I originally posting this in the Oracle Applications forum but got no response, so I am posting it here too...
We will be running 9iAS web forms in servlet mode on Solaris configured with an SSL certificate. When we take 9iAS/webforms into production soon we hope to have two Solaris machines each with (2) 900Mhz CPUs and (4) Gigs of RAM to load balance our forms across. The number of concurrent form users ranges from 500 to 600. We are getting ready to order the necessary hardware and are wondering if we will need an SSL accelerator on each machine, considering how much CPU the machines will have? The SSL accelerators we have looked at range from about $1500 to $3000 each and we want to be sure they are really needed before we spend that kind of money. One person in our department thinks they won't be needed because the machines will be much faster than our current Solaris machines, but I don't know enough about SSL and its CPU load to be convinced.
Also, our sys admins included load balancing machines in our hardware quote. And two of those would run us $18,000. But given that we will be using the Listener Servlet method, and that Jserv has its own load balancing capability built-in, I don't think we need these load balancing machines. Unless they are somehow far superior to Jserv's built-in load balancing techniques. Does anybody know if the load balancing machines have more advantages to Jserv's load balancing?
BTW, I just wanted to clarify that the number of concurrent users include users on BOTH load balanced machines. So each machine should only have 250 - 300 users. Could a (2) 900 Mhz Solaris machine support all this SSL without an accelerator??? I'm skeptical but I don't know alot about SSL CPU usage...
Thanks for your input Amar. I think I'm gonna recommend we get the SSL accelerator, because the web forms themselves will consume enough CPU usage.
As for the load balancing machines, I think I'm going to pass on that - unless somebody can convince me that they have definite advantages over using the built-in load balancing software of Apache/Jserv.
One other question: is 40-bit encryption good enough for our site (we are a university)? I thought we should go with 128-bit, but a co-worker says that is really only needed for banks and such.