3/7/2018 A Guide to Application Delivery Controller (ADC) Solutions

tI
.
REAL-WORLD BUSINESS TECHNOLOGY
SEARCH TOM'S IT PRO E

Cloud Computing Certifications Storage Information Security Windows Mobility Big Data Data Center Networking

Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you
click on links. Learn more.

Limited-time Deal: 3 Extra Months for

Top 10 Best VPN Free. Stop Searching & Start Using a
2018 VPN.

Tom's IT Pro Networking Networking Feature

A Guide to Application Delivery Controller (ADC) Solutions

By Sean Wilkins JANUARY 27, 2015 9:01 AM

1. ADC Features And Functionalities i f g Subscribe

Don't miss each week's most important
With today's Application Delivery Controllers, load balancers are a thing of the past. Here are technology trends, insights and decision-
making advice, right in your inbox.
the main features, functionalities, and differentiating factors that you'll find in modern ADCs
as well as the top six ADCs compared. SIGN UP NOW

One thing is for sure, the old school application load balancers of the past are gone and have been
replaced by much more sophisticated Application Delivery Controllers (ADC). The modern ADCs are
not only capable of performing basic application load balancing functions but are also able to provide
a number of additional features which make the user application experience as seamless and
optimized as possible.

Let's take a look at the major functionality areas that are built into almost all of the newer ADC
platforms, along with what they offer to the information provider and the information receiver.
Networking
g See all articles in Networking

A Short History Of Load Balancing

See also : Security
Application load balancing functionality began a number of years ago with the alteration of Domain
Name System (DNS) records. These records have been (and continue to be) used to allow a complex
number (the IP address) to be translated into a much easier to remember domain name.

Originally it was common for each basic DNS Address (A) record to have a 1 to 1 correlation, where a
single IP address mapped to a single domain name. Providers figured out that it was possible to
provide some simple load sharing across multiple physical application servers by modifying this A
record to respond with multiple IP address entries (1 to many). This offered some simplistic load

http://www.tomsitpro.com/articles/application-delivery-controller-solutions,2-855.html 1/6
3/7/2018 A Guide to Application Delivery Controller (ADC) Solutions
balancing that occurred between each of the physical servers because the clients using the
information could use any of the received entries for client to server communications. This method
worked quite well, but it was limited and not at all deterministic; it was not able to deal with availability
issues (say if one of the servers was down).

The next step was the creation of application specific clustering software. With these solutions, the
client was given a single address that was linked to a specific cluster and the cluster itself included a
group of physical servers. When the client would initiate communications, the cluster manager was
able to determine the best physical server to route traffic to. Again these solutions worked quite well,
but had two major issues:

1. They tended to be application specific and would not work with other applications that may have
been deployed on the same physical server.

2. They were limited in their capability because each of the cluster members was required to keep in
constant contact with each other to relay session and availability information; the amount of traffic
would begin to affect client traffic once scaled past a certain number of nodes.

The next step was the first generation of purpose-built load balancing hardware. These devices were
built to be vendor neutral, which offered the ability to balance a number of different application types
with the same platform. They also provided a solution to the scalability problem that existed with
larger scale application clusters; this is because each of the servers would no longer be responsible
for knowing the status of the other physical servers, only the load balancing hardware devices would
be required to track this information.

These devices also introduced application health monitors, which were used by the load balancing
hardware to determine the status of each of the physical servers. If a device was not able to respond
in a way that was within the parameters configured with the health monitor, it would be blocked from
being sent any future connections until it was less loaded and/or whatever problem was resolved.

The current generation of these devices is referred to as Application Delivery Controllers (ADC) and
they are covered in the next section.

Callisto = System
Center
Graphically rich, data dense
reporting of your System Center
Apajove data on any device. Trial now

Application Delivery Controller (ADC) Features

The history of the ADC is an easy story to follow as the basic functions of the platform are reasonably
easy to understand, even for those that are not technically savvy. The current generation of ADCs
has packaged together a number of different functionalities on top of the historical server load
balancing platforms of the past. In addition, the basic load balancing functionality has evolved as the
processor hardware and network performance of modern devices has advanced.

