An application delivery controller (ADC) is a purpose-built networking appliance used to improve the performance, security, and resiliency of applications delivered over the web.
ADCs have gained traction due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Applications have evolved significantly over the years. The term “delivery” is now generally accepted as the means of bringing an application to the user in the era of mobility and cloud. In the enterprise, business applications have moved away from desktop-bound software installed on a local server accessed by users across the LAN. Modern applications need to work across all types of networks, and at locations beyond the confines of the physical workplace.
Application delivery controllers, which are widely deployed as a key fixture in the enterprise, help applications adapt to the networks and protocols that are in place today. They also ensure that applications perform optimally, are always available, and don’t present any security risks either to the user or business.
This is especially important given the needs of an increasingly hybrid workforce.
The average consumer expects the devices and applications they interact with on a daily basis to always work, and for information to be instantly available on demand. These expectations have carried over to the types of devices and applications they use. To satisfy today’s workers, business applications need to be as intuitive and easy to use as the ones they rely on for personal tasks and entertainment.
Many employees are no longer restricted to using locked-down, company-owned equipment, and can use personal devices to work whenever they choose. With people working at any time of the day or night, IT must be certain workplace servers and applications are available around the clock. Enterprises invest heavily in IT infrastructure to ensure that employees always have access to applications and information when they’re needed.
Of course, servers can fail for a number of reasons ranging from mechanical problems to over-utilization and security breaches. If a server goes down, applications running on it become unusable or inaccessible.
IT organizations can plan for these occurrences by building fault tolerance into their environments. Deploying additional servers in the datacenter or at a co-located site are typical failover strategies. ADCs can help ensure high availability of applications by providing seamless failover. This is done by balancing application workloads across a cluster of active servers in one or multiple sites.
An application delivery controller employs algorithms and policies to determine how inbound application traffic is distributed. Round robin, which forwards client requests to each server in turn, is a fairly rudimentary form of load balancing. This method assumes all servers are the same: It does not take into account health or responsiveness. An administrator can implement additional policies that direct an ADC to check for a number of criteria before determining to which server an inbound request should be sent. The application delivery controller can inspect packet headers for keywords or requested file types and direct the request to the appropriate server based on this information.
Application delivery controllers are also heavily relied upon for their monitoring capabilities. They can check a server’s health and operability beyond the standard ping. If monitoring indicates a server is experiencing an issue, or that specific health criteria needed to ensure a server’s reliability are not being met, the ADC will route traffic to an alternate server, avoiding a potential disruption.
Application delivery controllers can also provide real-time and historical analysis of all user and network traffic, including metrics for round-trip times, bandwidth usage, and datacenter and wide area network (WAN latency. This information can assist help desk staff by minimizing the time they spend identifying the cause of an issue and help users by providing faster resolution.
Get an in-depth look at the must-haves for delivering fast, high-performance applications in the cloud.
If applications do not perform to users’ expectations, their productivity can be severely compromised. An ADC can employ an array of mechanisms to improve application performance, especially over mobile and high-latency networks.
SQL database load balancing is one mechanism that can deliver performance gains. SQL load balancing uses many of the same techniques employed for load balancing TCP traffic, but applies this intelligence at the database level. It uses policy-driven logic for each SQL transaction, improving the number of requests and connections that can be handled within the database cluster.
Other common app performance optimization services offered by application delivery controllers are offloading of server-intensive tasks, connection multiplexing, compression, and caching.
SSL and TLS are mainstays for doing business on the web. Managing traffic encrypted with new ciphers is very CPU intensive. Application delivery controllers can handle exceedingly high volumes of encrypted and unencrypted traffic. The application delivery controller manages certificates and decrypts traffic before it reaches the server.
TCP multiplexing is an effective method for handling high volumes of inbound server requests. TCP multiplexing maintains active connections between the ADC and the servers. As traffic hits the ADC, it routes requests using these open channels, which eliminates the inefficient “open-close” overhead for each transaction that can negatively impact server performance
Application delivery controllers can also provide performance benefits across mobile networks. Web pages designed for high-speed internet connections often fail to deliver the same user experience on a mobile device connecting over a bandwidth-constrained network.
Several creative mechanisms enable an application delivery controller to optimize web content delivery over mobile networks. Domain sharding is one example. Connection-layer optimization is applied to a single domain. Content on each page is broken down into a sequence of subdomains that allow a larger number of channels to be opened simultaneously, which decreases page load time and improves performance.
Application delivery controllers have visibility into the content that is being delivered, and can further optimize delivery of web pages containing large images by converting GIF files into more-efficient PNG formats.
The other large components of a web page include extensive scripts and cascading style sheet (CSS) files, which ADCs can compress by removing unnecessary characters and white space.
When compressed, files traverse the network at a much faster rate, so download times are significantly reduced.
Delivery over the web has introduced new threats and vulnerabilities that traditional LAN-bound applications never had to contend with. As workers become more mobile and require remote access to applications and data, IT must devise more stringent safeguards against external attacks and data leakage.
They authenticate each user attempting to access an application. If the application is SaaS-based, the ADC can validate a user’s identity using an on-premises active directory data store that eliminates the need to store credentials in the cloud. Not only is this process more secure, but it also enhances the user experience by providing single sign-on capabilities across multiple applications.
The ADC can act as a SAML agent, authorizing users via any data stores where their identity can be confirmed. Some applications allow the use of credentials from sites such as Facebook or Google to validate identity before granting access. ADCs can act as a SAML identity or service provider in this respect.
Distributed denial-of-service (DDoS) attacks have become rampant. Enterprise web properties, specifically, are being targeted with the intent of overwhelming their servers and disrupting their ability to conduct business. When an unusually massive surge of inbound requests occurs, the ADC can throttle these requests and minimize the amount of available bandwidth they consume or reject the request entirely.
These were traditionally only available as standalone solutions. Application firewalls can inspect data packet headers for suspicious content or malicious scripts that may not be detected by network firewall.
When an ADC is placed in “learning” mode, it can analyze traffic to determine usage patterns that signify normal behavior. If a malicious inbound request is sent, for example, using SQL injection or cross-site scripting, it will automatically flag that request and block it. It can also employ signature-based protection via integration with third- party security providers such as Qualys. Combining these protection methods allows the ADC to use a comprehensive hybrid security model for applications and users.
ADCs already provide tremendous value to IT organizations ensuring the secure delivery of applications and data to the user. However, they are expected to continue advancing as applications evolve. Software-defined networking (SDN) has placed increased demands on application delivery controllers to function “as a service.” As network protocols become more application centric, ADCs must also adapt and become more “self-automated” to provide seamless optimization and protection for every type of application.
Citrix ADC goes beyond load balancing to provide holistic visibility across multi-cloud, allowing companies to more effectively manage and monitor application health, security, and performance.