Application delivery controllers are also heavily relied upon for their monitoring capabilities. They can check a server’s health and operability beyond the standard ping. If monitoring indicates a server is experiencing an issue, or that specific health criteria needed to ensure a server’s reliability are not being met, the ADC will route traffic to an alternate server, avoiding a potential disruption (see Figure 1).
Application delivery controllers can also provide real-time and historical analysis of all user and network traffic, including metrics for round-trip times, bandwidth usage and datacenter and WAN latency. This information can assist help desk staff by minimizing the time they spend identifying the cause of an issue, and help users by providing faster resolution.
Load balancing servers across multiple sites
Load balancing is a critical service in any high-traffic datacenter, but an application delivery controller can also redirect traffic to a cluster of servers located in an entirely different datacenter. This is called global server load balancing. The servers in the other datacenter can be front-ended by another ADC, which works in tandem with the first appliance. These sites can be configured in either active-passive or active-active mode. In the latter, both sites are actively supporting inbound traffic. Each application delivery controller detects which datacenter is closest to a given user, and routes the client request to a server in that datacenter. This process minimizes latency and round trip times for the user’s request and ensures a better experience.
This configuration also supports business continuity if a datacenter suffers a shutdown. When traffic is routed to that datacenter, the ADC will divert it to an available ADC in a co-located site that can direct traffic to a viable server resource.
If applications do not perform to users’ expectations, their productivity can be severely compromised. An application delivery controller can employ an array of mechanisms to improve application performance, especially over mobile and high-latency networks.
SQL database load balancing is one mechanism that can deliver performance gains. SQL load balancing uses many of the same techniques employed for load balancing TCP traffic, but applies this intelligence at the database level. It uses policy-driven logic for each SQL transaction, improving the number of requests and connections that can be handled within the database cluster.
Other common app performance optimization services offered by application delivery controllers are offloading of server-intensive tasks, connection multiplexing, compression and caching.
SSL and TLS are mainstays for doing business on the web. Managing traffic encrypted with new ciphers is very CPU intensive. Application delivery controllers can handle exceedingly high volumes of encrypted and unencrypted traffic. The ADC manages certificates and decrypts traffic before it reaches the server.
TCP multiplexing is an effective method for handling high volumes of inbound server requests. TCP multiplexing maintains active connections between the ADC and the servers. As traffic hits the ADC, it routes requests using these open channels, which eliminates the inefficient “open-close” overhead for each transaction that can negatively impact server performance.
Performance optimization on mobile networks
Application delivery controllers can also provide performance benefits across mobile networks. Web pages designed for high-speed Internet links often fail to deliver the same user experience on a mobile device connecting over a bandwidth-constrained network.
Several creative mechanisms enable an application delivery controller to optimize web content delivery over mobile networks. Domain sharding is one example. Connection-layer optimization is applied to a single domain. Content on each page is broken down into a sequence of subdomains that allow a larger number of channels to be opened simultaneously, which decreases page load time and improves performance.
Application delivery controllers have visibility into the content that is being delivered, and can further optimize delivery of web pages containing large images by converting GIF files into more-efficient PNG formats.
The other large components of a web page include extensive scripts and cascading style sheet (CSS) files, which ADCs can compress by removing unnecessary characters and white space.
When compressed, files traverse the network at a much faster rate, so download times are significantly reduced.
Application and user security
Delivery over the web has introduced new threats and vulnerabilities that traditional LAN-bound applications never had to contend with. As workers become more mobile and require remote access to applications and data, IT must devise more-stringent safeguards against external attacks and data leakage.
Application delivery controllers serve as the natural entry point or gateway to the network. They authenticate each user attempting to access an application. If the application is SaaS based, the ADC can validate a user’s identity using an on-premises Active Directory data store that eliminates the need to store credentials in the cloud. Not only is this process more secure, it also enhances the user experience by providing single sign-on capabilities across multiple applications.
SAML, the XML-based protocol, is now widely used to simplify the application login process. The ADC can act as a SAML agent, authorizing users via any data stores where their identity can be confirmed. Some applications allow the use of credentials from sites such as Facebook or Google+ to validate identity before granting access. ADCs can act as a SAML identity or service provider in this respect.
Distributed Denial-of-Service (DDoS) attacks have become rampant.1 Enterprise web properties, specifically, are being targeted with the intent of overwhelming their servers and disrupting their ability to conduct business. The ADC can implement rate-limiting measures to protect internal server resources from being targeted by these specially designed attacks. When an unusually massive surge of inbound requests occurs, the ADC can throttle these requests and minimize the amount of available bandwidth they consume, or reject the request entirely.
Application delivery controllers have converged load balancing and advanced Layer 7 protection, which traditionally were only available as standalone solutions. Application firewalls can inspect data packet headers for suspicious content or malicious scripts that may not be detected by network firewall (See Figure 2).