Load balancers evolve with Web-site acceleration, security, and more
The load-balancing market grows more complex every year. Appliances that used to simply distribute incoming client requests to a virtual cluster of Web servers for improved fault tolerance and better scalability now provide several types of Web-site acceleration, security, and more.
Among these more advanced load balancers are Redline Networks’s E|X 3250 and the NetScaler 9400 Secure Application Switch. Both are 1U, rack-mount appliances, with two 10/100 ports each (as opposed to their switch-based counterparts). Both are members of families that range from basic two-port models to four-port Gigabit Ethernet devices with extended functionality.
The E|X 3250 and NetScaler 9400 both provide substantial functionality well beyond basic load balancing, including SSL acceleration, TCP offloading, HTTP compression, caching, content redirection, and more.
The benefits your Web site will reap from the acceleration technologies will vary, depending on the types of applications you use, the kinds of data your Web site delivers, and the types of clients connecting to your site.
For instance, in my tests, requests for pre-compressed JPG files showed far less improvement than text requests. Many clients making lots of small requests benefited greatly from the TCP-consolidation functions.
Overall, in most applications, both appliances reduced network bandwidth by more than half and response times by as much as 2,000 percent.
NetScaler 9400 Secure Application Switch
The NetScaler 9400 is really several appliances in one. It includes sophisticated load balancing, Web-site acceleration technologies such as HTTP compression and TCP-session consolidation, SSL acceleration, intrusion detection and prevention, Web caching, and SSL VPN capabilities.
As a load balancer, the 9400 offers a number of features not found in the more basic load balancers, such as the Coyote Point Equalizer E350. These features include extra load balancing algorithms and persistence methods, as well as policies for special responses depending on client type or location. It can also load-balance outgoing connections across multiple firewalls or routers.
More than just a sophisticated load balancer, the 9400 increases the performance of Web sites by consolidating the dozens, or even hundreds, of TCP connections used between a client and server to one, reducing TCP/IP traffic and load on the server. Further, it buffers TCP connection information from slower clients, reducing TCP overhead. Using the compression capability built into HTTP 1.1-compliant browsers, it reduces traffic over the Internet connection and speeds up response times. It offloads SSL processing and can handle 4,400 new SSL sessions per second, according to the company.
The 9400 also provides protection from DoS attacks and can even protect against buffer overflow and other application-layer attacks by checking for valid HTML content. It offers content redirection and priority queuing based on client ID and provides “surge protection” by buffering incoming requests to prevent servers from reaching 100 percent utilization.
The SSL VPN capability allows users to access applications via an SSL browser connection, rather than having to initiate an IPSec connection.
A NetScaler engineer installed the 9400 in my lab, a practice I don’t generally encourage in testing, but on-site installation support is part of the price of the appliance. Installation was not difficult, but the command-line orientation would make setup more complicated than other products if an admin had to do it without the support.
The initial Web page that appears upon logging in demonstrates the 9400’s enterprise focus. It shows sample SNMP files for Hewlett-Packard’s OpenView and Ipswitch’s WhatsUp Gold, as well as a sample WSDL file. It offers sophisticated logging capabilities and can offload logs to a syslog server.
The 9400 offers a sophisticated feature set that will make creating a large and responsive Web site easier, can produce faster response times for clients with lower bandwidth utilization, and will provide some protection against Web site attacks.
Redline Networks E|X 3250 Version 3.3
I tested the Redline Networks E|X 3250 last year. Version 3.3 offers the same load balancing, Web acceleration, SSL acceleration, and DoS protection technology, but it has added features in its new OverDrive, which is essentially a simple programming environment for creating content-delivery applications.
OverDrive allows admins to create a series of if-then rules to control content delivery, modify content based on user requirements, change a standard Web page to an SSL version without reprogramming, change the URL returned, and more. It makes the overall device much more flexible, because any feature can be programmed as desired, rather than having only the options that ship with the device. OverDrive can also enable content checking, filtering, or redirection based on any part of the HTTP traffic, rather than just the header.
The installation of the 3250 is similar to that of most appliances, with initial network configuration via serial terminal, and all further configuration using a Web interface or command line via telnet or SSH (Secure Shell). Because the appliance is typically installed in a single-leg topology, there is no need to change the network settings for the servers behind it.
Setting up a basic load-balanced cluster is simple. As with the NetScaler, admins will find a host of other options. Among them is additional load-balancing algorithms, such as fewest outstanding requests (rather than just fewest connections) and more sophisticated health-checking options. Clusters can be set up around HTTP applications or other TCP apps such as FTP, or they can forward or redirect traffic to specific URLs or ports based on the incoming port address.
As does the 9400, the 3250 provides Web acceleration by consolidating TCP sessions to one session and by HTTP 1.1 compression. It also strips out comments and other detritus from the HTTP delivered to a browser. According to the company, the 3250 can handle 800 new SSL sessions per second.
The 3250 has a new historical statistical and graphing capability to show Web site trends. It can also log client IP addresses and store the logs and statistics on a remote syslog server if desired. Security and authentication is excellent, both for delegation of administration and for authentication of users, with RADIUS and RSA SecurID support in addition to LDAP.
Most Web sites will enjoy substantial improvements in response time to the client, and companies should see reduced bandwidth usage as well. The OverDrive programming interface allows admins to create virtually any kind of layer 7 routing or redirection application they desire with little effort.
The NetScaler and Redline are well-matched, enterprise-level systems that can allow a given number of servers to serve more clients at a lower bandwidth utilization than with a standard load balancer. They both add security features and content redirection features. The NetScaler has SSL VPN capability, whereas the Redline offers its OverDrive programming environment that enables flexible response to client needs. Any IT department seeing high traffic on its Web server should find one of these products a fit.
Overall Score (100%)
|NetScaler 9400 Secure Application Switch||9.0||8.0||9.0||8.0||9.0|
|Redline Networks E|X 3250 Version 3.3||9.0||9.0||9.0||8.0||9.0|
Android 5.1 fixes a lot of what's wrong in 5.0.
Macworld goes hands-on with Apple's thinnest, just-announced laptop. It's so thin, it can only fit a...
With only the third CEO in the company's history, Microsoft did not want to remain complacent and on...
Sponsored by Nuage Networks
Sponsored by Fibre Channel Industry Association
Will Google deliver a solid, modern approach to telephony for a mobile, multipoint, commingled world?
The dreaded mega merger is kaput, but the central problem remains: We need more ISP competition
Your computer's next point of failure might be further up the stack than you think
Enterprises continue to fumble open source, largely because they misunderstand its value