eBook
10 Critical Requirements for
Optimizing Application Delivery
Introduction
Generic load balancing using disparate networking and security
products is insufficient
A rapidly accelerating number of complex Web 2.0 client requests for content is threatening to
overwhelm your data center. Mobile users, e-commerce customers, offsite employees and remote
cloud-based applications need assurance that the servers they access are constantly online. The
information they seek must be received almost instantaneously. The communication links and
applications themselves must be secure. You need a way to manage application delivery to ensure
timely content availability and security at any scale.
The problem you face is that legacy solutions aren’t designed to handle any of these tasks very
well, much less all of them. Attempting to work within such a framework is overly complicated and
prohibitively expensive. It doesn’t scale, can’t provide the policy granularity to optimize delivery from
today’s rich applications and services, and lacks the visibility to secure content and defend against
multi-vector threats.
ADC
A10 | 10 Critical Requirements for Optimizing Application Delivery | 2 |
6
24 7
8
135910
123 8 9
7
4
56
Solving the problem requires next-generation solutions with advanced L4-L7 support, known as application
delivery controllers (ADCs). ADCs fully integrate a broad array of modules to address extensive networking
and security concerns tied to enterprise application delivery. Powerful multi-core designs enable processing at
carrier grade rates, while deep packet inspection combined with delayed binding methods dramatically scale
data center resources, speed server response times and stop hacker attacks in their tracks.
ADCs are deployed deep in the enterprise data center’s network, near the web and application servers. This is
the ideal location to invoke intelligent traffic management, ensure Service Level Agreements (SLAs) and protect
key resources. ADCs with the following critical capabilities are the only way to optimize applications while
keeping overall expenses at a minimum.
The ability to meet the following 10
capabilities should be a critical component of
your selection criteria when evaluating ADCs.
A10 | 10 Critical Requirements for Optimizing Application Delivery | 3 |
1
Intelligent Traffic Management
Problem
A critical requirement of any data center is the need to
manage all incoming requests for content. Queries must
be fully inspected and forwarded to the appropriate
server. If such intelligent traffic management is lacking
user submissions may be needlessly redirected among
the server farm. Application resources are overtaxed and
unnecessary latency is added. IT is forced to duplicate
application and database servers and curtail enhanced
value added services.
ADC
Solution
ADCs provide visibility into inbound requests at the
application layer and identify precisely how to optimally
forward their packets. Advanced load-balancing algorithms,
persistent connection methods and high capacity request
multiplexing combine to accelerate response times. To
prevent requests going to “dead servers,” customizable
health checks are leveraged that ensure applications are
functioning. This content switching method helps cut
server farm needs in half when compared to rudimentary
load balancers. ADCs also enable ‘premium’ services such
as allowing select clients to be assigned higher powered
servers for superior SLAs.
A10 | 10 Critical Requirements for Optimizing Application Delivery | 4 |
2
Global Load Balancing
Problem
Global organizations require localized data center
operations to enable redundancy, business continuity,
scalability and faster content distribution. But this creates
operational and performance issues. Internet sessions
may not be efficiently routed to the server farm best able
to respond and this results in poor response times. If
one site should fail, user requests may not be properly or
transparently redirected to an alternate location.
Solution
An effective enterprise ADC deployment solves these
problems through integrated Global Server Load Balancing
(GSLB), enabling more intelligent traffic management
and data center failover for reliable disaster recovery.
Interconnected ADCs are continuously updated with
relevant information about each individual node’s local
content, optimal routing details and server status.
Geographic and network proximity policy metrics help
optimize multi-site deployments. Leveraging DNS Proxy
or DNS Server methods further improve implementation
flexibility and deployment simplicity.
Maintain worldwide operational
integrity 24x7x365
A10 | 10 Critical Requirements for Optimizing Application Delivery | 5 |
3
Expedited Data Retrieval
=
Problem
Modern Web 2.0 applications employ a rich set of complex
protocols with dozens of components underlying each
webpage. These applications are often inefficiently
designed, and when combined with the client to server WAN
distances involved, result in delayed response times with
curtailed user productivity. Without acceleration techniques
to offset these limitations, the remote application will run
slowly, if at all.
