For a secure iSession™ deployment, you must use SSL encryption to secure the endpoints of the iSession™ connection. The default SSL profile settings on BIG-IP® acceleration Quick Start screen are sufficient to get symmetric optimization up and running in a demo environment or for testing. F5® recommends that, to secure the endpoints, you specify SSL profiles that use a symmetric optimization-specific root certificate (cert) from a trusted certificate authority (CA).
This illustration shows the network setup for a secure iSession deployment. The example in this implementation uses the specified IP addresses.
Network topology for a secure iSession connection
The process of securing an iSession™ deployment using SSL includes creating a cert for each iSession endpoint, and then specifying this cert (along with its associated key) in acceleration-related profiles and settings on the system. Before you start this procedure, ensure that you have configured the BIG-IP system on both sides of the WAN. This implementation is based on the default acceleration settings, except where noted.
After you complete the tasks in this implementation, you have secured the iSession endpoints of your symmetric deployment. The iSession traffic is now secure. Next, you can encrypt data traffic with iSession, using either IPsec for all applications, or SSL on a per-application basis.