The following sections will go over the different common features that are implemented as part of an
ADC.

Layer 3/4 & Layer 7 Load Balancing and Distribution

At its core, all ADC platforms will provide Layer 3/4 and Layer 7 load balancing functionality. Layer 3/4
functionality involves the distribution of traffic based on IP/IPv6 addresses and/or subnets, protocols,
TCP/UDP port numbers, and TCP/UDP/SSL session information. Layer 7 functionality is typically
referred to as content load balancing and will distribute traffic based on things like the URL, URL
Query, URL wildcard, Domain, HTTP header fields, and Payload values.

Where the ADC platforms will differ is how well they support this distribution for a specific application;
some have tighter integrations for specific applications that allow them to be preferred in these
instances. However, overall, all top level ADC appliances and their virtual equivalents will support
layer 3/4 and layer 7 load balancing.

Load Balancing Methods

http://www.tomsitpro.com/articles/application-delivery-controller-solutions,2-855.html 2/6
3/7/2018 A Guide to Application Delivery Controller (ADC) Solutions
Along with their support of load balancing types, there is a number of load balancing methods that
can be used to alternate which device will get sent the next connection request. Some of the
commonly supported ones include: (Weighted) Round Robin, Least Packets, Least Bandwidth, Least
Connections, Response Time, and Hashing (URL, Domain, Source and/or Destination IP address).

The selection of a load balancing method can greatly affect the way that traffic is processed and must
be weighed carefully with each specific working environment. If the wrong method is selected it could
overload a specific device or devices and allow others to sit idle.

Health Monitoring

An important differentiating factor that exists in all of the modern generation ADCs is the ability to
determine the health of the physical server. Without this knowledge, the load balancing functionality
could wrongly send new connection requests to devices that are overloaded or in the early stages of
failure.

There are a number of different ways that a device can be monitored depending on the service(s) that
are being offered. Some of the common protocols to use for monitoring include: ICMP (Echo), TCP,
UDP, HTTP, HTTPS, FTP, RSTP, SMTP, POP3, SNMP, DNS, RADIUS, and LDAP. Along with protocol
support, most of the platforms also offer some type of scripting that can affect the way that a health
check is being performed.

TCP Multiplexing

An important functionality of ADCs is their ability to condense the number of TCP sessions that are
made with the physical server. The establishment of a single TCP session with a server is not a
complicated exchange by itself, but it does require an exchange that uses both processor cycles and
network bandwidth.

When these session exchanges grow exponentially, as is true with application servers, the amount of
device load for this exchange traffic draws a large amount of processor cycles and network bandwidth
that can be minimized and offloaded to the ADC. The ADC will then be responsible for the individual
exchange traffic for each new connection; it will then turn around and use an existing TCP
connection, from the ADC to the physical server. This can greatly affect the load on a physical server
especially in very high load environments.

Networking Integration

One feature that can't be overlooked is how the ADC itself will be integrated into the existing network,
and potentially into the future network. There are a number of different integration methods including
one armed mode (the ADC sits to the side of the main traffic flow), routed mode, and bridged mode,
among others.

Specifically how each of these implementation modes is implemented depends on the solution; but
things to look for include their support for dynamic routing protocols (OSPF, RIP, OSPF, IS-IS, BGP,
BFD), IEEE 802.1q, NAT, as well as the evolving Software Defined Networking (SDN) protocols
VXLAN and NVGRE.

High Availability

Just like any other networking appliance, the importance of high availability (HA) cannot be
overlooked. Most of the higher-tier ADC solutions will offer high availability through the use of some
type of clustering. This allows multiple devices to be grouped together and configured to take over the
duties for one another, should a failure occur.

The common HA terms that would be used in ADC solutions are Active/Standby or Active/Active. To
make the most of your ADC investment, look for Active/Active functionality, which allows all of the
devices to actively process and forward traffic, but be available should a failure occur. When an
Active/Standby HA setup is configured at least one of the devices is left simply watching the other(s)
for signs of failure, but does not process or forward traffic, unless a failure occurs.

