MACROMEDIA BREEZE Deployment Manual - page 10
10
Breeze Deployment Guide
SSL Support
Breeze requires an SSL accelerator to support encrypted communication over the Internet. You
can use a hardware solution, such as F5 BigIP SSL accelerator, to improve results. Macromedia
recommends using hardware solutions, due to the high bandwidth requirements of streaming
media. Macromedia does not recommend using software SSL solutions.
The Internet uses well-known ports for nonencrypted HTTP-based web traffic and encrypted
HTTPS-based web traffic. Nonencrypted traffic generally goes to port 80, and encrypted traffic
generally goes to port 443. SSL accelerators work by intercepting traffic on port 443, decrypting
the information, and sending it on to the server through port 80. There is no indication to the
server that the original data was encrypted. When you set up your SSL solution with Breeze
however, you must still send the decrypted traffic to Breeze on port 443, even though it is already
decrypted and could, in theory, go to a nonencrypted port. The problem is, the Breeze server
generates specific URLs to allow users to go directly to meetings and courses. If you are running
an SSL accelerator, these URLs must begin with
https instead of http(the “s” in HTTPS indicates
encrypted Internet traffic). Breeze uses the port of incoming traffic to determine whether the
URL should begin with http or https.
For the solution, if you are installing Breeze Presentation, Breeze Training, and Breeze Live
modules, and you are using an SSL accelerator, you must install each server on a separate
computer. With SSL, the Breeze Presentation and Breeze Training server uses port 443 for
encrypted traffic, as does the Breeze Live server. The section,
“Firewalls and proxy servers”
on page 8
, explains the conflict that occurs if both applications are running on the same
computer and listening to the same port.
Planning your deployment summary
The following are key decisions you should make before you deploy:
How should you configure your network and DNS server to allow end users to interact with
the servers?
Have a plan that includes IP addresses and domains that you need to support.
Review the installation documentation to confirm that you know how to change these settings
in Breeze.
Do you require more than one server (such as when you are using a firewall or proxy server)
or should you create a cluster of servers?
Review
Breeze Installation Guide to determine if
you require more than one server, and to learn how to create a multiserver configuration.
Will some of your users interact with the servers by communicating through a firewall or
proxy?
Verify that your firewall or proxy server configuration allows end users to interact
with the servers. You must also use the proper configuration of servers.
Are you adding SSL to the final solution?
Verify that you correctly set up and configured your
SSL solution following the tips in this document. Remember that using SSL requires you to
install each server on a separate computer.