Juniper Networks will soon add SSL support to its WAN acceleration gear, optimising the secure protocol over wide-area networks.
Because it is encrypted, SSL traffic cannot now be optimised by Juniper devices, so traffic reduction over the WAN is less significant than it might be otherwise.
With an upcoming software upgrade, Juniper will add SSL to its AppFlow technology, which accelerates applications that cannot benefit from more generalised TCP acceleration until their own protocol limitations are removed. In the case of SSL, the most significant limitation is that it is encrypted.
Juniper decrypts SSL within its WX devices, which sit at both ends of corporate WAN links, and through a variety of compression and optimisation techniques squeeze more data across the connections.
After decrypting the local SSL traffic, a WX shrinks it as much as it can and sends it over the WAN in IPSec tunnels to other WX devices. The WX on the far side will terminate the IPSec tunnel, reassemble the traffic and re-encrypt it in an SSL session headed toward the client or server at that end.
Private SSL keys are stored at datacentre WX appliances only, and session keys are pushed through a IPSec tunnels to the remote WX devices.
The company is also announcing AppFlow for CIFs Server Message Block (SMB) signing that accelerates and preserves SMB signalling that is used to avoid man-in-the-middle attacks.
Juniper also is introducing content distribution features for its WX devices that pushes virus updates, files that teams need to do their work, training videos and the like to branch office WX appliances where users can access them without each one having to connect over the WAN to servers.