Small-to-medium sized business versus Enterprise requirements for Application Delivery Optimization

Scene 1: Lisa walks into her favorite bricks-and-mortar clothing boutique. A salesperson comes over, greets her by name and says, “We just received a shipment of those jackets you like, let me show you.” The salesperson then suggests that other women who have purchased the jacket also buy a turtleneck to go with it. Lisa purchases both items.

Scene 2: Lisa walks into her favorite bricks-and-mortar clothing boutique. The store is a mess; sweaters are on the same racks with pants and lingerie. No one helps her and she leaves the store without making a purchase.

Scene 3: Lisa uses her PC to access her favorite store’s website. She signs in and the site flashes on the screen ‘welcome Lisa’ and reminds her within seconds that jackets are on sale this week. After she selects the jacket she wants, places it into her virtual shopping cart, the site also reminds her that people who purchased the jacket also purchased a turtleneck and she does the same.

While the first and third scenes both exemplify successful operations, only the third scene takes advantage of additional opportunities beyond the organization’s local region. The customer does not have to be in the same city or country as the shop. The new small-to-medium businesses, whether a retailer, bank, realtor or other vertical market, are moving toward web-based businesses, and need both the user experience and website delivery to be efficient, or business and revenue will be lost. The end result would be equivalent to a bricks-and-mortar location closing its doors during business hours during the busy season.

The Web experience is changing for consumers. While the National Retail Federation reports that over 90 percent of customers research products on the Web before purchasing, a single product photo and description is not enough to close the sale. Through broadband, with Flash and JPEG product images, retailers are providing information to potential customers which will improve the likelihood of closing the sale. According to Infonetics Research, 32 percent of small-to-medium sized businesses (SMBs) sell goods online. In order to be successful, these businesses need to handle the traffic associated with a successful e-commerce site connecting to employees, customers and suppliers.

Beyond retailers, small-to-medium sized businesses in a wide range of vertical markets use intranets to share information among employees and use Extranets to link to their suppliers. The information shared is becoming more strategic rather than bureaucratic, and includes marketing support documents, medical imaging for collaboration, customer relations and payment information. As the information accessed and shared becomes more complex and bandwidth-consuming, it becomes more important that network and application infrastructure performance be optimized, and reliable.

This whitepaper explores the needs of small-to-medium sized businesses compared to enterprise businesses with regard to e-commerce and optimizing server and application performance through the use of application delivery controllers (ADCs).

Size no longer matters in business. Broadband access and Web hosting services have brought SMB the websites, intranets and other resources previously only affordable to large enterprises. The Internet has leveled the playing field among businesses of all sizes, and approximately 42.7 percent of small businesses are online, according to the Small Business Research Board. These companies represent a new breed of SMBs that derive profit and revenue from the Internet. With a Web-based business, it is no longer essential for the buyer, seller and distributor to be in the same geographic location for them to transact business, and one can expand business hours to 24/7. A website should be easy to use regardless of the user’s level of technical expertise. Websites may be translated into multiple languages to serve an international customer base. In addition to sales through the website, the site may also drive telephone and bricks-and-mortar sales.

With broadband in the home or office, consumers are better able to view videos, high resolution graphics and have an overall better quality of experience online. In turn, businesses can display rotating product images and product data sheets, and offer such enhancements as “Buy Now” icons, promotion codes, cross-selling or “Email to a friend” options. In addition to customer-facing business applications, there are also sell-side applications that enable a company to improve internal business processes and functionality.

The good news is that businesses are increasingly taking advantage of the power of the Web. The bad news is that the website or intranet must be able to handle the traffic, or it will be as useless as roller skates on an interstate highway. A company needs to manage its Web growth as traffic increases, perhaps after a favorable product review or mention elsewhere, which drives traffic to the site. If customers try to access a company’s site and meet up with the ‘World-Wide-Wait,’ they will abandon the visit and a sale may be lost.

Site availability is therefore key to having a successful e-commerce site and is one of the primary functions of an Application Delivery Controller (ADC). Availability includes having ample bandwidth, memory and storage, and also includes redundancy, failover, load balancing and persistence. Small businesses that are not using the Internet are falling behind their competitors who are better connected internally, and have greater availability to their customer base. These new e-commerce companies have the advantage of automation which saves money and frees personnel to do other tasks. There does not need to be someone “on call” to monitor and troubleshoot a website at 3:00AM. The smaller business that does not have an efficient website is losing a window to customers who “let their fingers do the walking via their keyboards.” Imagine a company without a telephone—unthinkable—the modern-day equivalent is a company without a website. A website also saves companies’ customer service time and money. If sales staff is not taking up their time answering questions on the phone, when simple questions can be answered on a website, they will have more time to assist customers with more complicated questions.

In the book, “The World is Flat,” Thomas Friedman explains that the Year 2000 ushered in the era of Globalization 3.0, in which the world is shrinking and individuals and companies are empowered to compete globally. Through the Internet and other telecommunications technologies, geographic boundaries to communicating and competing are falling, driven in part by the development of global supply chains. Companies are gaining the electronic resources needed to compete with much larger players. There was an old New Yorker cartoon that had a puppy sitting in front of a computer and the caption read, “no one knows I’m a dog on the Internet.” Small businesses can appear to be much larger based on their websites. Naturally, while this level playing field concept is a good one, it also brings challenges to the small business to maintain the resources needed to compete with larger players, and to do so without breaking the budget.

Today’s small-to-medium sized businesses (SMB) are undergoing the same IT evolution as their enterprise counterparts, only on a smaller scale. For SMBs, website reliability, flexible scalability, performance and ease of management are as essential to SMB website infrastructure as they are to an enterprise. It’s fair to say that these capabilities are an important operational imperative for businesses of all sizes. SMBs can gain efficiencies and competitive advantages by adopting appropriate networking technologies. However, without the proper systems in place, they will suffer from poor performance and they will be competitively disadvantaged. For this reason, choosing the appropriate application delivery controllers and server load balancing products is critical to ensuring efficient and effective website infrastructure to meet today’s needs, while ensuring the right upgrade path for tomorrow’s business requirements.

Until recently, even basic server load balancing was cost prohibitive for SMBs. Today, advanced application delivery controllers and intelligent load balancers are not only affordable, but the consolidation of Layer 4-7 load balancing and content switching, and server offload capabilities such as SSL, data caching and compression provides SMBs with cost-effective out-of-the-box infrastructure.

In the world of application delivery, the SMB requires the same basic elements as the large business, but scaled to meet its needs. For example, the large enterprise may have a private network or virtual private network covering headquarters and branch locations via frame relay or leased lines. SMBs may use secure socket layer (SSL) virtual private networks (VPNs) and the Internet to connect remote locations and the headquarters. While a large business may need a “Hummer,” i.e. a powerhorse of an ADC with many enterprise-class features, the smaller business may be hindered by the price, and not needing all the capabilities associated with the powerhorse. In automotive terms, the Hummer provides off-road functionality that city drivers would not need. Instead, the smaller business may only require a Honda, an economical, practical ADC with a combination of features tailored for the SMB customer.

Larger businesses have more complex needs and may require the “Hummer” to manage traffic over private networks with stronger security and quality of service demands. Moreover, enterprises have requirements for supporting diverse protocols upon which their applications run and also must support different devices that need to connect to these applications. These larger enterprises require tight integration between these applications, which may include network management systems such as IBM Tivoli, HP OpenView and the CA UniCenter and the ADC. They need network QoS policy management and enforcement, etc. They need tight data storage and file system integration, and the ability to monitor multiple Internet links, along with more detailed reporting capabilities.

Moreover, those accessing the company’s website or intranet may be doing so over mobile broadband or DSL rather than a private network and may be more in need of rules-based routing in order for the ADC to move traffic from mobile devices to a particular server, for example.

Regardless of size, all organizations want to keep their networks running smoothly and free from security issues such as denial-of-service attacks. The newer generation of ADCs is better able to monitor applications and specific transactions for failures, denial-of-service attacks and application-level attacks. They have integrated intrusion prevention systems (IPS) that provide rapid real-time alerting and blocking of application-layer threats that arrive via HTTP or HTTPS. This vital Layer 7 protection is complementary to the lower layer security provided by traditional firewalls, filling an often unaddressed gap in many organizations' security posture. The ADC-based IPS security augments the DoS and SSL threat mitigation that may also be resident in the ADC.

The ADC IPS architecture should have integrated hardware-based SSL acceleration. This enables application-layer threats that arrive via HTTPS (SSL) to be quickly detected, with the same performance as applications that arrive via HTTP.

Businesses of all sizes require the following for their websites/intranets, especially for companies with two or more servers:

It is key for the SMB that it neither be sold a list of features and functionality that it does not need, nor be sold a product that does not offer enough features. The more complex the applications, whether used or not, the greater the management complexity, which taxes network resources. Price has certainly been a barrier for SMBs to invest in ADCs. The advanced ADC vendors offer ADC products priced at $40,000-to-$50,000 for the “Hummer” ADC plus $10,000 for a yearly service contract. SMBs require load balancing, content switching, SSL acceleration, and application-level security, and many of them can only afford to pay the price of what would be the service contract for the advanced ADC vendor.

For enterprise organizations (companies with 1,000 or more employees), integrating best-of-breed network infrastructure is commonplace. However, for SMBs, best-of-breed does not equate with deploying networks with enterprise-specific features and expensive products, but rather, deploying products that are purpose-built, with the explicit features, performance, reliability and scalability created specifically for the SMB market.

In general, businesses of all sizes are inclined to purchase “big brand” products. However, smaller vendors that offer products within the same category can provide the tailored performance, features and reliability that SMBs require, with the same benefits - at a lower cost.

With regard to ADCs, as discussed in more depth below, the needs organizations have today include doing more with fewer servers, maintaining website uptime, reducing operating costs and protecting against attacks that can cripple a network. If servers are used efficiently, fewer servers are needed because usage can be adjusted based on traffic, for example, taking a server offline during slow periods. An ADC can also quickly detect failures and possible attacks before it has an impact, which saves on downtime and the expense associated with service loss and resumption following an attack

An application delivery controller (ADC) is a network device that sits between the firewall or router and the server farm, which may be located in a service provider datacenter or at the customer’s premises. The ADC can also be described as a next generation load balancer. The ADC provides load balancing, which distributes web and intranet traffic across two or more servers through a series of traffic rules, in order to place traffic on the best performing servers. If a server becomes inaccessible, the ADC will take that device off-line and re-route traffic to the remaining servers. The latest generation of ADCs are characterized by added caching, compression and intrusion prevention (IPS) features, and are “more intelligent” than traditional load balancers. These devices support the web sessions and connect users to server and application resources. ADCs can be integral to business continuity, creating site resiliency, and consolidating IT infrastructure.

ADCs are able to look into application data headers to determine routing, offload server resources and accelerate response time based on user configured rules. For example, within a retail, or banking application, certain applications such as account allocation or purchases, or users (preferred or high-value) can be given higher priority, and moved to a faster server to expedite their transactions.

The original load balancers operated at the transport layer (layer 4). The newer ADCs manage the application layer (layer 7). In the former, routing decisions are made based on information in TCP/IP headers. The latter also examine cookies in addition to the application header information in order to enable persistence, and return traffic to the same server every time the user accesses the site. For example, the ADC will return a user to a server storing certain customer or employee information. ADC Layer 7 devices may also direct traffic to different servers based on desired application and other application-level criteria. Layer 4 load balancers are generally used for networks that do not require as much traffic differentiation.

The earliest application delivery controllers provided content switching and load balancing, but newer versions add increased functionality such as SSL acceleration, compression and caching, which improves the server’s performance by offloading compute-intensive processing from the application servers, and decreases the management effort and costs associated with server’s SSL certificates. ADCs offload server functions, which creates efficiency and simplifies deployment. In general, ADCs are likely to offload SSL processing (decrypting and encrypting secure traffic).

