SYSTEMS AND METHODS FOR OFFLOADING INLINE SSL PROCESSING TO AN EMBEDDED NETWORKING DEVICE

摘要

A new approach is proposed that contemplates systems and methods to support a mechanism to offload all aspects of inline SSL processing of an application running on a server/host to an embedded networking device such as a Network Interface Card (NIC), which serves as a hardware accelerator for all applications running on the server that need to have a secure connection with a remote client device over a network. By utilizing a plurality of its software and hardware features, the embedded networking device is configured to process all SSL operations of the secure connection inline, i.e., the SSL operations are performed as packets are transferred between the host and the client over the network, rather than having the SSL operations offloaded to the NIC, which then returns the packets to the host (or the remote client device) before they can be transmitted to the remote client device (or to the host).

主权项

1. A system to support offloading of inline SSL processing, comprising:
a host running a plurality of applications and configured to
identify an application running on the host that requires a secured connection with a remote client device;offload Secure Sockets Layer (SSL) processing of a plurality of network packets exchanged between the application and the remote client device over the secured connection to an external embedded networking device; said embedded networking device configured to
establish the secured connection based on information exchanged between the host and the external embedded networking device;perform a plurality of inline SSL operations to process the network packets received from the application running on the host or the remote client device over the secured connection;transmit the processed packets to the remote client device following TCP/IP protocol or to the application running on the host without returning the packets back to the host or the remote client device, respectively.