sharepoint0520
asked on
Help to write detail plan to implement SSL offloading on environment.
Experts,
We have sharepoint 2013 with 5 Web servers with 2 Load balance (F5). We are going to implement SSL offloading to our environment. I would like to work on some detail plan to implement on QA server first.
Can you please guide me come up with some detail plan to implement?
We have sharepoint 2013 with 5 Web servers with 2 Load balance (F5). We are going to implement SSL offloading to our environment. I would like to work on some detail plan to implement on QA server first.
Can you please guide me come up with some detail plan to implement?
ASKER
Thank David. We have 2 F5 load balance in our prod environment. We have to implement for one web application. Now we have to test in QA environment first. But QA environment we don't have load balance. What is the best approach to test on QA environment? And what are things i need to take care? (Like new DNS etc)
Thank you for your help.
Thank you for your help.
Your question is illogical.
I have a car in Mexico, how can I test drive it in Canada, makes the same amount of sense.
I have a car in Mexico, how can I test drive it in Canada, makes the same amount of sense.
ASKER
Hi David,
Sorry for the confusion.
Sorry for the confusion.
ASKER
David,
I was looking for the steps to implement. I wanted to write down all the point which i need take care while implementing SSL offloading for one SharePoint web application.
I was looking for the steps to implement. I wanted to write down all the point which i need take care while implementing SSL offloading for one SharePoint web application.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
If you use HTTP/2, then only one SSL negotiation occurs per visit, with all assets multiplexed over a single connection.
If you're using HTTP/1.1, every single asset requires it's own SSL negotiation.
So the real fix is not offloading, rather...
1) Use HTTP/2
2) Use OSCP Stapling
3) Use Strict Transport (with 1+ year duration)
Do this and you can avoid all the complexity of managing offloading.
Tip: If you do the 3x steps above, no offloading solution can come close to speed, because anytime you offload, you must run a proxy connection between offload device + real Webserver... which will always be slower than connecting directly to a Webserver...
Just so long as the 3x items above are correctly configured.