Home Sponsored Announcements Ten tips for selecting the ideal application delivery controller

Ten tips for selecting the ideal application delivery controller

By Greg Barnes, Managing Director ANZ, A10 Networks

The new generation of high-performance generation application delivery controllers (ADCs) enable an organisation’s applications to be highly available, accelerated and secure. The best are capable of delivering extremely high scalability, advanced networking features, flexible deployment options and low total cost of ownership.

Their operational simplicity and predictability can empower IT professionals with the right solutions to focus on key business goals instead of complex vendor restrictions and platform deficiencies. The top ten qualities of an optimum ADC follow:

1.  Operating system performance

An advanced operating system will deliver competitive advantage by enabling faster performance in a more compact form factor, green networking through less power per unit to deliver superior performance, plus space and energy savings.

Look for scalable symmetrical multi-core processing (SSMP) architecture that features a 64-bit operating multi-core system with a high-speed shared memory architecture for maximum efficiency. This will ensure an efficient, linear and decoupled architecture that eliminates inefficient inter-process communication (IPC). It will enable hardware to deliver more performance and to scale up, providing efficient and highly reliable systems at lower costs.

2.  High SSL performance

An ADC capable of delivering fast SSL performance can satisfy the most demanding data centre performance and SSL offload requirements. De facto performance parity between essential 2048-bit keys and 1024-bit encryption keys will deliver a competitive advantage, while dedicated SSL acceleration hardware using new generation security processors will yield impressive performance gains. The performance parity between 1024-bit and 2048-bit keys in the new processors will be dramatic. Such appliances can easily handle SSL traffic encrypted with 4096-bit keys.

3.  Application delivery and security

The next generation of application delivery solutions allow organisations to consolidate functionality and eliminate multiple costly point products. They also reduce overall network latency with fewer devices and network hops, and extend the life of existing equipment with feature and traffic offloads.

In the 1990s, load balancers began to incorporate features like acceleration, caching and compression, and a new category called ADCs emerged. These have become an essential part of application deployments, improving application scale and performance and maximising uptime.

The most advanced are capable of resolving availability, acceleration and security challenges. SSL intercept features improve security and visibility by leveraging security processors in the ADC appliances to decrypt outbound traffic, send unencrypted data to security devices for inspection, and then re-encrypt traffic and forward it to the end user. Such ADCs provide a more secure networking environment by enabling third-party security devices to inspect encrypted content.

Advanced ADCs can also circumvent problems of IP address scarcity. Since IPv6 is not backwards compatible with IPv4, organisations are obliged to support legacy IPv4 servers and devices concurrently with IPv6. Certain ADCs include IPv6 to IPv4 server load balancing-protocol translation (SLB-PT ) capabilities that enable IPv6 networks.

Also check that an ADC can provide application features that meet data centre challenges: server load balancing (SLB), global server load balancing (GSLB), application delivery partitions (ADPs) for multi-tenancy with virtualisation, web application firewall (WAF), DDoS protection, application access management (AAM), SSL Intercept (SI)  — all on a common platform and a common interface.

A good ADC will enhance existing networks with the power to extend the life of equipment. Deploying ADC optimisation for Web servers or offloading high volume DDoS attacks from security devices helps to delay costly equipment refresh cycles. An ADC with comprehensive features will eliminate point products, minimise latency and extend the life of network technologies, enabling IT departments to reduce hardware and operating costs.

4.  All-inclusive licensing

Beware of ADCs that require a licence to unlock functionality. Instead, seek one that will enable all features and deliver unrestricted performance in hardware appliances. This approach reduces cost, provides predictable OPEX and CAPEX, enables flexibility by allowing the switching of any unit at any time, and supports instant new feature deployment.

For large enterprises and service providers, deployment flexibility is essential. For instance, if an additional appliance needs to be brought online at once to replace or supplement a current appliance, a licence mismatch can force all units to default to a lower capability level or even fail altogether. No harried IT professional needs another license quagmire to navigate, especially while battling a network outage.

5.  Security and DDoS protection

Deployed at the network edge, in front of critical applications, an ADC is ideally located to protect applications from attacks. So leading ADC’s include as standard a WAF and DDoS protection capabilities, which offer the following benefits:

  Consolidation of multiple security functions in one solution 

  Flexible Traffic Accelerator (FTA) technology and dedicated security processors, available in select hardware models to provide the highest level of performance and application protection available

  All-inclusive licensing that does not double customers’ purchase and support costs

Look for an ADC that comes standard with multiple advanced security features, including WAF, DNS Application Firewall (DAF), next-generation DDoS protection, AAM, SI and more.