Application Acceleration

A very important feature that is offered by all of the major ADC vendors is the support for application
acceleration; how this is implemented is where the differentiation occurs. Some of the commonly
supported techniques include several methods of compression (typically adaptable to each specific
connections circumstances), caching (both static and dynamic content), and TCP optimization. Other
methods include bandwidth optimizers as well as several application specific optimization techniques.

SSL Offload

http://www.tomsitpro.com/articles/application-delivery-controller-solutions,2-855.html 3/6
3/7/2018 A Guide to Application Delivery Controller (ADC) Solutions
One feature that is very commonly used is the ability to offload the load of terminating SSL sessions
from the application server to the ADC. In this situation, the ADC takes all of the SSL load off the
application servers, which typically took care of SSL operations in software, and offloads it to a
hardware SSL platform built into the ADC.

There are two main ways of implementing SSL offloading. One, is when the ADC terminate all SSL
sessions and relaying communications with the application server unencrypted (this is the more
common method). The other is when the ADC handles SSL handshake operations (more
computationally complex) and passes traffic to the application server, which handles the symmetric
encryption.

Global Server Load Balancing (GSLB)

For those organizations that have a global presence, the Global SLB option can be very important.
This functionality allows traffic to be distributed in the best way across application servers that are
located in different geographic locations. When a client initiates a connection to a server, it will
automatically be re-routed to the best global server option. This is determined by using a number of
different available metrics including geographic location, site load, site health and round trip time
among others.

DDoS Protection

Along with the increase in available Internet bandwidth has come an increase in the number of Denial
of Service (DoS) and Distributed DoS (DDoS) attacks. These types of attacks are not typically
complex and can be launched by even the most novice of hacker wannabes.

Most ADC platforms offer the option to implement DDoS attack prevention which allows the attackers'
traffic to be handled at the ADC and never passed on to the application servers, thus preventing the
primary purpose of the attack. ADC platforms also have the ability to see into some more complex
DDoS attacks, which take advantage of SSL tunneled traffic; this is because if the ADC is in place, it
is probably also terminating the SSL traffic and can handle the attack before the traffic is relayed to
the application server.

A sub-category of DDoS protection involves the protection of DNS servers; this functionality is
referred to as a DNS Application Firewall (DAF). The functionality of a DAF is focused on preventing
flooded DNS traffic from even being received by the DNS server.

Depending on the volume of DDoS attacks seen, targeted hardware appliances can also be
configured to be dedicated to only providing protection from these attacks, separate from the ADC
appliance(s).

Web Application Firewall (WAF)

A feature that is becoming more commonly built into the ADC is the ability to offer a built-in Web
Application Firewall (WAF). A WAF is used to prevent targeted web attacks like Cross-site scripting
(XSS), SQL injection, cookie poisoning, invalid input, and sensitive data exposure control.

Some vendors include this as part of a common ADC license, while others consider it as part of a
security add-on.

Central Authentication

Another feature that can be useful is the ability for an ADC to act as a central authentication point. In
this case, the client would terminate their authentication session to the ADC which would then be
responsible for verifying authentication and authorization, only then would the ADC allow the original
request.

This functionality provides another method of offloading the load of the application server, allowing it
to focus on its primary duties.

Multi-Tenancy Support

Multi-tenancy has long been a requirement in service providers (SP) networks, but is now coming to
many enterprises as the internal IT departments turn into internal service providers. This will continue
to accelerate with the evolution of SDN within the enterprise. Many of the higher tier ADC providers
offer the ability to segment their offerings to allow for multiple independent virtual ADCs (vADC).

Their multi-tenancy support as well as support for the other SDN protocols (VXLAN, NVGRE) are
major factors to consider for medium to large-scale enterprises that will be some of the first to
implement SDN.

http://www.tomsitpro.com/articles/application-delivery-controller-solutions,2-855.html 4/6
3/7/2018 A Guide to Application Delivery Controller (ADC) Solutions
Virtualization Options

Virtuallization is feature that is more commonly seen is the introduction of virtual versions of the major
ADC vendor's solutions. These solutions typically involve an integration with the major hardware
virtualization solutions, including VMware, Citrix, KVM and Hyper-V.

ADCs Compared
These ADC features are only some of the most common to look for when shopping for an ADC
solution. The best solution really depends on a number of factors along with the strength of the
company, power requirements, physical size (although most have similar footprints physically),
among others.

For organizations that are looking for the next step in the evolution of their data center, an ADC is
certainly an excellent solution to consider. Keep in mind that it is possible that with the implementation
of an ADC existing application servers may be able to function without being immediately upgraded
because of the offloading capabilities of these solutions.

On the following pages, you'll find reviews of six Application Delivery Controllers from some of the
highest rated vendors in this space. All of the ADC options discussed are very similar and offer basic
feature sets that are on par with one another. The differences come in the implementation and
deployment specifics which are not evident just by looking at the feature overview.

At the end of the day, the best solution is going to be the one that fits best within the specific
deployment environment. Obviously in environments where other Citrix deployments are under way,
the Citrix ADC solution will most likely be able to provide the most integrated experience, and
because of this most businesses in this situation go with a vendor they're familiar with. In other, more
mixed deployments, it really comes down to the features required, the support that is available
(quality not quantity), and the stability of the vendor.

PREVIOUS
f g NEXT

SUMMARY

g 1. ADC Features And Functionalities 5. Kemp Application Delivery Controller

2. A10 Networks Application Delivery Controller 6. Radware Application Delivery Controller
3. Citrix Application Delivery Controller 7. RiverBed Application Delivery Controller
4. F5 Networks Application Delivery Controller

Limited-time Deal: 3 Extra

Top 10 Best Months for Free. Stop
Searching & Start Using a
VPN 2018 VPN.

Related Content
Appcito CAFE Offers Cloud Application Delivery With Devops API - NEWS
Instart Logic Reveals Next Generation Software Defined Application Delivery (SDAD) Platform - NEWS
BMC Releases Free Control-M Application Integrator Tool - NEWS
Best Solutions for Stopping Robocalls - NEWS
Chef Announces DevOps Workflow For Continuous Delivery - NEWS
Instart Logic Announces Security Suite For Software Defined App Delivery - NEWS
Barracuda Fills Mid-Range Gap in App Delivery Line-up - NEWS
How to Build a Real Containerized Application - NEWS
How to Use Application Insights for Azure Functions - NEWS
OpenText Continues Buying Binge With HP Document Output, Capture And Discovery Solutions - NEWS
Dell Refreshes Virtual Solutions With Additional Support For Citrix And Windows Thin Client - NEWS
Enterprise Mobility Management: Trends And Solutions - NEWS
Application Monitoring Tools: Comparison of SaaS Solutions - REVIEW
A Guide to Network Access Control (NAC) Solutions - REVIEW
Application Control: How to Detect Performance Bottlenecks - REVIEW
Best Hosted VoIP Solutions for Business 2018 - REVIEW

http://www.tomsitpro.com/articles/application-delivery-controller-solutions,2-855.html 5/6
3/7/2018 A Guide to Application Delivery Controller (ADC) Solutions
Exchange 2010 Non-Delivery Reports - REVIEW
Best Enterprise Storage Solutions at TechEd 2014 - REVIEW

Hot Topics Features Follow Tom’s IT Pro

Careers Apple Certification Guide: Overv...
Cloud Computing 12 Best IT Training and Certific...
Management The Security vs. User Productivi...
Microsoft Best Solutions for Stopping Robo...
Security
Servers
Storage

About Tom's IT Pro

Advertising | About Us | Contact | Privacy Policy | Terms Of Use | Copyright Policy | Press releases

Copyright © 2018 Purch Group, Inc. All Rights Reserved

http://www.tomsitpro.com/articles/application-delivery-controller-solutions,2-855.html 6/6