A systems administrator is analyzing a report of slow performance in a cloud application. This application is working behind a network load balancer with two VMs, and each VM has its own digital certificate configured. Currently, each VM is consuming 85% CPU on average. Due to cost restrictions, the administrator cannot scale vertically or horizontally in the environment. Which of the following actions should the administrator take to decrease the CPU utilization? (Choose two.)
To decrease CPU utilization on the VMs, the administrator should move the digital certificate to the load balancer, thereby offloading the SSL/TLS termination process from the VMs to the load balancer. This can significantly reduce the CPU workload on the VMs. Additionally, configuring the communication between the load balancer and the VMs to use HTTP can further reduce the CPU load since HTTP is less resource-intensive compared to HTTPS, which requires additional encryption and decryption processes.
B. Move the digital certificate to the load balancer E. Configure the communication between the load balancer and the VMs to use HTTPS By moving the digital certificate to the load balancer, the system administrator is offloading the processing of the SSL/TLS encryption to the load balancer and not the VMs. This can help to decrease the CPU utilization on the VMs. Additionally, configuring the communication between the load balancer and the VMs to use HTTPS also eliminates the need to process encryption on the VMs, this will also decrease the CPU utilization on the VMs.
No. HTTPS does not eliminate the need to process encryption. The 'S' part of that is 'Secure' which uses TLS encryption. Frontload the decryption to the load balancer and go with a non-encrypted protocol on the backside to "... reduce CPU utilization" which is the focus of the question.
Moving the digital certificate to the load balancer would offload the workload of encrypting and decrypting traffic from the VMs. This would reduce the CPU utilization on the VMs, allowing them to handle more requests. Configuring the communication between the load balancer and the VMs to use HTTPS would also offload the workload of encrypting and decrypting traffic from the VMs. Additionally, using HTTPS would improve the security of the communication between the load balancer and the VMs.
The correct answers are "B" and "C." As previously mentioned by dvd21: the overhead for HTTP compared to HTTPS is lower. https://serverfault.com/questions/570387/https-overhead-compared-to-http
HTTPS uses digital certificate, not HTTP, you still have to secure your connection right?
@i_bird, the load balancer is securing the communication as the cert has been move to it and only the communication between the load balancer and VMs will be not secured
B. Move the digital certificate to the load balancer. C. Configure the communication between the load balancer and the VMs to use HTTP.
B) Move the digital certificate to the load balancer E) Configure the communication between the load balancer and the VMs to use HTTPS https://www.httpvshttps.com/
answer is B and C. Http reduces CPU load.
No. HTTPS does not eliminate the need to process encryption. The 'S' part of that is 'Secure' which uses TLS encryption. Frontload the decryption to the load balancer and go with a non-encrypted protocol on the backside to "... reduce CPU utilization" which is the focus of the question.
I am moving the certificates to the load balancer and configuring http communication between the VMs and the load balancer.
People! If you remove the certificate from the VMs, how can you configure a secure connection between the load balancer and the VMs???
I think because they are on the same internal network that is less of a concern.
As explained by "TheGinjaNinja".
here is a compelling article for bc, https://www.claudiokuenzler.com/blog/687/encrypted-http-connection-https-use-four-times-more-cpu-resources-load
B. Move the digital certificate to the load balancer. C. Configure the communication between the load balancer and the VMs to use HTTP. Explanation: B. Move the digital certificate to the load balancer: Offloading SSL/TLS termination to the load balancer can significantly reduce CPU utilization on the VMs. The load balancer will handle the encryption/decryption process, freeing up CPU resources on the VMs. C. Configure the communication between the load balancer and the VMs to use HTTP: After moving the digital certificate to the load balancer, the traffic between the load balancer and the VMs can be sent over HTTP, which requires less CPU processing compared to HTTPS. This further reduces the CPU load on the VMs.
"Moves cert to the load balancer so the VMs dont have to encrypt/decrypt" "Makes the VM's communicate in HTTPs so they have to encrypt/encrypt" what. cannot possibly be B and E.
This is an interesting question. If you are trying to reduce resource usage I would move the digital certificates to the load balancer and enable http communication between the VMs and the load balancer (HTTP I believe uses fewer resources).
B&C Why not E? because no scope to scale out or scale up (as mentioned) and need to reduce CPU utilization. Please note, https is something reconmended but it uses high CPU which is a problem here so going with http would reduce overhead which results lower cpu. :)
B obviously; move the overhead of dealing with certificates to the load balance. E most likely; data privacy standards require data leaving the VM to be encrypted (https).