1371 McCarthy Blvd.
Milpitas, CA 95035 www.arraynetworks.net (408) 240-8700
The Application Delivery Controller
Understanding Next-Generation Load Balancing Appliances
White Paper
Overview
To accelerate response times for end users and provide a high performance, highly secure and scalable foundation for Web applications and rich internet content, application
networking functions need to be streamlined.
Increasing the physical number of point product hardware appliances has proven ineffective. An integrated solution that takes a comprehensive approach to application delivery is needed. Learn about:
ÎThe limitations of data center web and application networking architectures based upon multiple, disparate point solutions
ÎApplication Delivery Controllers;
Integrated functions and associated benefits
ÎArray Networks’ industry leading ADC implementation
Application
Delivery
Controller
Understanding Next-Generation Load Balancing Appliances
Î
Introduction
Today’s Internet users demand faster download times for dynamic Web content, enterprise applications and multi-media services. The “eight second” rule no longer applies in today’s Internet marketplace. As the demand for more and more content at accelerated speeds continues to grow, businesses are forced to find ways of being able to meet this rising demand. The initial industry response was to purchase more servers, firewalls, routers, caching and compression devices, switches and point acceleration appliances. This attempted solution only succeeded in shifting network bottlenecks while increasing cost and complexity in the datacenter. In typical data centers, URL requests must travel a path through several appliances, supplied by numerous vendors, to access desired data.
Figure 1: Typical Data Center Application Architecture
To decrease download times for end users and provide a high performance, highly secure and scalable foundation for Web applications and rich internet content, application networking
functions need to be streamlined. Increasing the physical number of oint product hardware appliances has proven ineffective.
p
Application
Delivery
Controller
Understanding Next-Generation Load Balancing Appliances
An integrated solution that takes a comprehensive approach to application delivery is needed, a solution that:
ÎProvides 99.999% application availability and multi-layer security, “must haves” without which nothing else matters ÎDramatically improves end-user application experience, enhancing workforce productivity and customer loyalty
ÎImproves infrastructure utilization while eliminating cost and complexity, allowing you to do more with less - more easily Î
The Application Delivery Controller
Application Delivery Controllers (ADCs) reside within the datacenter (NOC or head-end), and are deployed asymmetrically. They accelerate and optimize Web applications using multiple technologies on the network and applications layers (layers 2-7). ADCs are deployed to offload servers, network devices and WAN links to improve application delivery to remote users.
Array ADCs consolidate multiple network technologies such as server load balancers, global and link load balancers, SSL accelerators, cache devices, compression technologies, application firewalls, DDoS mitigation and other equipment, to optimize and accelerate Web and application servers, transaction-based systems and WAN connections.
This single, integrated approach to complex networking functionality virtually eliminates compatibility issues associated with point products supplied by multiple vendors. All of the Array ADC acceleration and
ptimization features run concurrently - without performance degradation.
o
Figure 2: Next-Generation Data Center Application Architecture
Application
Delivery
Controller
nderstanding Next-Generation Load Balancing Appliances
U
Î
Integrated Application Optimization & Security
Fully integrated Array Application Delivery Controller appliances perform the following functions:
ÎServer Load Balancing
Array appliances employ multiple orthogonal approaches for intelligent, fast and efficient traffic distribution across servers. Array ADC improves application availability, facilitates tighter application integration, and intelligently and adaptively load balances traffic at layers 2-7, based on a suite of application metrics and health checks. It also load balances IPS/IDS devices and composite IP-based applications, and distributes HTTP/HTTPS traffic based on headers and SSL certificate fields. For greater application control, Array ADC inserts, modifies and rewrites cookies.
The appliances support up to four thousand separate virtual services and real services organized by real service groups. The Array uses content mapping rules to map URLs to distinct real service groups to balance loads across multiple servers. Each appliance uses standard or weighted round robin or least connections as the balancing protocol to determine the most efficient server.
ÎLayer 7 Server Load Balancing
Layer 7 server load balancing can intelligently distribute user web requests based on Layer 7 application specific information and HTTP headers, URI’s, application cookies, and other TCP/IP protocol
information for making application aware load balancing decisions. This removes the necessity for duplicating content across each and every server.
ÎApplication Session Persistence
Array ADCs are application intelligent load balancers that can maintain session persistence between users and applications based on client request information (URI, HTTPheader, cookie, hostname and URL).
ÎGlobal Server Load Balancing
Array ADC appliances analyze client HTTP requests for data, and current Web traffic conditions, to balance loads according to
geographical proximity and content type. If congestion exists at a Web server farm in one region, or if a Web farm in another region can serve the content faster, the Array appliance redirects the client’s HTTP request to the appropriate alternate region.
Application
Delivery
Controller
Understanding Next-Generation Load Balancing Appliances
ÎISP Link Load Balancing
Array appliances easily distribute traffic across multiple network links without configuring complex BGP settings on routers. The feature is an essential component in an overall performance, disaster recovery, and cost reduction strategy - continuously monitoring the health of multiple links and automatically and intelligently redirecting traffic to higher availability or lower cost links as appropriate.
ÎWebwall Application Firewall
The Array appliance contains several built-in security mechanisms to protect Web servers and applications from attack. The Array offers access control lists; protection against syn-flood attacks,
fragmentation, and DDoS attacks; and stateful packet inspection as well as single packet attack prevention. This level of content integrity reduces the need for third party firewalls and multiple DMZs. It is also worth noting that administration of the platform is only possible over secure channels.
