IME SSL/SSH aren't huge resource-hogs, so speed shouldn't be an issue. A P500 can saturate 100Mbit ethernet with AES, for example.
WRT LEA blocking - you can run ssh tunnels over an http proxy, etc. - there's usually ways round these things. Our technical nutcase, Lawrence, has been sighted on IRC after running PPP over SSH over HTTP on a Nonia communicator. The man is mad.
Basically it's a PCI card. You stick it in your server and it does all the SSL encryption instead of the main CPU. Thus making things faster. Only downside is that they cost around £600. The other gotcha is that they are generally not supported under Windows. You need a BSD/Slowaris/Linux webserver to use them.
Most big vendors sell them. For example, if you have HP Prolient's you need a AXL600L (rated at 600 SSL connections/sec).
Would it be possible to split the load across two boxes somehow. Multihomed so that the encryted traffic travels on a private subnet within the LAN.
You could probably build 2 two pretty decent base units for 600 quid.
Yes. Use a load balancer.
Also with things like Moodle, you'd need a backend database server for each web server to connect to and a backend NFS server for uploaded files. So in total this would require a minimum of 5 servers. That SSL offloading card doesn't look that expensive now does it? :)
I've had a look at logmein, works fine on my laptops and desktops at home but when installed on a desktop in school it fails to connect. We are using SEFGL for our internet; does anyone know if this is blocking the connection?