The best ADCs consolidate these features into a single appliance and provide extremely high performance per rack unit.  With many DDoS attacks today exceeding 10 and even 100 Gbps, DDoS security defences must support high connection processing rates. The best-performing ADCs include features such as SI and DAF for SSL inspection and DNS protection, and have a track record of expanding pro-active protection needed as new cyber threats and challenges emerge.

6.  Cloud services architecture

As businesses turn to cloud computing to lower costs and accelerate application deployment, their networks need to be robust and flexible to match rising user demands. Cloud services architecture can enable advanced L4-L7 services, improving agility and reducing infrastructure costs, and integrating seamlessly with cloud networking technologies.  Look for an ADC that offers:

  Virtual Extensible LAN (VXLAN) and Network Virtualization support, using Generic Routing Encapsulation (NVGRE) with high-performance hardware appliances.

  Scale out application delivery on demand with virtual appliances.

  Pay-as-you-go pricing.

  Eliminate manual configuration of services and enforce application networking and security policies through Software Defined Networking (SDN) integration.

  Automate provisioning and management with cloud orchestration technologies like Microsoft SCVMM, OpenStack, and VMware vCloud Director Organizations benefit from the agility and low total cost of ownership.

7.  Superior hardware design

Choose an ADC that is available on a range of hardware and software appliances suits any deployment need, and seek a vendor with a strong reputation for delivering scalable and highly resilient solutions. In particular, look for:

  Best-in-class hardware with high density 1/10 Gbps, 40 Gbps or 100 Gbps port options, no inaccessible moving parts and compact form factors.

  FTA technology, which offers scalable flow distribution and high-performance DDoS protection .

  Dedicated security processors in select models for high SSL throughput.

  Unrivalled performance per rack unit.

Precision appliances are packed with smart design choices and extra features enabled by hardware. Each unit should be designed to fit unique market needs with increasing hardware advantages for each specific model.

8. Virtualisation

Today’s networks require virtualisation for device consolidation and agility, so an ADC should deliver a comprehensive solution for virtualised data centres.  This should include multiple options with a common user interface, and support for leading hypervisors, cloud solutions, virtualised hardware solutions and virtual clustering. Look for high performance software ADCs with the highest multi-tenancy machine density and no additional licensing per feature.

An ADC that supports hypervisors such as VMware ESXi, Microsoft Hyper-V, KVM and XenServer, in addition to cloud services like Amazon, EC2 and VPC, will deliver the flexibility to deploy anywhere and in any environment.

For organisations requiring virtualised hardware solutions, an ADC should offer a selection of hypervisor-powered appliances with virtual machines for isolation, or the very popular Application Delivery Partitions (ADPs). 

9.  Flexible Scripting

Scripting enables flexibility for management and for traffic transformation. Powerful TCL-based aFleX® L4-L7 traffic scripting enables easy migration from alternative application delivery controllers, while advanced L7 aFleX scripting extends beyond HTTP to include DNS, RADIUS, SIP and more. A rich aXAPI will allow custom management and third-party integration.

In some ADCs, traffic scripting can be a missing feature or can be too complicated to manage. Others resolve this issue with TCL-based scripting that is well documented and supported with an online community which includes a host of members to lend assistance and offer numerous examples.

However, the biggest aFleX advantage is that any TCL-based script can be converted easily to aFleX, as it is also TCL-based, unlike many smaller vendors’ solutions that use proprietary solutions. Another notable aFleX advantage is multi-protocol fluency, with understanding of DNS, SIP, RADIUS and many more protocols. To round out the ensemble of scripting choices, seek aXAPI for comprehensive custom management support, to enable both traffic control and more extensive integration with cloud services architecture.

10.  High-touch support

Finally high-touch support and customer service must be fundamental to an ADC vendor’s core value. With field teams around the world to help locally, as well as a large support team at headquarters, the ideal ADC vendor will deliver a fast-track to its engineers when needed. To assist global customers further, local language support must be provided, with Basic aFleX scripting support offered as standard.


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?