This guide covers two standard deployment scenarios. At no time will traffic destined for the Virtru Private Keystore (for Virtru Solutions) traverse any network as plain text.
All traffic will be encrypted via TLS by a Public Certificate Authority (CA) signed certificate.
Scenario 1 - TLS Termination at Virtru Private Keystore
In this scenario, all traffic between the Virtru Key Server and the Virtru Private Keystore (for Virtru Solutions) is encrypted and cannot be decrypted. The there is no way to decrypt and monitor the traffic in this scenario.
Load Balancing
Load balancing in this scenario can be performed inside or outside a firewall by either an active or passive load balancing scheme.
Active
- Hardware Load Balancer
- Software Load Balancer
Passive
- DNS Round Robin
Scenario 2 - TLS Termination at Load Balancer
In this scenario, the traffic between the Virtru Key Server and the Virtru Private Keystore is encrypted via TLS. The traffic is initiated at the Virtru Key Server and terminates at the Load Balancer. The traffic can be inspected and monitored from the load balancer. A TLS connection is initiated from the Load Balancer to the Virtru Private Keystore and terminates on the Virtru Private Keystore.
Load Balancing
Load balancing in this scenario can be performed inside or outside a firewall by an active load balancer only. This limitation is introduced due to reinitiating a TLS connection.
Additional Considerations
The certificate on the load balancer must be signed by a Certificate Authority (CA).
Active
- Hardware Load Balancer
- Software Load Balancer