Array's ADC’s offer application content filtering, access method control (GET, POST, PUT, HEAD …), and URL filtering capabilities. It protects against targeted attacks that include cross-site scripting, SQL injection, forceful browsing, cookie poisoning and malformed URLs.
By understanding SSL Session ID, Cookie and HTTP header information, Array can effectively gain control over application sessions, thereby protecting against identity theft, session hijacks and cookie tampering.
Array ADCs also protect applications from the following attacks, buffer overflow attacks, parser evasion attacks, directory traversal attacks, high bit shellcode protection and many more attacks.
ÎClustering
Array Networks’ proprietary technology and clustering capabilities allow network managers to seamlessly add capacity and availability to their Web infrastructure. Each Array platform in a cluster acts independently to route incoming content requests while simultaneously monitoring the other units for both load balancing and efficiency. If any unit in the cluster falls below performance parameters, another unit takes over immediately and the load is adjusted accordingly. Up to 32 Array appliances can be clustered to provide industry-leading levels of scalability and availability.
Application
Delivery
Controller
Understanding Next-Generation Load Balancing Appliances
ÎConnection Multiplexing
As the number of connections coming to a server increases, eventually the server runs out of resources. Connection multiplexing converts a large number of short connections into a much smaller number of higher-throughput connections. The feature takes advantage of server bulk-throughput optimized settings without changing configurations or content – significantly improving server utilization.
ÎSSL Acceleration
The Array ADC acceleration proxy accepts secure connections from end users, performs decryption, and forwards requests on to Web servers or the Array cache. As cleartext responses come back, the SSL proxy re-encrypts them and sends them back to the end user. This allows the cleartext connections to exist only in a private (and secure) network, while encrypted connections are required for transmitting to end users on the Internet or on an insecure network. Offloading CPU- intensive SSL encryption and decryption is yet another method by which the Array ADC significantly improves application performance.
ÎSpeedCache™ Server Side Caching
Array ADCs designate up to 50% of RAM for server side (reverse proxy ) caching. Array ADC utilizes a fast parsing algorithm processing HTTP requests from end users through to the server and back again.
Each cacheable element delivered from a Web server farm employing an Array solution is stored for future delivery, increasing embedded
ontent delivery speeds, while being fully HTTP 1.0 and 1.1 compliant.
c
ÎCompression
In-line compression of HTTP objects allows Array appliances to
compress objects on the fly before sending them to the end-user. Using this feature, network managers can maximize throughput to their sites over WAN links while end-users experience quicker download speeds due to the reduced size of objects being transferred.
ÎRate Shaping
Support rate shaping policies that can control, filter, and rate limit different types of traffic on the network on a per service or server basis. It enables them to granularly classify latency sensitive traffic (VOIP, multi-media, streaming, video conferencing etc), best-effort traffic (web, IM, ftp etc), and unwanted traffic (non-corporate, peer-to-peer etc). The rate shaping module prioritizes and classifies application traffic based on protocol, port or Layer 7 based information
Application
Delivery
Controller
Application
Delivery
Controller Understanding Next-Generation Load Balancing Appliances
ÎArray SpeedStack™ Technology
Point networking solutions spend up to 80% of their processing time managing TCP/IP and parsing HTTP requests; as processing is repeated for each solution added to a network, performance suffers.
Array SpeedStack™ technology performs TCP/IP and HTTP
processing once in a manner that eliminates the need for repeat work.
While competitors attempt to re-purpose legacy products to serve the evolving needs of the enterprise data center and Web-enabled
applications, Array is the only vendor providing solutions built from the ground up and optimized for next-generation networks. Array’s patent- pending SpeedStack technology delivers a level of performance simply not possible with point solutions or integrated solutions based on legacy technology
Î
Unprecedented Product Value
Array Networks integrates SLB, GSLB, LLB, application firewall, connection multiplexing, SSL acceleration, compression, and caching into one platform, which can be clustered for redundancy, scalability, and unprecedented performance. Array Networks’
Application Delivery Controller appliances offer an integrated solution for the enterprise data center that delivers unprecedented value:
Reduces server load by requiring fewer requests for the origin server to process
Offers full content management functions that start at the server and end at the edge of the Internet
Simple installation of single or cluster of platforms
Substantially leverages current Web server farm infrastructure Integrated solution drastically reduces equipment costs
Reduced latency by delivering cacheable data from regions closer to the client’s POP at the edge of the Internet Eliminates multiple component compatibility issues
Scalability and robustness against flash crowds
Application
Delivery
Controller
Understanding Next-Generation Load Balancing Appliances
Î
Summary
With Array Application Delivery Controller appliances, the capital investment required for optimal application performance is dramatically reduced. To gain the same functionality provided by an Array appliance, network managers would have to purchase, and configure, as many as twelve (with redundancy) separate components of hardware and software. And even with these unnecessary expenditures, wouldn’t be able to match the performance of the Array integrated Application
elivery Controller appliance.
D
About Array Networks
Founded in 2000, Array Networks is a global leader in
enterprise secure application delivery and universal
access solutions. More than 3,500 customers’ worldwide –
including enterprises, service providers, government and
vertical organizations in healthcare, finance, insurance and
education – rely on Array to provide anytime, anywhere
secure and optimized access. Industry leaders including
Deloitte, Red Herring, Gartner, and Frost and Sullivan
have Recognized Array as a market and technology leader.
Array Networks, Inc.
371 McCarthy Blvd.
1
Milpitas, CA 95035 hone: (408) 240-8700 P
Toll Free: 1-866-MY-ARRAY ax: (408) 240-8752 F
Email: [email protected] ww.arraynetworks.net
w
