- What is ADC and Load Balancer system.
- What the difference between Forward Proxy vs Reverse Proxy.
- What the difference between Load Balancer vs Application Delivery Control.
- What are the other Application Delivery Control common features.
- Who are the ADC known manufacturers.
Understanding the fundamentals of Application Delivery Control (ADC)
What is ADC and Load Balancer system
Application Delivery Control or ADC are the modern day Server load balancer or server reverse proxy. Straight forward ADC is implemented when an organization needed to balance access over multiple servers as its primary objective. The Load balancer or Application delivery control assure that applications are always accessible while maintaining security at the same time. Organization with less server or with none high-availability requirements may not appreciate the ADC technology but as soon as users grows and demand for servers uptime grows, the demand for ADC becomes a necessity.
Forward Proxy vs Reverse Proxy
Proxies terminology are always associated with load balancing solution and may always be confusing. Proxy on a basic sense means to act in behalf of another. We place proxy mostly because we needed security or/and scalability. For anyone doing network management the NAT concept in a way similar, where in, in NAT you set one public IP address to be translated to local private address and vice-versa making the private LAN secured and with lesser public IP allocation.
The common proxy typically associated with server access are forward proxy, reverse proxy
Forward proxy is a proxy coming from users trying to hide its traffic as he access an application or server. Forward proxy may be implemented strategically by the system/network admin on the network for security. Forward proxy may be also use by user with intent to bypass network policy hiding there credential and traffic as they access restricted destination servers or URL. This type of proxy is not what being use is the load balancing we slightly discuss just for clarification.
Reverse Proxy is exact opposite of the forward proxy. While forward proxy is coming from the users accessing the application, the reverse-proxy on the other hand is for servers. Reverse proxy is one of the basic function of a ADC. Load balancer with a reverse proxy act in behalf of the server, meaning the url or IP address accessible from the users are in fact just the reverse proxy IP address and not the actual servers them-self. A load balance functioning as reverse proxy also serves multiple servers with different applications or server cluster
Since Load balancer typically handles a lot of load from both in user and server in a multiple clusters. It should be noted that correct load balancer or ADC capacity be put into consideration.
Load Balancer vs Application Delivery Control
Prior to the development of today’s ADC it was previously referred to as “load balancer”. Though lot of people still call reverse proxy function on servers as load balancer because the term load-balance perfectly describe the primary function of the ADC.
Historically Load balancing on servers started from DNS function correlation and translating a url query to a recorded IP address so as network can redirect the proper server destination, DNS basic load balancing was in a form load distribution only where in the DNS knows where to locate the physical server based on its IP address, but have no capability of checking if the destination server is properly operating. On this scenario, a user trying to access an application may be directed to a down server by the DNS.
Advancing from the DNS approach of load distribution, manufactures eventually created a true load balancer system that handles Layer 4 to Layer 7 traffic through a reverse-proxy. Load balance are aware of ports and protocols such as TCP, UPD, Http, SMTP, FTP for example, and routes them to the best destination server. Load balancer also creates a cluster of server, clustering formation makes higher application uptime possible since each server on a cluster provide same information users are trying to access. From the group of server in a cluster, the load balancer then select the best host server to handle the request.
Defining the best server to handle the request is made possible by load balancer’s algorithm feature back by intelligently monitoring the each of the server status, such as availability and resources available. This is now the fundamental setup of what a load balancer and ADC functions. Instead of just blindly distributing the traffic to server like the DNS server.
Initially, Load balancer may be implemented as ether software application or hardware appliance. As of today load balancer may also come as a Virtual machine or as cloud subscription services
ADC or Application Distribution Control should not be confuse with load balancer, ADC in fact still is a load balancer bundled with other additional features making the system more intelligent. ADC is the result of continues advancement of consolidated features over L4-L7 application routing technology.
With the implementation of ADC, it allows centralize control over the application and security, such as SSL certificate function for https, Centralize compression and caching. By this it is possible to offload processes that use to be handled by each servers hence freeing up server and network resources.
Other Application Delivery Control common features
As already discuss ADC fundamental features includes load balancer technology which cluster multiple server applications, Health monitor to check each servers status and reverse proxy, there are other ADC common additional features that are beneficial as well. Not All additional features may be the same as on each and every ADC brands. This features can be ether optional or included by default.
SSL Certificate – SSL Certificates add a sense of security especially if users’ needs to access the servers with intention of providing sensitive information and credentials like user accounts and online banking. By attaining SSL certification for servers this certifies the authenticity of the hosting server by binding a digital cryptographic key to organizations details. SSL protect from possible phishing attack on the user, such as impersonating the legit host. Implementing SSL certificates means encrypting the traffic, by having each server encrypt its traffic it adds more load over server resources. As SSL user access grow in number the performance of the server will eventually be felt.
ADC offers the SSL feature to offload the SSL certification from each server to the ADC, freeing the server resources for better, faster user experience. By the time the traffic pass the ADC in the datacenter, all traffic reaching the actual servers are now regular un-encrypted traffic
Data compression and caching – For faster server access data returning to the users are prepared by the ADC in a compress format as the same traffic reaching back the users, the standard browser are able to decompress the received data. Caching the date on the ADC also assist to smooth user access as server are required less utilization. Caching however may defer per brand as data may be cache on ether the ADC’s RAM memory raw limit or hard disk space.
DDOS protection – DDOS or Distributed-Denial-Of-Services, where in attackers intentionally overwhelm the capacity of the server to provide services. DDOS attacks disrupts the operation such that applications are no longer available for legit users. Having DDOS protection can however monitor and mitigate the massive amount of traffic to still allocate sufficient resources for regular operations during time of attack allowing continues availability and business continuity. Aside from being part of ADC feature, DDOS protection can be part of an external dedicated security appliance or cloud subscription.
Network consideration for ADC implementation
To prepare for ADC implementation, a proper information must be consider for correct ADC model and capacity selection.
- Total server throughput: To find, TOR switch nearest the server can be a good basis. Look for connection-per-seconds rating at pick time you may also consider adding buffer for possible future growth. If this information is not available, the safes basis can be the interface capacity of the TOR switch uplink (ex: 1G, 10G, 40G etc.) but note that if the uplink interface of the TOR switch is selected as the basis for capacity it will equate to a bigger (and more expensive) appliance model.
- Number of servers to be load balanced: how many servers will create a set of clusters
- load balancing over Multiple sites: Will it be for a single sites or will a DR (Disaster Recovery site be involve)
- HTTPS applications requirement: today webserver typically use SSL, if so SSL transaction persec at peak time will be needed?
- concurrent users visit at peak time
ADC known manufacturers
There are number of ADC / Load-Balancer manufacturer today, common names in the market usually are such as: F5, A10, Citrix, Brocade, Radware, Baracuda. There are more players on this market but the names mentioned have provide good ranking base upon Gartner recent report and visibility in the market in my own perspective.