An application delivery controller (ADC) manages and monitors the requests and responses between clients and web servers. An ADC can act as a reverse proxy. It receives a client request, decrypts it, and after verifying its validity, passes it to the server. The server sends back a response to the ADC, which encrypts the response and forwards it to the client.
The primary function of early, hardware-based ADCs was load balancing, but as time progressed and network architecture evolved, ADCs evolved also, adding security, optimized end-user performance, application acceleration, and server reliability to networks with their presence. ADCs these days can be hardware, software, and even virtual appliances.
An ADC is typically placed between a firewall and one of the application servers in a place called the demilitarized zone to provide an additional layer of security. An ADC functions by integrating and making use of various protocols, like HTTPS, HTTP, DNS, UDP, and TCP.
Older ADCs that mainly acted as load balancers for servers were responsible for traffic and application deployment. If any application on the server or even the server itself went down, an ADC redirected the server's traffic to another server, thus preventing downtime.
Now, ADCs have evolved to do much more than load balancing. They offer SSL offloading, cloud support, enhanced visibility, application analytics, TCP optimization, rate shaping, web application firewalls, and application performance enhancement.
ADCs use the methods below to improve performance:
When a server is bombarded with multiple requests, its performance is negatively affected. Load balancing reduces the strain on that server by spreading out the requests. A load balancer distributes the incoming requests among multiple servers so that a single server does not get overloaded by the traffic. Round-robin is the simplest algorithm for this as it just forwards the requests to the next server in line. Complex algorithms take into account factors like server capacity, the type of data requested, and the data size.
An ADC works on Layers 3, 4, and 7 for load balancing. Load balancing in Layers 3 and 4 is relatively simple as the incoming traffic will be distributed on the basis of subnets, port numbers, protocols, DNS names, and IP addresses. Load balancing in Layer 7 can be a bit complex as the URL, request type, HTTP header, and other factors will be considered while distributing traffic. The ADC will also read the HTTP header and the data to determine to which server it should redirect the request.
At the very least, an ADC comes equipped with a simple ping tool to check the availability of a server as it would be pointless to redirect traffic to an already overloaded server. ADCs ping the servers constantly and monitor them for any signs of abnormality. If the polling fails, the server will be deemed unavailable, and no traffic will be redirected to that server until it becomes available again.
An ADC enhances server speed and performance by storing data locally so that every time it receives a request, it does not have to fetch data from a back-end server. This is called caching, and it significantly reduces the load on servers and minimizes delivery time. When a client requests a large file, like an image, music, or video file, the ADC can compress the content before sending it to the client so as to reduce the delivery time.
The SSL protocol secures HTTP traffic and requests by encrypting them. However, a web server would be wasting computation resources to decrypt and encrypt the SSL traffic. Instead, an SSL offloader should be used as it reduces the computing load of the servers by forwarding the traffic after decrypting the data. SSL offloading can be done by using a dedicated server to decrypt the traffic or by using an ADC in its stead.
ADCs use security methods like firewall load balancing, intrusion detection and prevention, and web application firewalls. ADCs are engineered to be the first line of defense against DDoS attack traffic. An ADC's DNS application firewall offers protection from attacks targeting DNS servers. An ADC's web application firewall stops cross-site scripting and ensures the privacy of sensitive data.
OpManager is a network monitoring and management tool that can monitor and manage a wide variety of devices. With over 10,000 device templates and 35,000 vendor templates, OpManager can improve the performance of the ADCs in your network by using its wide array of features, including: