10 critical requirements for optimizing application delivery · ... 10 critical requirements for...

10 Critical Requirements for Optimizing Application Delivery

eBook

A10 | 10 Critical Requirements for Optimizing Application Delivery | 2 |

Introduction

Generic load balancing using disparate networking and security products is insuffi cient

A rapidly accelerating number of complex Web 2.0 client requests for content is threatening to overwhelm your data center. Mobile users, e-commerce customers, offsite employees and remote cloud-based applications need assurance that the servers they access are constantly online. The information they seek must be received almost instantaneously. The communication links and applications themselves must be secure. You need a way to manage application delivery to ensure timely content availability and security at any scale.

The problem you face is that legacy solutions aren’t designed to handle any of these tasks very well, much less all of them. Attempting to work within such a framework is overly complicated and prohibitively expensive. It doesn’t scale, can’t provide the policy granularity to optimize delivery from today’s rich applications and services, and lacks the visibility to secure content and defend against multi-vector threats.

ADC


121213131 424254546464 7676585454845484846864648464 7876768676959579758595858987879787

1212212122212121213231312131212221223224232422223222424234344424242423434343242222422232343231513531315131343534363634645654546454464343634344464443434343634343434742427242454745446474642423242724232424647464454645474546454686464846488848484846868686464846484648464 969679767696767879787

676867696768676

Solving the problem requires next-generation solutions with advanced L4-L7 support, known as application delivery controllers (ADCs). ADCs fully integrate a broad array of modules to address extensive networking and security concerns tied to enterprise application delivery. Powerful multi-core designs enable processing at carrier grade rates, while deep packet inspection combined with delayed binding methods dramatically scale data center resources, speed server response times and stop hacker attacks in their tracks.

ADCs are deployed deep in the enterprise data center’s network, near the web and application servers. This is the ideal location to invoke intelligent traffi c management, ensure Service Level Agreements (SLAs) and protect key resources. ADCs with the following critical capabilities are the only way to optimize applications while keeping overall expenses at a minimum.

107107910979710797898108987879787107879787The ability to meet the following 10

capabilities should be a critical component of your selection criteria when evaluating ADCs.


Intelligent Traffic Management

A critical requirement of any data center is the need to manage all incoming requests for content. Queries must be fully inspected and forwarded to the appropriate server. If such intelligent traffic management is lacking user submissions may be needlessly redirected among the server farm. Application resources are overtaxed and unnecessary latency is added. IT is forced to duplicate application and database servers and curtail enhanced value added services.

ADCs provide visibility into inbound requests at the application layer and identify precisely how to optimally forward their packets. Advanced load-balancing algorithms, persistent connection methods and high capacity request multiplexing combine to accelerate response times. To prevent requests going to “dead servers,” customizable health checks are leveraged that ensure applications are functioning. This content switching method helps cut server farm needs in half when compared to rudimentary load balancers. ADCs also enable ‘premium’ services such as allowing select clients to be assigned higher powered servers for superior SLAs.

1

ADC

Problem

Solution


Global Load Balancing

Global organizations require localized data center operations to enable redundancy, business continuity, scalability and faster content distribution. But this creates operational and performance issues. Internet sessions may not be efficiently routed to the server farm best able to respond and this results in poor response times. If one site should fail, user requests may not be properly or transparently redirected to an alternate location.

An effective enterprise ADC deployment solves these problems through integrated Global Server Load Balancing (GSLB), enabling more intelligent traffic management and data center failover for reliable disaster recovery. Interconnected ADCs are continuously updated with relevant information about each individual node’s local content, optimal routing details and server status. Geographic and network proximity policy metrics help optimize multi-site deployments. Leveraging DNS Proxy or DNS Server methods further improve implementation flexibility and deployment simplicity.

2

Problem

Solution

Maintain worldwide operational integrity 24x7x365


Expedited Data Retrieval

Modern Web 2.0 applications employ a rich set of complex protocols with dozens of components underlying each webpage. These applications are often inefficiently designed, and when combined with the client to server WAN distances involved, result in delayed response times with curtailed user productivity. Without acceleration techniques to offset these limitations, the remote application will run slowly, if at all.

ADCs leverage a variety of capabilities to overcome communication latency and ensure a fast and responsive experience for maximum user satisfaction. Techniques include:

• Gzip compression to reduce transmission size by 3-5x for reduced bandwidth demands

• In-memory caching that eliminates backend server delays by storing frequently requested content

• Interoperability with advanced SPDY and HTTP/2 Internet standards

• Support for WAN optimization standards such as Selective Acknowledgment and Client keep-alive

$1.6

$

Billion

1Secondof webpage delay

per year

=Because of

Amazon could potentially lose up to

3

Problem

Solution

Source: GetElastic 2012


Application and Data Protection

Data centers are being breached at an alarming rate. Yet legacy security solutions such as traditional and next-generation firewalls, intrusion prevention systems and network access control no longer deliver adequate protection. Hackers employ zero-day malware, cross-site scripting, cookie poisoning, SQL injection and other methods to bypass traditional perimeter security solutions and exploit specific application vulnerabilities. And once the targeted applications are breached, they give attackers direct access to the underlying databases and their confidential data.

Enterprise ADCs protect against targeted and zero-day exploits using rapidly deployed, fully integrated Web Application Firewall (WAF) modules. ADC WAFs employ machine learning to profile expected application behavior and automatically generate configuration settings that augment user-defined security policies. This delivers advanced protection by leveraging session-aware protections with bi-directional inspection to block sophisticated session-based attacks, including HTML form field consistency, cookie tampering and tag-based cross-site request forgery.

4

Avg. cost associated to an hour of data center downtime.

$181,700Source: http://www.studyweb.com/outrageous-costs-data-center-downtime

Problem

Solution


Customized Policies by Application

When it comes to networking and security rules, one size rarely fits all. ADC policy configurations should be customized with granular rules that optimize traffic delivery tied to each of the functional modules in use (compression, caching, content switching and more). In addition, it is beneficial to dedicate a unique set of ADC policies for each application, service or class of user for a better user experience.

To support such fine-grained policies, the ADC platform must be capable of very high “instance density.” Effectively, one appliance is divided into numerous independent “sub ADCs” where each has its own set of policies. Now a given application, service or user can receive tailor-made processing to its own specifications. As hundreds of unique web-based applications and end-user classifications may be present, multi-tenant support should allow density levels that can exceed a thousand such instances.

5

Problem

Solution Expand one ADC into Hundreds at

No Charge!


Centralized Access Management and Single Sign-on

Authentication, Authorization, and Accounting (AAA) is a critical component in supporting online communications, validating both client and intended recipient identities. The growing volume of access requests creates the need to scale the AAA infrastructure; yet placing authentication software on every application server is not a practical approach.

ADCs are ideally located to manage multiple facets of AAA, because they process key portions of the authentication task to reduce the need for AAA servers. This eliminates separate authentication points, simplifies the network and provides a system-wide view. ADCs also support setting granular access policies by application.

For a streamlined user experience, single sign-on (SSO) is critical, and the ADC must handle SAML assertions, other critical protocols and authentication methods, and be proven interoperable with multiple AAA servers.

6

SSO

Problem

Solution

Leverage

to secure web access while eliminating passwords for Cloud Apps

Single Sign-On


Multi-Level DDoS Protection

Distributed Denial of Service (DDoS) attacks have become widespread, targeting organizations of all sizes and in all industries. They overwhelm network resources and interrupt critical communications, eventually incapacitating a wide range of system resources for catastrophic effect. To protect servers and ensure content availability, ADCs with built-in high capacity DDoS prevention need to be deployed.

ADCs facilitate deep traffic visibility to spot anomalies across the traffic spectrum. They also protect against multiple classes of attack vectors, including volumetric, protocol and application-layer assaults. Protocol and application checks combined with authentication verify if client communications are valid, or if the traffic is scripted botnet traffic. In addition, a programmable policy engine allows customizable actions.

7

per hour

The Cost of DDoS Attacks is

Source: Ponemon 2015

Problem

Solution


Security for DNS Infrastructure

Nearly every aspect of Internet communications depends on DNS name resolution. Any interruption to the DNS infrastructure, like a Denial of Service (DoS) attack, can render critical network resources useless, disrupting operations and causing extensive fi nancial and reputational damage. Attackers can also hijack DNS servers by poisoning routing tables to redirect users to nefarious sites.

