There are many ways to secure an application.
...
Another way of securing the application is to use SSL Offloading. Basically we delegate the functions required for SSL/TLS, namely the handshake and the encryption/decryption to a dedicated component in front of the user. So all the servers behind the reverse proxy communicate as usual.
More precisely it is called SSL Termination in this case :
The proxy server/load balancer we use for the SSL offloading acts as the SSL terminatorWhen a client attempts to connect to Datafari, the client still has a secure connection with the SSL terminator, which is acting as a pass-through.
The Datafari architecture will be like this for monoserver and multiservers :
| Gliffy | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
This mechanism is a good solution if the network between the load balancer and the servers is secure. It can be done by isolate the Solr by their own VLANor VLAN or IPSEC tunneling for example. According to section 4.1 of the PCI Data Security Standard any merchant handling credit card data should:
...