Configure SSL acceleration with HTTP on the front end and SSL on the back end
In certain deployments, you might be concerned about network vulnerabilities between the Citrix ADC appliance and the backend servers, or you might need complete end-to-end security and interaction with certain devices that can communicate only in clear text (for example, caching devices).
In such cases, you can set up an HTTP virtual server that receives data from clients that connect to it at the front end and hands the data off to a secure service, which securely transfers the data to the web server.
To implement this type of configuration, you configure an HTTP virtual server on the Citrix ADC appliance and bind SSL based services to the virtual server. The appliance receives HTTP requests from the client on the configured HTTP virtual server, encrypts the data, and sends the encrypted data to the web servers in a secure SSL session.
To configure SSL acceleration with HTTP on the front-end and SSL on the back-end, first enable the load balancing and SSL features on the Citrix ADC appliance. Then, add SSL based services that represent secure servers to which the Citrix ADC appliance will send encrypted data. Finally, add an HTTP based virtual server and bind the SSL services to this virtual server.
Enable load balancing and SSL acceleration on the Citrix ADC appliance.
After enabling load balancing and SSL acceleration, create two SSL based services, Service-SSL-1 and Service-SSL-2, with IP addresses 10.102.20.30 and 10.102.20.31, and both using port 443.
Then create an HTTP based virtual server, Vserver-HTTP-1, with an IP address of 10.102.10.20.
Bind the SSL services to the virtual server to complete the configuration.
Table 1. Entities in the SSL Acceleration with HTTP on the Front End and SSL on the Back End
|HTTP Based Virtual Server||Vserver-HTTP-1||10.102.10.20|