Businesses of any size tend to require their ADCs to:

Each element is discussed in turn.

The (SSL) protocol for public key cryptography is the de facto standard for securing Transmission Control Protocol/Internet Protocol (TCP/IP) traffic regardless of the network topology. Only those end-points that receive the decryption key are able to read the message in a meaningful way, thereby assuring authenticity. Because traffic directed to a particular website may take a circuitous route through multiple servers and points-of-presence, there needs to be a way to protect the confidentiality of the data being transferred. SSL can accomplish this through site authentication, data confidentiality, and message integrity to ensure the identity of the site accessed. SSL can also eliminate eavesdropping and ensure that the message has not been altered. The use of SSL translates an http:// site into an https:// site that can support secure transactions. SSL also authenticates the server and client’s identities.

SSL accelerators boost the performance of SSL transactions through the use of optimized devices and association with load balancing and persistence. Placing SSL acceleration on the load balancer rather than on the server enables the offloading of the SSL handshake and encryption/decryption processes from the application servers, which dramatically increases the servers’ performance. Moreover, adding SSL to the server increases latency, while using the ADC does not. During the handshake, session capabilities and encryption algorithms are negotiated, and the server is authenticated to the client. As part of the handshake, the Web server sends an SSL identifier, which is stored by the ADC to ensure that all subsequent traffic with that SSL session ID will be directed to the same Web server.

While load balancing is designed to distribute traffic among available servers, there are insistences in which load balancing is over-ridden to a certain degree although certain load parameters must be maintained. Persistence, also known as sticky or server affinity, bypasses the normal load balancing algorithm and sends a given user to the same server each time that user makes a request. Persistence is a requirement of stateful applications in which data is collected over successive interactions. An online shopping cart requires persistence so that the client can connect to the same Web server for the duration of the session without losing the information that has been placed in the cart.

There are several methods for assuring persistence. Cookie-based persistence or virtual source persistence sets a cookie value that indicates to which server the traffic should be directed and all traffic from multiple source IP addresses is treated as if it is originating from one source. Cookies are sets of data that are created when a user accesses a website and are recalled on subsequent visits, thereby speeding information delivery and enabling customized information for that user. If a user is filling out a form online, the information is stored on the server and does not need to be retyped.

Source IP persistence enables ADCs to identify users by their Source IP Address. There can be some problems with this method when proxy-servers or NAT is used, which mask user identity.

With regard to ADCs, there are many ways in which virtualization can be implemented. For example, virtualization can make multiple ADC’s function autonomously within a single hardware device. As traffic hits the virtual ADC, it is distributed to the appropriate application. By logically partitioning the ADC into multiple virtual ADCs, each virtual ADC has its own set of rules separately managed from one another, and overall management is centralized. Virtualization offers cost savings by reducing required hardware and associated rack space and power requirements.

The ADC helps to eliminate bottlenecks and slow processing by compressing and caching of objects. These objects are created by HTTP and sent serially to represent components of a transaction, which in turn slows response time. The ADC makes a copy of an object, which is then cached. When that object is requested, the ADC acts as a proxy and directly sends the content to the requestor, thereby eliminating the time it would have taken to gather it from the server. Compression allows ADCs to decrease the size of the application payload within each packet to reduce network bandwidth consumption without degrading content quality, and improving the end users' overall experience.

KEMP Technologies offers cost-effective application delivery controllers and server load balancers tailored to meet the needs of small-to-medium sized businesses that rely on the Internet for e-commerce and business-critical applications. Simply stated, KEMP offers the SMB what it needs to be competitive in this new, flattened, global economy. As stated above, while ADCs are not new, their high price of perhaps $40,000 per each redundant configuration had traditionally put them out of reach of SMBs. KEMP Technologies has changed all that by developing a suite of economically priced, full-featured ADCs that significantly improve performance, availability, scalability and ease the management of server and application infrastructure. KEMP offers the LoadMaster, a full-featured family of products whose success lies in its five-pillar approach to application delivery and server load balancing. KEMP offers the latest advancements in Layer 7 content switching, high-availability, Layer 7 persistence, hardware-based SSL acceleration, compression, caching and intrusion prevention, beginning at $ 1,590 – including the first year of support. KEMP’s customers include e-commerce companies, financial institutions, educational institutions, healthcare services, government and managed service providers.

