Jack, terminating https at the load balancer means that the load balancer acts as the "server" in the SSL connection. It has the SSL cert and uses it to authenticate to the client. If you buy a hardware load balancer you typically can load your SSL certs into the box. The good ones can use SSL "out the back" to your web/app servers so the traffic remains encrypted all the way. The way we've handled the SSL termination is to use Apache and we place the load balancing behind it, i.e. between the web and app tiers. With Amazon's new load balancing service we expect larger setups to use the amazon load balancing in front of the web servers and SSL termination. Think of this as ensuring that the clients hit some operational server. Then behind the first tier we will see more customizable load balancing solution, like our haproxy-based one. This of this layer as actually balancing the load and directing requests to the proper set of servers.