The impact of SSL acceleration on performance varies based on the encryption cipher being used.
Standard browsers (when doing rewriter) usually use RC4 encryption. The PCS device does this encryption in the main CPU itself (as it is quite lightweight). Disabling the accelerator card will not affect performance in such cases. However, if you are using a heavier cipher (3DES / AES) and running under load, then the SSL accelerator greatly offloads the main CPU from the expensive bulk encryption operation. Thus, one can load the system to greater limits without adversely impacting performance. Typically we have seen that for 3DES encryption, disabling accelerator card causes the PCS device to take about a 30% performance hit, especially if one is doing end-to-end encryption (front-end and backend SSL).
Since the NC (Network Connect) client uses 3DES/AES by default, by disabling acceleration, there could be a noticeable performance impact on the system. You might not see a process restart per-se, but packet loss will be greater (for NC) and the page response time will be slower (for core).
- Disabling SSL Hardware Accelerator does not affect PCS6500 performance (throughput) at the regular packet size of 512 bytes. For small packet sizes, there is a slight degradation for small packet sizes.
- Disabling SSL Hardware Accelerator has a 30% degradation for PCS6000. The degradation becomes more acute as packet sizes get larger.
If the SSL Hardware accelerator card is installed in your SA, the following option will be available in the PCS admin GUI
Under Maintenance > System > Options:
"Enable SSL acceleration. The system will reboot when this setting is modified"