A customer recently asked a question during a webcast, “How does HyperIP accelerate encrypted data?” The answer is, it depends.
In the case where the data was encrypted when it was written to disk, as is required in most financial institutions, encryption poses problems for WAN optimization controllers who need to inspect the data to perform their optimization techniques:
1. Compression and deduplication on the network can no longer be applied to a secured/encrypted packet, so data reduction algorithms are a moot point.
2. Data security is paramount, so movement or transport of that data over the IP network requires the datagram to be intact, not un-encrypted, then re-encrypted putting data security at risk. That now means data pattern caching in disk or memory is no longer applicable.
3. Payloads in the encrypted data block can be quite large requiring a data streaming technology to meet window requirements and aggressive RTO’s to be adhered to.
So how can HyperIP WAN Optimization Virtual Appliance from NetEx accelerate encrypted data?
If the data is encrypted prior to HyperIP compression won’t be possible but HyperIP will still be able mitigate network issues that degrade WAN performance. SSL data payload, certificates, and keys will all passed through HyperIP’s accelerated transport at or near wire speed. No matter the distance or latency, no matter the packet loss on the WAN, no matter the amount of network congestion or out–of-order sequence issues, HyperIP will maximize the throughput of the application. This allows for complete data security, no modification of the SSL-encrypted block of data jeopardizing the integrity of the payload, transparent to both the application and encryption.
If the traffic is encrypted with a Taclane KG encryptor, HyperIP takes the unencrypted data from the source, optimizes the transport of that data to near wire speed, then compresses the data blocks to reduce traffic on the WAN, then hands that data to an encryption appliance. This is the preferred solution in most Department of Defense implementations, where specific encryption gear is required. This solution allows for complete WAN Acceleration of the block of data before it is encrypted. Global replication and backup of data now leverage HyperIP’s value and complete data security with government approved encryption on the WAN links.
See a success story about HyperIP in a DoD implementation:
Whether you are moving your secured data to a cloud storage provider, your own private cloud facility, a centralized data repository from remote offices, or an in-house DR facility, HyperIP can significantly improve the performance of your applications.