tailieunhanh - Java Testing and Design- P8

Java Testing and Design- P8: The ultimate test of every software construction effort is the user’s success using the product to accomplish some practical goal. No matter how much state-of-the-art technology goes into the software, success can only be judged through the lens of the user. | Getting a Head Start 329 The HTTPS_Connect agent gives a very simple example of interacting with a Web host over an SSL connection. We will see later that SOAP-based Web-enabled application requests and responses may be made using SSL too. First we investigate the problems SSL potentially adds to a Webenabled application environment. What Usually Goes Wrong in SSL Systems SSL is widely implemented as a software-based solution. In this implementation the server negotiates the SSL connections with clients and performs encryption and decryption at the software level. The SSL handshake in which the client and the secure server negotiate the choice of algorithm and keys is an extremely processor-intensive operation. Running the HTTP _connect test agent in the previous section demonstrates the overhead of a secure connection. At some point the server runs out of resources CPU bandwidth memory or network bandwidth when performing the handshake to run the secure application. Network managers often overcome this limitation by adding more powerful servers. Another way of going is to add an individual SSL accelerator card to the server. Experience shows that while SSL traffic does not significantly affect overall network traffic it does tax the servers that process network traffic. Adding an SSL accelerator card to each server offloads the SSL work to the coprocessor on the card and enables the Web application on the server to respond in normal time. In a Flapjacks environment network managers find that the extra expense of adding SSL accelerator cards to every server can become overwhelming. Each server handling encrypted content requires an SSL accelerator card and a digital certificate. To obtain a digital certificate for each server from a certificate authority CA administrators must create a public key-private key pair and a Certificate Signing Request CSR and then submit these items to a CA. This process must be repeated for every server in production. Digital .