Solution
ADCs leverage a variety of capabilities to overcome
communication latency and ensure a fast and responsive
experience for maximum user satisfaction. Techniques
include:
• Gzip compression to reduce transmission size by
3-5x for reduced bandwidth demands
• In-memory caching that eliminates backend server
delays by storing frequently requested content
• Interoperability with advanced SPDY and HTTP/2
Internet standards
• Support for WAN optimization standards such as
Selective Acknowledgment and Client keep-alive
1
Because of
$
Second
of webpage delay
Amazon could potentially lose up to
$1.6
Billion
per year
Source: GetElastic 2012
A10 | 10 Critical Requirements for Optimizing Application Delivery | 6 |
4
Application and Data Protection
Problem
Data centers are being breached at an alarming rate.
Yet legacy security solutions such as traditional and
next-generation firewalls, intrusion prevention systems
and network access control no longer deliver adequate
protection. Hackers employ zero-day malware, cross-site
scripting, cookie poisoning, SQL injection and other
methods to bypass traditional perimeter security solutions
and exploit specific application vulnerabilities. And once
the targeted applications are breached, they give attackers
direct access to the underlying databases and their
confidential data.
Solution
Enterprise ADCs protect against targeted and zero-day
exploits using rapidly deployed, fully integrated Web
Application Firewall (WAF) modules. ADC WAFs employ
machine learning to profile expected application behavior
and automatically generate configuration settings that
augment user-defined security policies. This delivers
advanced protection by leveraging session-aware
protections with bi-directional inspection to block
sophisticated session-based attacks, including HTML
form field consistency, cookie tampering and tag-based
cross-site request forgery.
$181,700
Avg. cost associated to an hour of
data center downtime.
Source: http://www.studyweb.com/outrageous-costs-data-center-downtime
A10 | 10 Critical Requirements for Optimizing Application Delivery | 7 |
5
Customized Policies by Application
Problem
When it comes to networking and security rules, one
size rarely fits all. ADC policy configurations should be
customized with granular rules that optimize traffic delivery
tied to each of the functional modules in use (compression,
caching, content switching and more). In addition, it is
beneficial to dedicate a unique set of ADC policies for
each application, service or class of user for a better user
experience.
Solution
To support such fine-grained policies, the ADC platform
must be capable of very high “instance density.” Effectively,
one appliance is divided into numerous independent “sub
ADCs” where each has its own set of policies. Now a
given application, service or user can receive tailor-made
processing to its own specifications. As hundreds of unique
web-based applications and end-user classifications may
be present, multi-tenant support should allow density levels
that can exceed a thousand such instances.
Expand one ADC
into Hundreds at
No Charge!
A10 | 10 Critical Requirements for Optimizing Application Delivery | 8 |
6
Centralized Access Management and
Single Sign-on
Problem
Authentication, Authorization, and Accounting (AAA) is a
critical component in supporting online communications,
validating both client and intended recipient identities. The
growing volume of access requests creates the need to
scale the AAA infrastructure; yet placing authentication
software on every application server is not a practical
approach.
Solution
ADCs are ideally located to manage multiple facets of AAA,
because they process key portions of the authentication
task to reduce the need for AAA servers. This eliminates
separate authentication points, simplifies the network and
provides a system-wide view. ADCs also support setting
granular access policies by application.
For a streamlined user experience, single sign-on (SSO) is
critical, and the ADC must handle SAML assertions, other
critical protocols and authentication methods, and be
proven interoperable with multiple AAA servers.
SSO
Leverage
Single Sign-On
to secure web access while eliminating
passwords for Cloud Apps
A10 | 10 Critical Requirements for Optimizing Application Delivery | 9 |
7
Multi-Level DDoS Protection
Problem
Distributed Denial of Service (DDoS) attacks have become
widespread, targeting organizations of all sizes and in
all industries. They overwhelm network resources and
interrupt critical communications, eventually incapacitating
a wide range of system resources for catastrophic effect.
To protect servers and ensure content availability, ADCs
with built-in high capacity DDoS prevention need to be
deployed.
The Cost of DDoS Attacks is
Solution
ADCs facilitate deep traffic visibility to spot anomalies
across the traffic spectrum. They also protect against
multiple classes of attack vectors, including volumetric,
protocol and application-layer assaults. Protocol and
application checks combined with authentication verify if
client communications are valid, or if the traffic is scripted
botnet traffic. In addition, a programmable policy engine
allows customizable actions.
per hour
Source: Ponemon 2015
A10 | 10 Critical Requirements for Optimizing Application Delivery | 10 |
8
Security for DNS Infrastructure
Problem
Nearly every aspect of Internet communications depends
on DNS name resolution. Any interruption to the DNS
infrastructure, like a Denial of Service (DoS) attack, can
render critical network resources useless, disrupting
operations and causing extensive financial and reputational
damage. Attackers can also hijack DNS servers by
poisoning routing tables to redirect users to nefarious sites.
