Table Of Contents
Product Bulletin, No. 1922
SSL Module for Cisco CSS 11500
Series Content Services Switch and
Cisco WebNS Software Version 5.20
Cisco Systems announces availability of the SSL Module for Cisco CSS 11500 Series Content Services Switch and Cisco WebNS Software Version 5.20.
The Cisco CSS 11500 Series Content Services Switch is a compact modular platform that delivers the richest Layer 4-7 traffic management services for e-business applications.
The Cisco CSS 11500 SSL Module is the ideal solution for handling high volumes of Secure Sockets Layer (SSL) transactions that occupy today's e-business data centers. The module integrates state-of-the-art SSL processors into the leading content switching technology of Cisco WebNS Software. In addition to superior price performance, the SSL module simplifies the management of digital certificates and offers new possibilities in optimizing the switch-to-server architecture for security and performance.
Cisco WebNS Software Version 5.20 runs only on the Cisco CSS 11500. The Cisco CSS 11800, 11150, and 11050 are currently supported in Cisco WebNS Software Version 5.00.
New Software Features
The SSL module for the Cisco CSS 11500 delivers the following features:
•Eight hundred transactions per second per module
•Twenty thousand simultaneous SSL sessions per module
•Full and transparent proxy modes
•SSL session reuse
•Two hundred fifty six digital certificates
•Key sizes of 512, 768, 1024, and 2048
•SSL 3.0 and Transport Layer Security (TLS) 1.0
•Support for import of Apache, Microsoft IIS, and Netscape certificates
•Personal information exchange syntax standard (PCKS) no. 12
•Rivest, Shamir, Adelman (RSA), Digital Encryption Standard (DES), Triple DES (3DES), and RC4
•Secure File Transport Protocol (FTP) for transfer of certificates
•Encryption (3DES) of certificates and keys in configuration file
•Clock with battery backup (on switch control module)
In WebNS 5.20, the Cisco CSS 11506 supports up to four SSL modules, and the Cisco CSS 11503 supports up to two SSL modules.
In addition to support for the SSL module, Cisco WebNS Software Version 5.20 introduces the following features for the Cisco CSS 11500 Series:
•TACACS+—Secures administrative access to the switch using centralized TACACS+ database
•Dynamic Feedback Protocol (DFP) Manager—Provides a mechanism by which DFP-enabled servers give feedback to the CSS to make load-balancing decisions
•Secure Shell Protocol Version 2 (SSHv2)—Telnet sessions supported over SSHv2
•Weighted Domain Name System (DNS) balance—Global server load balancing via Weighted Round Robin of DNS record responses
•PortFast—Spanning-tree feature to allow ports to become active quickly
•Configurable timers for flow resource collection—Preserves long-lived flows by setting the length of time that information about a flow is stored in memory
•User access restriction for graphical user interface (GUI)—Enables viewing of show screens while disabling configuration access on a per-user basis
•Keepalives—Boost in number of keepalives to a total of 2048
•Sticky Table—Increase in number of entries to 128,000
The SSL module for the Cisco CSS 11500 Series is supported in both the standard and enhanced feature sets of Cisco WebNS Software.
The enhanced feature set includes the commands of the standard feature set, and the commands for Network Address Translation (NAT) peering, DNS, demand-based content replication (dynamic hot content overflow), content staging and replication, and network proximity DNS.
Most customers require secure Telnet in addition to SSL acceleration. The license for these features may be ordered with the following part number: S11K-SSH-K9-5.2.
For large, complex configurations, it is recommended that the memory on the switch control modules (CSS5-SCM-2GE) be upgraded from 144 to 288 MB. The SSL module itself has 512 MB and is not upgradeable. Other modules may be upgraded to 288 MB as needed to support additional simultaneous flows.
Table 1 includes all the software product numbers for Cisco WebNS Version 5.20 and the new Cisco CSS 11500 hardware components that are supported in Cisco WebNS Version 5.20.
Table 1 Software Product Numbers and New Cisco CSS 11500 Hardware Components for Cisco WebNS Version 5.20
For product literature, refer to:
For technical documentation, visit: