/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsFinding a way to deliver secure, responsive, highly effective applications
over IP-based net works is one of the most challenging problems facing IT
managers. With the mix, scale and reach of applications skyrocketing, management
information systems today face an application delivery problem. And, it's no
small challenge.
With Web applications coming to play a very vital role in today's
transaction ecosystem, the Internet has become a critical aspect of business.
Web-based applications consume 10 times the throughput of their client-server
counterparts, slowing application response time down to a crawl. All users-corporate
staff, customers, suppliers and partners-must have access to business-critical
applications like customer relationship management (CRM) and supply chain
management (SCM). That access must be delivered over the Internet as well as the
corporate WAN. Rapid response time and effective security are essential.
Finally, any solution that can clear these hurdles can't break the IT budget.
This challenge is further complicated by the way enterprise application
issues are dealt with in the data center. The IT application staff thinks
performance problems are caused by the network, the networking staff, believes
that the same problems can be traced back to the application.
Actually, it's nobody's fault. The only effective way to support business
objectives is by considering the applications and the network together and
implementing a unified application delivery system. One must remember that any
solution must provide rapid response time and effective security, without
overburdening the IT budget.
Point products: imperfect solutions
Historically, IT managers have tried to solve application problems by
deploying an unsuitable mix of point products. This typically increases
management complexity, degrades application performance, and drives up costs.
What's more, point products often simply can't do the job or don't work
together. For instance, if application data is encrypted at the server for
end-to-end security, intermediate devices cannot inspect the packets. That
renders firewalls, load balancers, compression devices, caches and special
security appliances ineffective, if not useless.
Enterprise can look at an IP-enabled integrated application delivery system-one
which optimizes throughput, balances application requests based on priorities,
and provides multilayered security. More importantly, an integrated system
allows these capabilities to work in concert, rather than at cross-purposes.
How did IT professionals get into this fix in the first place? Point products
have proliferated because application delivery problems have been compounded as
applications have evolved to the Internet and beyond. IT addressed each
challenge in isolation as it emerged.
Initially, load balancers were created to solve the throughput problem
created by millions of connections to distributed Web servers. The trouble is,
load balancers are intended to ease back-end bottlenecks and have little, if
any, effect on end-user application performance. Next, traffic managers, which
are essentially glorified load balancers, were deployed. These devices switched
connections based on application layer and data headers. Finally, vendors began
adding encryption to their traffic managers.
At the same time, another set of security devices-firewalls, VPN (virtual
private network) appliances, SSL accelerators-were being rolled out in other
parts of the network. As noted earlier, this adds up to an unacceptable level of
complexity. In addition, these devices are often incompatible. For example,
traffic managers and application security devices can't peer into the
application layer headers of SSL-encrypted traffic.
Like other point products, compression devices have evolved with the changing
needs of IT managers. Initially, symmetric compression was implemented on both
sides of a WAN link (the transmitting end of the connection compressed the
traffic; the receiving end decompressed it). However, this scheme is feasible
only as long as the same devices are used at both ends of a link. And, that's
not really a problem when a single company or carrier owns the lineman-an
increasingly rare occurrence.
But the rise of extranets, remote access, Web applications such as portals
and e-commerce, and global networks make that kind of control impossible. The
asymmetrical nature of today's networks rules out symmetric compression.
And, asymmetrical compression? The only practical implementation in this
case, uses browser-compatible Gzip compression at the datacenter. Since
pre-compression is not possible with dynamic data and server-based compression
is too compute-intensive, IT administrators began using dedicated standalone
compression appliances. Once again, this is a far-from-perfect approach. It does
not work with server-encrypted data and network topologies where SSL
accelerators encrypt data before it's compressed. Also, compression appliances
only work with Web data; they can't handle files, client-server applications,
e-mail, and other multiprotocol data.
Streamlining the Systems
The best way to solve the problem is to make sure that a single system can
decrypt encrypted data streams, compress all application data, and encrypt it
before transmitting it over the Internet. For non-Web applications, data must be
decompressed on the client machine, before being presented to the requesting
applications.
Ideally, this integrated system also would be able to encrypt, compress, and
cache content, as well as ensure application availability via advanced
application switching capabilities such as interactive priority queuing.
Integration is always more cost-effective than proliferation. That's true
not just from the financial standpoint but from the management perspective as
well. In addition, a unified application delivery solution eliminates the
problem of point products working at cross-purposes. All the components act in
concert to achieve the desired result.
Today, having recognized this need, application delivery systems have become
just such a solution. They combine all the capabilities of conventional load
balancers, traffic managers, and remote access systems, while adding advanced
application-based functions. These systems integrate application optimization,
security, and switching into a single, seamless integrated solution that holds
down cost of ownership.
These systems today are geared up for optimization features which include
application-layer compression and caching. They deliver some of the industry's
fastest compression technologies and are capable of compressing all application
traffic to every user over all IP links. Both static and dynamic data caching
are provided.
The inbuilt security features ensure that all application traffic can be
encrypted end-to-end at wire speed protection against DoS (Denial of Service)
attacks, as well as application and network-level safeguards against flood
attacks. To complete its security arsenal, it performs intrusion filtering to
ward off worms and viruses.
Supporting the delivery of applications for any organization is perhaps the
most important service IT provides. Ensuring that the system is available
requires not only a stable application environment, but also a high performing
and secure method of distribution. Fortunately IP networking and the browser
have enabled the distribution; the real trick is ensuring performance to
end-users, while providing necessary security.
Rakesh Singh, General Manager, Asia Operations, NetScaler