SSL offload is a feature that allows LoadMaster to act as an end-point for an SSL encrypted session. Once LoadMaster decrypts the request, content can be examined, allowing content switching or cookies to be read to enforce persistence. There are numerous advantages to terminating the SSL session at the LoadMaster. For instance, it is now possible for the servers to process only unencrypted traffic, which allows for better server performance and reduced cost, since an SSL Accelerator card will not be needed for each server. Also, a single certificate installed on the LoadMaster can take the place of certificates on each server.

When a server has to encrypt and decrypt SSL traffic there is a high CPU and memory cost incurred. Tests have shown packet-processing time can be increased 20-30 times when SSL encryption is used. LoadMaster’s SSL Acceleration does the work of encrypting and decrypting through hardware, rather than passing this work along to the software.

An SSL Accelerator circuit has been built into the CPU chip for the LoadMaster 2000 and SSL Acceleration cards are installed by default in the LoadMaster 2500 and 3500 models. This SSL Accelerator circuit and card supplements the SSL off-loading performance and increases its efficiency.

n order to provide completely encrypted (SSL) communication between end users and servers, LoadMaster supports Reversed SSL Acceleration. This capability guarantees communication between the end users and the LoadMaster, and the LoadMaster to the servers, providing completely encrypted end-to-end communications. During an SSL session, when Layer 7 session persistence is also enabled (i.e. server cookie mode), the end user is guaranteed to return to the same server.

Most load balancers only support server persistence at Layer 4, based on Source IP address. In order for LoadMaster to support Layer 7 session persistence, such as server cookies, LoadMaster decrypts the packet and reads information in the cookie to persist the connection to same server. LoadMaster has a Virtual Service for SSL offloading, which allows it to read persistence information, and then connects to a second Virtual Service (SSL Reverse) that allows LoadMaster to re-encrypt packets for the servers. This means that each server that requires encrypted communication from LoadMaster will have an individual Virtual Service.

Many e-commerce and other dynamic content sites require returning users to visit the same server that hosted their last session, rather than being directed to another server. For example, if a customer reserved a concert ticket and holds it for 24 hours, they may need to return to that same server, because it stored the reservation information needed in order to purchase the ticket.

Persistence may be set up to accommodate e-commerce and other dynamic content sites that require returning end users to bypass the active load balancing method. Instead they simple return to the same server that they last used. When setting up an e-commerce or other type of dynamic content site, persistence should be configured on the LoadMaster. Whether persistence is needed is dependent on how user-specific information is stored, such as items in a shopping cart, or concert ticket reservations. For example, concert ticket reservation information may be stored in: 1) a back-end database that all servers can access, 2) on the specific server to which the user originally connected, or 3) in a cookie on the user’s machine.

Persistence is a benefit for any process where each server within a group generates dynamic content that can only be accessed from those specific servers. For example, when a user is initially connected to a server via load balancing, and begins a transaction on a specific server, that information may only be stored on that one server for a certain period of time. During this time, it would be best if the user’s subsequent connections returned them to the same server. However, if all processes are stateless, users can access any server at any time; persistence is not needed.

Persistence is associated with a Virtual Service and is specified as a set of optional elements in basic properties of Virtual Service configuration. LoadMaster has the following options for the persistency:

When a server hosts an application with dynamic content such as a shopping cart, it may be important to persist an end-user session to the same server when switching the protocol from HTTP to HTTPS or HTTPS to HTTP. For example, if one visits a website to buy merchandise one usually first searches for what one wants to buy. Normally searching a web site for products is not encrypted and carried over the HTTP protocol. However, it will generally change to an HTTPS session once you move to the shopping cart, or try to complete your purchase of an item. During these transactions, switching protocols between HTTP and HTTPS is common meaning that the end-user session switches between 2 Virtual Services; one is port 80, and other is port 443, both using the same IP address.

