Companies such as F5 Networks and Citrix are known for providing Web application acceleration tools — sometimes called advanced platform application delivery controllers (ADCs) — that can speed data flow by sitting in front of a server farm and prioritizing traffic on the fly.
In the past, such tools handled simple load balancing, server health checks and taking faulty servers. Today, they’re high performance, specialized communication processors and they manage much more advanced load balancing. They also offload tasks from servers that don’t perform efficiently, as well as a host of other complex processes.
Joe Skorupa, research director at Gartner, says server operating systems were designed to execute business logic, but they do “a really bad job of setting up and tearing down the TCP/IP and SSL connections,” that are used for secure browser access. Their load balancing skills haven’t improved much over the years either.
But Web application accelerators can now do things like cache content so servers don’t have to do it, compress content on the fly and rewrite headers to improve security. For example, if you run Microsoft IIS on your Web server, you may want to rewrite all the headers going back out so that it looks as if you’re running an Apache server. Intruders will be surprised to find that their common IIS attack methods won’t work.
Today’s Web application accelerators can also give users special access, if desired, because they can recognize high priority users. Or, says Skorupa, an accelerator can see, based on the Web browser used, that someone is accessing an application from a handheld device, then route the traffic to a special server that has the data formatted specifically for the device.
Finally, you might have a full Web application firewall that blocks suspicious users. For example, inputs and the responses coming back might spotlight a user who is trying to access social security numbers. “Time to block him and shut him off,” says Skorupa.
In order to enable such features, application and network testing must take place to determine pain points. Also, a vendor must be chosen and a product selected. Then the technology has to be implemented. Within these steps there are many pitfalls, detailed here, along with suggestions on how to prevent them:
1 Get help
Tim Saylor, director of information services at Averitt Express of Cookeville, Tenn., says his company was surprised when it began receiving complaints from users about slowdowns on sites where Averitt allows customers to do online activity.
“We a little bit baffled, so we started measuring on a 24-hour period, just pinging the sites, and comparing them to many other sites in our industry and not. We were having some big delays,” says Saylor.
But the problems were not bandwidth-related, they were at the application layer. Averitt Express needed to load balance its servers so one wasn’t taking the full load. Instead, they wanted to spread that data over three or four servers.
Saylor says the biggest mistake the company made was trying to solve the problem on its own over several weeks. In the end, a solution from F5 Networks — the vendor sent an older demo box to prove it could solve the problem — was the answer.
“If we had had the knowledge to go to someone like that on the front end we could have determined the problems a lot sooner,” says Saylor.
His company, which specializes in freight transportation and logistics, has 8,300 active registered users and receives, at peak hours, over 30,000hits/hour. The cost for its load balancing solution was around US$40,000.
2 Change your mindset
Qualcomm, of San Diego, Calif., is in the process of implementing 16 to 18 pairs of load balancers, in this case Netscalers from Citrix, to replace its Cisco CSS (Content Services Switch) load balancers.
Irfan Siddiqui, staff engineer/manager at Qualcomm, says he thinks the biggest obstacle for an IT department in the same situation is to understand that accelerators are not like routers and switches, which just switch packets.
“[Load balancers] actually look at the packet and make an active decision, so you need a staff that understands these things, as opposed to [people] saying ‘You have the packet, I don’t care what you do with it.’ That mantra is no longer true.”
When the load balancers do SSL termination, for example, they are effectively taking application data that’s terminated on the network piece and relaying it back and forth between two different applications in the client. If staff are not used to collaboration, people start pointing fingers, saying, “‘I don’t know if this is not working because you deployed something.’
“You cannot live in silos and say ‘You do this, and I do this,’” says Siddiqui. “It doesn’t work.”
3 Rewriting apps
If you didn’t have the technology before, don’t be surprised if you find you have applications that were not meant to be load balanced. Your application owner(s) may have to go back to the drawing board and make changes.
4 Spread your hardware. And sometimes, even after an optimization of your network level, your applications just cannot be run over your WAN, explains Siddiqui. Applications that demand many small items be downloaded every time (via a browser) can make the customer experience extremely slow. It’s not because too much data is being pumped, but rather because it takes a long time to pump data across the continent or across the world.
Qualcomm’s accelerators now compress data so it can be sent more quickly, and handle caching that saves millions of round trips over its WAN. “Finally, we have data centres in different continents, because some applications cannot handle 200 milliseconds of latency. You have to replicate it locally.”
5 Plug security holes
Web application accelerators can improve Web security too, but not if you choose a model that’s missing important security features. Sanjay Uppal, vice president of product marketing at Citrix, adds that failing to write an application properly can be just as dangerous.
He says many years ago there were several doors on a network, including some obscure ones, which intruders could get through. Eventually all of those doors got closed, except something called the Web door — ports 80 and 43. Everybody knew those were the two doors to go through, but they had to be left open or legitimate users wouldn’t be able to access anything, he says.
“People used to get in, figure out how to talk to the application and attack the application itself. When that happened application layer attacks became a lot more prevalent.” As a result, if you want to improve your security, make sure you buy a model with a Web application firewall in it, so you can block such attacks.
6 Think bigger
According to Gartner’s Skorupa, the biggest mistake implementers of Web application accelerators make is to aim too low; they fail to take advantage of some of the rich features that could really help their applications run faster and please their mobile and/or outside users. One reason may be the costs, which vary wildly depending on what users are trying to achieve. Simple load balancing at the rate of tens of Mbits/sec can be achieved for less than $5,000. Extremely sophisticated communication processors (advanced platform ADCs) can run at 10 Gbits/sec — but cost up to $100,000 each, he says.
According to Skorupa, accelerators can reduce the CPU load on a server by as much as 80 per cent, or reduce the number of Web servers required by between 20 and 50 per cent (20 per cent being the norm). “Not only do you save on the servers, but think about the money you save on application licences, system administrators and in today’s world, the amount of power and cooling you no longer need.
7 Speed application development
Finally, don’t buy anything without first getting your application development and application management teams involved, says Skorupa. Why? “Because when the applications guys see what can go on here, they get really excited. It changes their world,” he says. Typically when a mistake is found in an application, someone must schedule the fix through application development, take it through QA and get it rolled out. It can take as long as 90 days. Using advanced platform ADCs, relatively simple but important changes can be implemented outbound and can, even with testing, be up and running in less than a week.
8 Pay to accelerate
Joe Hicks, product manager, F5 Networks, says a 1,000-employee enterprise might expect to pay about $50,000 for a Web acceleration solution, though he warns, it depends the features.
You might pay US$30,000 for equipment. He estimates maintenance costs would be about 17 per cent of the purchase price, and you’d have to add some padding for consulting fees — depending on whether you put it in and forget about it or whether you’re constantly tweaking it, Hicks says.
“So it’s 17 per cent times $30,000 — plus the $30,000 — plus four to 10 days of maintenance costs depending on the site. We have lots of folks like that, and they can get away with probably US$50,000 for a solution that will last them for five years.”