Delivering Apps Faster and Securely

DQI Bureau
New Update

Finding a way to deliver secure, responsive, highly effective applications

over IP-based net works is one of the most challenging problems facing IT

managers. With the mix, scale and reach of applications skyrocketing, management

information systems today face an application delivery problem. And, it's no

small challenge.


With Web applications coming to play a very vital role in today's

transaction ecosystem, the Internet has become a critical aspect of business.

Web-based applications consume 10 times the throughput of their client-server

counterparts, slowing application response time down to a crawl. All users-corporate

staff, customers, suppliers and partners-must have access to business-critical

applications like customer relationship management (CRM) and supply chain

management (SCM). That access must be delivered over the Internet as well as the

corporate WAN. Rapid response time and effective security are essential.

Finally, any solution that can clear these hurdles can't break the IT budget.

This challenge is further complicated by the way enterprise application

issues are dealt with in the data center. The IT application staff thinks

performance problems are caused by the network, the networking staff, believes

that the same problems can be traced back to the application.


Actually, it's nobody's fault. The only effective way to support business

objectives is by considering the applications and the network together and

implementing a unified application delivery system. One must remember that any

solution must provide rapid response time and effective security, without

overburdening the IT budget.

Point products: imperfect solutions

Historically, IT managers have tried to solve application problems by

deploying an unsuitable mix of point products. This typically increases

management complexity, degrades application performance, and drives up costs.

What's more, point products often simply can't do the job or don't work

together. For instance, if application data is encrypted at the server for

end-to-end security, intermediate devices cannot inspect the packets. That

renders firewalls, load balancers, compression devices, caches and special

security appliances ineffective, if not useless.

Enterprise can look at an IP-enabled integrated application delivery system-one

which optimizes throughput, balances application requests based on priorities,

and provides multilayered security. More importantly, an integrated system

allows these capabilities to work in concert, rather than at cross-purposes.


How did IT professionals get into this fix in the first place? Point products

have proliferated because application delivery problems have been compounded as

applications have evolved to the Internet and beyond. IT addressed each

challenge in isolation as it emerged.

Initially, load balancers were created to solve the throughput problem

created by millions of connections to distributed Web servers. The trouble is,

load balancers are intended to ease back-end bottlenecks and have little, if

any, effect on end-user application performance. Next, traffic managers, which

are essentially glorified load balancers, were deployed. These devices switched

connections based on application layer and data headers. Finally, vendors began

adding encryption to their traffic managers.

At the same time, another set of security devices-firewalls, VPN (virtual

private network) appliances, SSL accelerators-were being rolled out in other

parts of the network. As noted earlier, this adds up to an unacceptable level of

complexity. In addition, these devices are often incompatible. For example,

traffic managers and application security devices can't peer into the

application layer headers of SSL-encrypted traffic.


Like other point products, compression devices have evolved with the changing

needs of IT managers. Initially, symmetric compression was implemented on both

sides of a WAN link (the transmitting end of the connection compressed the

traffic; the receiving end decompressed it). However, this scheme is feasible

only as long as the same devices are used at both ends of a link. And, that's

not really a problem when a single company or carrier owns the lineman-an

increasingly rare occurrence.

But the rise of extranets, remote access, Web applications such as portals

and e-commerce, and global networks make that kind of control impossible. The

asymmetrical nature of today's networks rules out symmetric compression.

And, asymmetrical compression? The only practical implementation in this

case, uses browser-compatible Gzip compression at the datacenter. Since

pre-compression is not possible with dynamic data and server-based compression

is too compute-intensive, IT administrators began using dedicated standalone

compression appliances. Once again, this is a far-from-perfect approach. It does

not work with server-encrypted data and network topologies where SSL

accelerators encrypt data before it's compressed. Also, compression appliances

only work with Web data; they can't handle files, client-server applications,

e-mail, and other multiprotocol data.


Streamlining the Systems

The best way to solve the problem is to make sure that a single system can

decrypt encrypted data streams, compress all application data, and encrypt it

before transmitting it over the Internet. For non-Web applications, data must be

decompressed on the client machine, before being presented to the requesting


Ideally, this integrated system also would be able to encrypt, compress, and

cache content, as well as ensure application availability via advanced

application switching capabilities such as interactive priority queuing.

Integration is always more cost-effective than proliferation. That's true

not just from the financial standpoint but from the management perspective as

well. In addition, a unified application delivery solution eliminates the

problem of point products working at cross-purposes. All the components act in

concert to achieve the desired result.


Today, having recognized this need, application delivery systems have become

just such a solution. They combine all the capabilities of conventional load

balancers, traffic managers, and remote access systems, while adding advanced

application-based functions. These systems integrate application optimization,

security, and switching into a single, seamless integrated solution that holds

down cost of ownership.

These systems today are geared up for optimization features which include

application-layer compression and caching. They deliver some of the industry's

fastest compression technologies and are capable of compressing all application

traffic to every user over all IP links. Both static and dynamic data caching

are provided.

The inbuilt security features ensure that all application traffic can be

encrypted end-to-end at wire speed protection against DoS (Denial of Service)

attacks, as well as application and network-level safeguards against flood

attacks. To complete its security arsenal, it performs intrusion filtering to

ward off worms and viruses.

Supporting the delivery of applications for any organization is perhaps the

most important service IT provides. Ensuring that the system is available

requires not only a stable application environment, but also a high performing

and secure method of distribution. Fortunately IP networking and the browser

have enabled the distribution; the real trick is ensuring performance to

end-users, while providing necessary security.

Rakesh Singh, General Manager, Asia Operations, NetScaler