Enterprise ADCs with built-in DNS Application Firewalls (DAFs) protect your DNS infrastructure from a variety of threat vectors such as buffer overflows, malformed DNS requests and DDoS amplifi cation. Added DAF benefi ts include:

• DNSSEC pass-through to prevent DNS spoofi ng and cache poisoning

• Policy-based server load balancing with IP reputation and other blacklists to limit access to trusted sources

• DNS Server load balancing and caching to allow the ADC to scale resources as needed

• Unifi ed architecture that reduces infrastructure requirements and operating overhead

8

Most firewalls leave port 53 open, which is used for DNS queries

PORT 53

Problem

Solution


Support for Software Defi ned Data Centers

Networking environments have a large scale, shared infrastructure, yet the architecture is typically static. When IT provisions a new application or increases network capacity, they usually need to reconfi gure and or update their policies to deploy the application or add additional capacity. The network doesn’t have the ability to automatically change traffi c flows or scale on demand. Software Defi ned Networks (SDN) help solve these concerns by dynamically provisioning networking infrastructure to optimize resource use, adapt throughput needs, and performing traffi c engineering with an end-to-end view of the network. To get the most out of SDN, IT needs to deploy networking and security services that have the requisite app visibility.

ADCs help realize the goal of a dynamic “app aware” network with advanced capabilities. These appliances provide a top level blueprint that is both user and application centric. SDN enables administrators to leverage service insertion and service chaining to dynamically steer traffi c flows through a sequence of physical or virtual ADCs with L4-L7 services.

9

SDNController

Problem

Solution

ADCs work hand in hand with SDN controllers to realize an ‘application aware’ dynamic data center


Cloud-Friendly Deployment

Modern data centers are undergoing a revolutionary shift. Legacy IT operations have been bound within one or more locations all under the auspices of one private overarching control center. Going forward, compute resources, networking and storage are evolving to take advantage of the flexibility, lower cost and scalability of cloud computing. Whether the cloud is fully private, public or hybrid in nature, the various elements of IT operations must be able to adapt. The networking and security services afforded by modern ADCs must similarly be capable of operating in these environments.

Organizations are moving to leverage cloud services by using them for DevOps and through offloading some or all of their IT infrastructure. With cloud services such as Amazon AWS and Microsoft Azure growing in stature, the same ADC capabilities of a locally installed physical, virtual or multi-tenant appliance must be able to run as a virtual appliance in these and other cloud scenarios.

10

FlexibilityLower Cost Scalable

Problem

Solution


Conclusion

To get the best out of your IT infrastructure means deploying advanced services offered by an ADC with these ten critical criteria. Relying on a system that doesn’t measure up to these requirements means you are likely to come up short on delivering requested content in a timely manner with appropriate security. It could mean loss of business and reputation. It could mean costly server sprawl. It could mean a massive security rupture. It could mean your job is on the line.

A10 Networks’ line of Application Delivery Controllers provide you with a fully integrated networking and security solution that supports all these ‘Top Ten’ capabilities and much more. They are available in a broad array of scalable platforms and form factors for any environment.

A10 ADCs allow your organization to:

• Insure server availability through intelligent traffi c management on a local and global scale

• Accelerate content delivery and make applications appear to run locally regardless of location

• Protect network resources against multi-variant attacks aimed at web, applications and DNS servers

• Support data center transformations including shifts to SDN and cloud-based infrastructures

If your IT operations

fall short,

you could suffer

a catastrophic

network outage or

security breach.

10 Critical Requirements for Optimizing Application Delivery

To learn more visit a10networks.com/adc

©2016 A10 Networks, Inc. All rights reserved. The A10 logo, and A10 Networks are trademarks or registered trademarks of A10 Networks, Inc. in the United States and other countries. All other trademarks are property of their respective owners.

Part Number: A10-EB-14102-EN-01 April 2016

10 critical requirements for optimizing application delivery · ... 10 critical requirements for...

Documents