Diffusion™ clients can connect to your solution using Transport Layer Security (TLS) or Secure Sockets Layer (SSL). The TLS/SSL can terminate at
your load balancer or at your Diffusion server.
Note: If you have sensitive client data that you must secure, use a secure connection
all the way from the client to the Diffusion server. Either do not
perform SSL offloading at the load balancer or re-encrypt the connection between
load balancer and the Diffusion server.
SSL offloading is when you terminate the TLS at the load balancer. The processing burden of
encrypting and/or decrypting a Diffusion client connection
made over SSL can then be is offloaded to a component that can perform SSL
termination more efficiently.
After the SSL connection has been decrypted, the client connection can travel between
the load balancer and the Diffusion server using an unsecured
transport. Doing this reduces CPU cost on your Diffusion