Just using Virtual Service persistence options to keep the end-user HTTP and HTTPS sessions on the same Real Server will not work for this scenario.

However, LoadMaster has a unique feature that solves the problem of end-user sessions moving from HTTP to HTTPS and HTTPS to HTTP. This feature is called “Port Following.” LoadMaster uses Port Following to ensure the HTTP and HTTPS end-user sessions stick to the same server.

In addition to its many other features, the LoadMaster also offers full support for Microsoft Windows Terminal Services. The LoadMaster resource monitoring provides data on both server memory and CPU, ensuring users experience the most efficient load balancing possible across each server. LoadMaster integrates seamlessly with the WTS Session Directory – providing a reliable “re-connect” when a remote desktop connection to the server has disconnected. LoadMaser also provides RDP-based Layer 7 persistence that incorporates client session reconnect, which can be utilized without the need for the Session Directory service to be installed. This helps simplify IT infrastructure, and provides cost savings benefits.

LoadMaster enables WTS users to maintain persistence, as well as perform resource monitoring for Window servers running multiple services. The LoadMaster resource monitoring feature provides data on both server memory and CPU, ensuring users experience the most efficient load balancing possible across each server. Additional benefits from LoadMaster load balancing WTS include, service checking for servers running Microsoft WTS, and extended capabilities for the increasing segment of remote workers.

Customers see KEMP’s LoadMaster as leveling the playing field between small-to-medium sized businesses and large enterprises doing business on the Internet. KEMP products are also environmentally friendly with low-energy consumption, which lowers energy costs.

KEMP is able to keep its pricing affordable by not overloading its gear with features that the SMB customers do not need, and for which they do not want to pay. Instead, the company includes only features required to optimize Web and application infrastructure that SMB customers require.

KEMP products provide an unmatched combination of availability and performance for mission-critical servers and applications. KEMP products…

KEMP Product Line

As e-commerce and other Internet-enabled applications continue to evolve and grow in market size, a company’s ability to manage information and traffic flows will become more important. If a company cannot detect faults, dynamically add and remove server resources and control traffic distribution to its website, it will not be able to keep up with competitors. While SMBs are competing more and more against their larger counterparts, they have their own specific needs with regard to functional and budget requirements. It therefore behooves these small-to-medium sized businesses to choose ADC products that meet their needs without “breaking the bank.” KEMP Technologies offers the affordable, feature-rich products that businesses need to succeed in the ongoing Information Age. KEMP Technologies’ feature-rich application delivery controllers and server load balancer appliances aid SMBs in maintaining the integrity of their websites. The LoadMaster product family includes advanced server application delivery controllers and server load balancer products with Layer 4-7 load balancing and content switching with integrated ASIC-based SSL acceleration compression, caching and intrusion prevention (IPS). KEMP is able to offer SMBs the features, performance and security capabilities they need.

KEMP Technologies is a leader in cost-effective application delivery controllers and server load balancer appliances tailored to meet the needs of small-to-medium sized businesses (SMB) that rely on the Internet for e-commerce and business-critical applications. KEMP helps SMBs rapidly grow their business with 24/7 high-availability, better web infrastructure performance, scalability and secure operations - while streamlining IT costs.

Thousands of KEMP LoadMaster products are in use today to improve customer satisfaction by accelerating user access to business-critical web applications. Managed service providers also rely upon KEMP products to enable fast time-to-market and cost-effective operations for new and existing managed services.

KEMP’s highly affordable LoadMaster products include Layers 4-7 load balancing, content switching and server persistence, SSL offload/acceleration, WTS load balancing and persistence with Session Directory integration, and application front-end capabilities (caching, compression, intrusion prevention system), plus one full year of product support – delivering industry leading price/performance value.

The company is headquartered in Yaphank, New York. For more information, visit www.KEMPtechnologies.com, or call us at +1 (631) 345-5292.