Optimizing Web Application Infrastructure

Small-to-medium sized businesses are increasingly taking advantage of the power of the Web to sell goods and services and for Intranet connectivity to their employees.  In order to succeed as an e-commerce company, the website must be able to handle the traffic and transactions flowing to the site.  A company needs to manage its Web growth as traffic increases. If customers try to access a company’s site and meet up with the ‘World-Wide-Wait,’ they will abandon the site, and a sale may be lost. 

Websites can be complex and expensive to manage and operate.  Traffic must be distributed among many servers, which pass traffic information to application servers that are often connected to database servers. If just one of these components of the process fails, the worst case scenario would be that the entire site could be taken down.  At best, what often happens is that user requests or transactions slow down or perhaps fail.  If that happens to a user too many times, that user will not return to that company’s website in the future. 

This article will discuss the value that application delivery optimization products such as load balancers create within a web application infrastructure.

Load balancers, also known as application front-end devices, application delivery controllers (ADC) and web front-ends, distribute the traffic load between two or more servers, network links, CPUs, hard drives, or other resources, and offload servers from compute-intensive tasks in order to optimize resource utilization, throughput, and response time.  For purposes of simplicity, we will refer to these devices as ADCs. Website architecture generally consists of a combined web/application server and a database/ storage device.  Functions can be distributed across these servers, for example; sales transactions may go to one server, while information requests to another.  The key is having one’s website up and running 24/7 without disruption or response delay.

Site availability is vital to having a successful e-commerce site, and this is one of the primary functions of an ADC.  Availability includes having ample bandwidth, memory and storage, and also includes redundancy, failover, load balancing and persistence.

ADCs are able to look into application data headers to determine where to send a user accelerate response time based on user configured rules.  For example, within a retail, or banking application, certain applications such as account allocation or purchases, or users (preferred or high-value) can be given higher priority, and moved to specific servers to expedite their transactions. 

The early load balancers operated at the transport layer (layer 4) while the newer ADCs manage the application layers 4 and 7.  Layer 7 ADCs are able to exert much more granular control over forwarding decisions than is possible with Layer 4.  In the former, routing decisions are made based on information in TCP/IP headers.  The latter also examine cookies and maintain persistent connections.  ADC Layer 7 devices also direct traffic to different servers based on applications and other application-level criteria.  For example, a Layer 7 ADC can determine if a URL address ends in ".html," the request might be passed to servers handling text only content. While a URL ending in ".jpg" might be directed to image servers. 

ADCs distribute traffic to multiple applications

Characteristics of ADCs:

Businesses of any size tend to require their ADCs to:

• Accelerate and offload the Secure Sockets Layer (SSL) from servers
• Deliver persistent sessions
• Support virtualized servers
• Compress and cache content

The goal of the ADC is to increase website performance, and each element contributes to that added efficiency.

By adding SSL acceleration to an ADC, the server’s performance is improved when compute-intensive processing is off-loaded from the application servers.

With persistence, the ADC will ensure that a given user will keep going to the same server for all his requests, where its context is known.  ADCs should be able to persist based on the Source IP Address, Server Cookie or Source IP, HTTP Header and SSL Session ID.

Virtualization substitutes software for hardware, which produces cost savings, maximizes rack space, and more importantly, centralizes management.

With compression and caching, data sets are made smaller to reduce overhead and stored on the ADC, rather than on the servers, in order to offload server resources and increase response time.  These four characteristics work together to make websites work more effectively. 

Each element is discussed in turn. 

Secure Socket Layer (SSL)

The SSL protocol for public key cryptography is the de facto standard for securing Transmission Control Protocol/Internet Protocol (TCP/IP) traffic regardless of the network topology.  TCP/IP is the network protocol that the Internet uses. Only those end points that receive the decryption key are able to read the message in a meaningful way, thereby assuring authenticity.  The use of SSL translates an http:// site into an https:// site that can support secure transactions.  SSL also authenticates the server and client identities. 

SSL accelerators boost the performance of SSL transactions through the use of optimized devices and association with load balancing and persistence.  Placing SSL acceleration on the ADC, rather than on the servers, enables the offloading of the SSL handshake and encryption/decryption processes from the application servers, which dramatically increases the servers’ performance.  When the servers have to encrypt and decrypt SSL traffic there is a high CPU and memory cost incurred, which increases packet-processing time.  Moreover, adding SSL to servers adds latency, while installing it on an ADC with hardware-based acceleration does not.  During the handshake, session capabilities and encryption algorithms are negotiated, and the server is authenticated to the client.  As part of the handshake, the web server sends an SSL identifier, which is stored by the ADC to ensure that all subsequent traffic with that SSL session ID will be directed to the same web server. 

Persistence

While load balancing is designed to distribute traffic among available servers, there are times in which load balancing is over-ridden, while maintaining certain load parameters.  Persistence, also known as sticky or server affinity, bypasses the normal load balancing algorithm and sends a given user to the same server each time that user makes a request.  Persistence is a requirement of stateful applications in which data is collected over successive interactions.  Whether persistence is needed is dependent upon how user-specific information is stored, such as items in a shopping cart, or concert ticket reservations.  For example, concert ticket reservation information may be stored in:  1) a backend database that all servers can access, 2) on the specific server to which the user originally connected, or 3) in a cookie on the user’s machine.  An online shopping cart requires persistence so that the client can connect to the same web server for the duration of the session without losing the information that has been placed in the cart. 

There are several methods for assuring persistence.  Cookie-based persistence or virtual source persistence sets a cookie value that indicates to which server the traffic should be directed, and all traffic from multiple source IP addresses is treated as if it is originating from one source.  Cookies are sets of data that are created when a user accesses a website and are recalled on subsequent visits, thereby speeding information delivery and enabling customized information for that user.  If a user is filling out a form online, the information is stored on the server and does not need to be retyped. 

Source IP persistence enables ADCs to identify users by their Source IP Address.  There can be some problems with this method when proxy-servers or NAT is used, which mask user identity. 

Virtualization

Virtualization can make multiple ADCs function autonomously within a single hardware device. As traffic hits the virtual ADC, it is distributed to the appropriate application.  By logically partitioning the ADC into multiple virtual ADCs, each virtual ADC has its own set of rules separately managed from one another, and overall management is centralized.  Virtualization offers cost savings by reducing required hardware and associated rack space and power requirements. 

Compression and Caching

The ADC helps to eliminate bottlenecks and slow processing by compressing and caching of objects.  These objects are sent serially to represent components of a transaction, which in turn slows response time.  The ADC makes a copy of an object, which is then cached.  When that object is requested, the ADC acts as a proxy and directly sends the content to the requestor, thereby eliminating the time it would have taken to gather it from the server.  Compression allows ADCs to decrease the size of the application payload within each packet to reduce network bandwidth consumption without degrading content quality, and improving the end-users' overall experience.

Conclusion

As e-commerce and other Internet-enabled applications continue to evolve and grow a company’s ability to manage information and traffic flows become more important.  If a company cannot detect faults, or dynamically add and remove server and control traffic distribution to its website, it will have a difficult time keeping up with competitors.