Thanks Syed for the FS. Couple of comments:
- any reason why you choose assignTo/RemoveFrom load balancer rule API's to assign/remove certificate to LB rules? These api's are basically for controlling VM membership with a load balancer rule. Can create/updateLoadBalancerRule api's b used for registering and de-registering certificate with load balancer rule? - to me SSL termination is value added service from providers perspective, its better we expose service differentiation in the network offering (e.g dedicated load balancer capability of LB service in the network offering). So only if network offering permits, SSL termination can be used. - does adding SSL termination support to load balancer affect/complement current session persistence, health monitoring, auto scale functionality anyway? I see session persistence based on SSL session id's please see if this can supported. - as commented by other, fail fast at service layer on invalid certificate. - on the requirement #4, don't infer protocol based on the public/private ports and impose restrictions. Current createLoadBalancer API does not take protocol parameter so its inferred at device layer. NetScaler seems to support SSL with other TCP ports as well. One general implementation note, network rules can be reprogrammed. So operations to configure SSL cert, binding cert to virtual server etc need to be idempotent at NetScaler resource. [1] http://support.citrix.com/proddocs/topic/netscaler-ssl-93/ns-ssl-offloading -other-tcp-protocols-tsk.html On 08/10/13 11:44 PM, "Syed Ahmed" <sah...@cloudops.com> wrote: >Hi, > >I have been working on adding SSL offload functionality to cloudstack >and make it work for Netscaler. I have an initial design documented at >https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSL+Offloading+Supp >ort >and I would really love your feedback. The bug for this is >https://issues.apache.org/jira/browse/CLOUDSTACK-4821 . > >Thanks, >-Syed > > >
