Home > Storage > ObjectScale and ECS > Product Documentation > ECS with Kemp LoadMaster Deployment Reference Guide > Implementation workflow
The following example configuration options describe various methods for directing client traffic to Dell ECS using a Kemp LoadMaster.
It is recommended, when appropriate, to terminate SSL on the Kemp LoadMaster and offload encryption processing overhead off of the ECS storage. Each workflow should be assessed to determine if traffic requires encryption at any point in the communication path.
Generally, storage administrators use SSL certificates signed by a trusted Certificate Authority (CA). A CA- signed or trusted certificate is highly recommended for production environments. For one, they can generally be validated by clients without any extra steps. Also, some applications may generate an error message when encountering a self-signed certificate. In our example, we generate and use a self-signed certificate.
Both the Kemp LoadMaster and ECS software have mechanisms to produce the required SSL keys and certificates. Private keys remain on the Kemp LoadMaster and/or ECS. Clients must have a means to trust a device’s certificate. This is one disadvantage to using self-signed certificates. A self-signed certificate is its own root certificate and as such client systems will not have it in their cache of known (and trusted) root certificates. Self-signed certificates must be installed in the certificate store of any machines that will access ECS.
Note: Local applications may use the S3-specific application ports, 9020 and 9021. For workflows over the Internet, it is recommended to use ports 80 and 443 on the front end and ports 9020 and 9021 on the backend. This is because the Internet can handle these ports without problem. Using 9020 or 9021 may pose issues when used across the Internet.