Application delivery controller

Last updated

An application delivery controller (ADC) is a computer network device in a datacenter, often part of an application delivery network (ADN), that helps perform common tasks, such as those done by web accelerators to remove load from the web servers themselves. Many also provide load balancing. ADCs are often placed in the DMZ, between the outer firewall or router and a web farm.[ citation needed ]

Contents

Features

An Application Delivery Controller (ADC) is a type of server that provides a variety of services designed to optimize the distribution of load being handled by backend content servers. An ADC directs web request traffic to optimal data sources in order to remove unnecessary load from web servers. To accomplish this, an ADC includes many OSI layer 3-7 services, including load-balancing.

ADCs are intended to be deployed within the DMZ of a computer server cluster hosting web applications and/or services. In this sense, an ADC can be envisioned as a drop-in load balancer replacement. But that is where the similarities end. When an ADC receives a web request from an external host, it enacts the following process (assuming all features exist and are enabled):

  1. Serve as TLS endpoint for the cluster and decrypt incoming requests (HTTPS-only).
  2. Examine the Request URI and determine the type of resource being requested.
  3. Verify that the entity making the request is authorized to access the given URI.
  4. Perform any URI translation, if applicable.
  5. Lookup the pool of hosts associated with that resource type (e.g. image, stylesheet, HTML, etc).
  6. In the case of login requests, the request may be translated, rather than simply forwarded, to an instance within a pool of authentication servers.
  7. In the case of static objects, the ADC may serve the object directly from its own internal cache or direct it to a dedicated static object repository.
  8. Maintain a table describing the health of the servers in every pool via one of several methods (e.g. average response time).
  9. Forward the request to the server within the target pool with the best health score.

Features commonly found in ADCs include:

In the context of Telco infrastructure, an ADC could provide access control services for a Gi-LAN area.

History

Starting around 2004, first generation ADCs offered simple application acceleration and load balancing.[ citation needed ]

In 2006, ADCs began to mature when they began featuring advanced applications services such as compression, caching, connection multiplexing, traffic shaping, application layer security, SSL offload, and content switching, combined with services like server load balancing in an integrated services framework that optimized and secured business critical application flows.[ citation needed ]

By 2007, application acceleration products were available from many companies. [1]

Until leaving the market in 2012, Cisco Systems offered application delivery controllers. Market leaders like F5 Networks, Radware, and Citrix had been gaining market share from Cisco in previous years. [2]

The ADC market segment became fragmented into two general areas: 1) general network optimization; and 2) application/framework specific optimization. Both types of devices improve performance, but the latter is usually more aware of optimization strategies that work best with a particular application framework, focusing on ASP.NET or AJAX applications, for example. [3] [4]

See also

Related Research Articles

<span class="mw-page-title-main">HTTPS</span> Extension of the HTTP communications protocol to support TLS encryption

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

<span class="mw-page-title-main">Load balancing (computing)</span> Set of techniques to improve the distribution of workloads across multiple computing resources

In computing, load balancing is the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle.

<span class="mw-page-title-main">Proxy server</span> Computer server that makes and receives requests on behalf of a user

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.

<span class="mw-page-title-main">Application firewall</span> Layer 7/application layer network security system

An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The application firewall can control communications up to the application layer of the OSI model, which is the highest operating layer, and where it gets its name. The two primary categories of application firewalls are network-based and host-based.

lighttpd

lighttpd is an open-source web server optimized for speed-critical environments while remaining standards-compliant, secure and flexible. It was originally written by Jan Kneschke as a proof-of-concept of the c10k problem – how to handle 10,000 connections in parallel on one server, but has gained worldwide popularity. Its name is a portmanteau of "light" and "httpd".

Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP or SCTP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel.

<span class="mw-page-title-main">Reverse proxy</span> Type of proxy server

In computer networks, a reverse proxy is the application that sits in front of back-end applications and forwards client requests to those applications. Reverse proxies help increase scalability, performance, resilience and security. The resources returned to the client appear as if they originated from the web server itself.

Barracuda Networks, Inc. is a company providing security, networking and storage products based on network appliances and cloud services. The company's security products include products for protection against email, web surfing, web hackers and instant messaging threats such as spam, spyware, trojans, and viruses. The company's networking and storage products include web filtering, load balancing, application delivery controllers, message archiving, NG firewalls, backup services and data protection.

Crescendo Networks, Ltd. was a privately held computer networking company headquartered in Sunnyvale, California with regional offices in EMEA and APAC. Crescendo Networks is not to be confused with Crescendo Communications, Inc. a CDDI/FDDI network equipment manufacturer that Cisco Systems Inc. acquired in 1993.

An application delivery network (ADN) is a suite of technologies that, when deployed together, provide availability, security, visibility, and acceleration for Internet applications such as websites. ADN components provide supporting functionality that enables website content to be delivered to visitors and other users of that website, in a fast, secure, and reliable way.

Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The software was created by Igor Sysoev and publicly released in 2004. Nginx is free and open-source software, released under the terms of the 2-clause BSD license. A large fraction of web servers use Nginx, often as a load balancer.

OpenConnect is an open-source software application for connecting to virtual private networks (VPN), which implement secure point-to-point connections.

Dynamic Site Acceleration (DSA) is a group of technologies which make the delivery of dynamic websites more efficient. Manufacturers of application delivery controllers and content delivery networks (CDNs) use a host of techniques to accelerate dynamic sites, including:

Array Networks is an American networking hardware company. It sells network traffic encryption tools.

NetScaler is a line of networking products owned by Cloud Software Group. The products consist of NetScaler, an application delivery controller (ADC), NetScaler AppFirewall, an application firewall, NetScaler Unified Gateway, NetScaler Management & Analytics System, and NetScaler SD-WAN, which provides software-defined wide-area networking management. NetScaler was initially developed in 1997 by Michel K Susai and acquired by Citrix in 2005. Citrix consolidated all of its networking products under the NetScaler brand in 2016.

<span class="mw-page-title-main">Snapt Inc.</span> American software company

Snapt Inc. was a software company that provides load balancing, acceleration, security and caching for websites, applications and services. Snapt shut down in August, 2022

References

  1. Bednarz, Ann (2007-07-03). "Gear makers bundle network optimization features". Network World. Retrieved 2013-05-26.
  2. Burt, Jeffrey (2012-09-20). "Cisco Ending ADC Business, Ceding Market to F5, Citrix, Riverbed –". eweek.com. Retrieved 2013-06-27.
  3. Kerner, Sean Michael (2008-05-01). "Applications And Networks Need to Unite". InternetNews.com. Archived from the original on 2008-05-05. Retrieved 2013-05-26.
  4. Edgenexus Limited (2022). Edgenexus load balancers and Application. Retrieved from https://www.edgenexus.io/.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.