|
Application Delivery Controllers: Improving Application Performance, Availability in Data Centers
By Marc Goodman, datacenterjournal.com
September 09, 2008
Many IP networks today have sufficient network bandwidth through multiple T1-DS3s or co-located sites with 1GB access speeds. However, this bandwidth may be under-utilized due to inefficient use of web applications that were not designed to be optimized when running over IP networks.
Today’s applications simply demand more from the network because they are much more complex and varied, with the added weight of hundreds of TCP sessions per second, SSL encryption demands, chatty protocols (CIFS, HTTPs, etc.), and rich content such as video streaming, mobile content, databases, security systems, and more.
Application delivery controllers offer an intriguing solution for managing and successfully delivering applications and services to end users. Successful delivery, from a networking perspective, can be defined as providing application availability, application performance, application scalability and application security—essentially a four-legged stool necessary for the competitiveness of any Internet, Intranet, or Extranet/e-commerce website today.
The Lifeblood of Business
It’s called an application, but what it really represents is an organization’s business and brand. Organizations depend on applications to streamline the cost of doing business while increasing productivity. Accordingly, those applications must perform optimally in order to accommodate a geographically dispersed world of employees, partners, suppliers and customers.
Unfortunately, applications often do not work well over every network type, and applications and the network don’t always play well together – resulting in slow application performance, security issues, and lack of availability. If no one can get to a company’s applications, or experiences long waits in attempting to do so, an organization’s costly applications can become a detriment, at least for a time (and time is money, of course).
By itself, network connectivity is not built to address these issues. Applications may not operate effectively in every network, and not all networks, such as the Internet or mobile networks, are under the IT department’s direct control. Similarly, datacenter web and application infrastructure can be complex, multi-layered and often have diverse servers, platforms and reporting mechanisms. Fortunately, datacenter infrastructure is within the IT organization’s control.
Application delivery controllers can help optimize and enhance how the datacenter manages servers and applications. Strategically located between the network and users, application delivery controllers can help an organization achieve the most from their application investments, improving performance, enhancing security, and ensuring always-on availability. In short, by adding intelligence and manageability into the network, application delivery controllers allow applications to do what they were designed to do: perform.
Application delivery controllers (active and failover), located between servers and users, can dramatically improve application performance, security, and availability for any Internet, Intranet, or Extranet/e-commerce site.
Application Security
Organizations, of course, recognize the need to stay ahead of security issues – not only to protect their assets, but to secure the information and traffic traversing the network before attacks occur, without delaying legitimate transactions – especially in the e-commerce environment.
At a minimum, application delivery controllers should include layer 4 load balancing, layer 7 content switching and SSL acceleration capabilities. By moving SSL transactions off the servers and onto the application delivery controller, organizations can significantly improve the performance of e-commerce servers (and sites) because SSL places a heavy overhead on servers, slowing them down. Moving the SSL function onto an application delivery controller also has the added benefit of centralizing the management of public key certificates, and can help organizations reduce the cost and hassle of installing additional servers as a result of excessive SSL overhead.
Finally, IT managers can provide persistence with cookies, instead of relying on the inconsistent SSL Session-ID.
SSL offload is fairly straightforward. When a request comes into the application delivery controller, it reads the request and makes an intelligent decision on where to send that request. This decision is based on various factors such as server availability, load balancing method selected, and the type of information being requested. If the request is encrypted using SSL, the application delivery controller can decrypt the SSL request and then use the HTTP header and cookie information to make the best decision on where to send the request.
For enhanced security, an application delivery controller that includes an Intrusion Prevention System (IPS) can provide in-line protection of servers by enabling real-time mitigation of attacks before any damage can occur.
Application Performance
Application delivery controllers use various techniques to distribute the traffic load between two or more servers, routers, firewalls, and other networked resources, to optimize resource utilization and improve application performance and response time – allowing them to work faster and consume fewer resources.
In terms of the Open Systems Interconnect (OSI) Reference Model - the framework that describes and defines how networked systems communicate with one another - most application delivery controllers are capable of providing layer 4 to layer 7 management. Layer 4 is limited to web requests destined to TCP Port 80; therefore, no further differentiation among server groups is possible. However, layer 7 switching uses application-layer criteria to determine where to send a request. This provides an application delivery controller with much more granular control over forwarding decisions.
Additional advantages of using layer 7 switching include cookie persistence to ensure a user maintains consistent access to a specific server to complete a transaction -- even if a connection is broken. Another unique use of layer 7 persistence is maintaining user persistence to Microsoft Windows Terminal Services.
The actual throughput of the application delivery controller has little to do with the theoretical maximum bandwidth capacity of the Ethernet interface, which vendors provide. This number is highly dependent on the number and type of rules that the application delivery controller has to analyze, as it decides on how to deal with the packet. For example, if the application delivery controller has to make a load balancing decision based on layer 7 content, the additional latency associated with this process may have an impact on overall performance and total throughput. A quality application delivery controller will use optimal hardware architecture to allow it to sustain excellent layer 7 performance.
Application High-Availability
Whether an organization is an e-commerce site relying on web applications for revenue, or a services organization relying on the information delivery provided through web applications, constant and continuous availability is a major concern. Application delivery controllers can ensure that applications are consistently and reliably accessible, and can ensure users/customers are never adversely affected by system, application, site failures or scheduled maintenance.
Since all inbound traffic must pass through the application delivery controller, should it fail, the server farm and the entire site will not be accessible. To address this, most vendors support redundant configurations. Usually, a standby (or redundant) configuration is supported -- sometimes referred to as HA (High-Availability). Most sites utilize at least one HA pair, as it would be risky to deploy multiple web servers for redundancy and scalability, only to lose the entire site due to a hardware failure.
In addition, many application delivery controllers use advanced health checking capabilities so they can recognize when a resource is unavailable or under-performing, and direct traffic to another resource. In this way all of an organization’s applications can achieve mission-critical availability while ultimately reducing operational costs and complexity.
Summary
For most organizations today, applications represent the lifeblood of their business. These organizations are increasingly realizing the imperative need to ensure that their applications are always secure, fast, and available. However, acquiring more devices, more complexity, and more single-capability solutions is not the answer. Optimizing the delivery of applications between end users and diverse datacenter equipment and multi-platform servers is the answer to ensure the performance, scalability, and reliability today’s business-critical websites require. The best application delivery controllers today are setting a new standard for optimizing the delivery of applications, improving site and application security, reducing management headaches, and providing faster access to applications and content within a single, cohesive, easy-to-manage platform.