination more efficiently.

After the SSL connection has been decrypted, the client connection can travel between the load balancer and the Diffusion server using an unsecured transport. Doing this reduces CPU cost on your Diffusion servers.