Solution
Enterprise ADCs with built-in DNS Application Firewalls
(DAFs) protect your DNS infrastructure from a variety of
threat vectors such as buffer overflows, malformed DNS
requests and DDoS amplification. Added DAF benefits
include:
• DNSSEC pass-through to prevent DNS spoofing and
cache poisoning
• Policy-based server load balancing with IP
reputation and other blacklists to limit access to
trusted sources
PORT 53
Most firewalls leave port 53 open,
which is used for DNS queries
• DNS Server load balancing and caching to allow the
ADC to scale resources as needed
• Unified architecture that reduces infrastructure
requirements and operating overhead
A10 | 10 Critical Requirements for Optimizing Application Delivery | 11 |
9
Support for Software Deļ¬ned
Data Centers
Problem
Networking environments have a large scale, shared
infrastructure, yet the architecture is typically static.
When IT provisions a new application or increases
network capacity, they usually need to reconfigure and
or update their policies to deploy the application or
add additional capacity. The network doesn’t have the
ability to automatically change traffic flows or scale on
demand. Software Defined Networks (SDN) help solve
these concerns by dynamically provisioning networking
infrastructure to optimize resource use, adapt throughput
needs, and performing traffic engineering with an
end-to-end view of the network. To get the most out of SDN,
IT needs to deploy networking and security services that
have the requisite app visibility.
SD N
Controller
Solution
ADCs help realize the goal of a dynamic “app aware”
network with advanced capabilities. These appliances
provide a top level blueprint that is both user and
application centric. SDN enables administrators to leverage
service insertion and service chaining to dynamically steer
traffic flows through a sequence of physical or virtual ADCs
ADCs work hand in hand with SDN controllers to realize an
‘application aware’ dynamic data center
with L4-L7 services.
A10 | 10 Critical Requirements for Optimizing Application Delivery | 12 |
10
Cloud-Friendly Deployment
Problem
Modern data centers are undergoing a revolutionary shift.
Legacy IT operations have been bound within one or more
locations all under the auspices of one private overarching
control center. Going forward, compute resources,
networking and storage are evolving to take advantage of
the flexibility, lower cost and scalability of cloud computing.
Whether the cloud is fully private, public or hybrid in nature,
the various elements of IT operations must be able to
adapt. The networking and security services afforded by
modern ADCs must similarly be capable of operating in
these environments.
Solution
Organizations are moving to leverage cloud services by
using them for DevOps and through offloading some or
all of their IT infrastructure. With cloud services such as
Amazon AWS and Microsoft Azure growing in stature, the
same ADC capabilities of a locally installed physical, virtual
or multi-tenant appliance must be able to run as a virtual
appliance in these and other cloud scenarios.
Lower Cost
Scalable
Flexibility
A10 | 10 Critical Requirements for Optimizing Application Delivery | 13 |
Conclusion
If your IT operations
fall short,
you could suffer
a catastrophic
network outage or
security breach.
To get the best out of your IT infrastructure means deploying advanced services offered by an ADC with
these ten critical criteria. Relying on a system that doesn’t measure up to these requirements means
you are likely to come up short on delivering requested content in a timely manner with appropriate
security. It could mean loss of business and reputation. It could mean costly server sprawl. It could
mean a massive security rupture. It could mean your job is on the line.
A10 Networks’ line of Application Delivery Controllers provide you with a fully integrated networking and
security solution that supports all these ‘Top Ten’ capabilities and much more. They are available in a
broad array of scalable platforms and form factors for any environment.
A10 ADCs allow your organization to:
• Insure server availability through intelligent traffic management on a local and global scale
• Accelerate content delivery and make applications appear to run locally regardless of location
• Protect network resources against multi-variant attacks aimed at web, applications and DNS
servers
• Support data center transformations including shifts to SDN and cloud-based infrastructures
A10 | 10 Critical Requirements for Optimizing Application Delivery | 14 |
To learn more visit a10networks.com/adc
©2016 A10 Networks, Inc. All rights reserved. The A10 logo, and A10 Networks are trademarks or registered trademarks of A10 Networks, Inc. in the United States and other countries.
All other trademarks are property of their respective owners.
Part Number: A10-EB-14102-EN-01
April 2016
10 Critical Requirements for Optimizing Application Delivery
