Skip to main content

Terminate TLS at border gateway

Description

Transport Layer Security (TLS) ensures that all data passed between the web server and web browsers remain private and encrypted. However, terminating and re-establishing TLS increases CPU usage and might be unnecessary in certain architectures.

Solution

Terminate TLS at your border gateway and continue with non-TLS to your application load balancer and onwards to your workload.

SCI Impact

SCI = (E * I) + M per R Software Carbon Intensity Spec

Implementing non-TLS communication will impact SCI as follows:

  • E: By reducing CPU, the amount of energy needed to support the communication transport is reduced.
  • M: By reducing the compute resource requirements, the total embodied carbon emissions are reduced.

Assumptions

The application does not have compliance requirements for using end-to-end TLS.

Considerations

A balanced level of security can offer a more sustainable and energy efficient workload while a higher level of security may increase the requirements on compute resources.

Consider applying the Just Enough Security (JES) model and terminate TLS at your border gateway for most standard applications that do not have strict compliance requirements.

References

Microsoft Azure Well-Architected Framework Sustainability Patterns