Click for pdf
Server load balancing is a standard solution in data centers as well as in the computing environments of network infrastructures. At its essence, server load balancing (SLB) is a technique by which application and web traffic (or load) is distributed across multiple servers to optimize application and server performance, ensure availability, scalability and resilience, offer first-level security and deliver a high-quality user experience. Server load balancing also allows easy scaling of applications and web services; as traffic loads increase, servers can be seamlessly added to the pool to provide additional resources.
About two decades ago, load balancers were introduced as hardware appliances that simply distributed traffic across multiple servers. Over time, load balancers have evolved in form, function and nomenclature. Load balancing is now a capability included in application delivery controllers (ADCs), which are available as dedicated hardware appliances, as virtual appliances, as services on cloud platforms, and as virtual network functions – for example, running as instances on Array’s AVX Series Network Functions Platform.
Similarly the capabilities offered by ADCs have evolved to include server load balancing, link load balancing, global server load balancing, application acceleration, security services such as web application firewalls and DDoS protection, SSL certificate management and many other features and functions. However, while server load balancing is a vital asset for data centers and enterprise networks, it is not always easy to deploy correctly – or without challenges – into a network architecture.
This reference architecture will describe the configuration of server load balancing for Array’s APV Series ADCs, as well as SSL offload, which enhances server and application performance by removing the workload of SSL decryption from servers. The reference architecture describes a number of scenarios in which server load balancing, certificate management, server health monitoring, high availability, SSL acceleration and offloading, DDoS protection, connection multiplexing, and caching and compression combine in a single, easy-to-manage ADC appliance.
This reference architecture is intended for anyone who will be configuring and managing an Array APV Series for server load balancing. The information included is written for those who are familiar with load balancer technology and data center operations, as well as for those who have little or no experience.
Array’s APV Series solutions are enterprise-class application deliver controllers with the proven ability to load balance, accelerate, secure and optimize enterprise applications and servers. The APV Series is available as physical/dedicated appliances, as virtual appliances (called vAPV), on popular public clouds such as Amazon Web Services and Microsoft Azure, and as virtual network functions on Array’s AVX Series Network Functions Platform. Array’s ADCs are designed to meet or exceed technical requirements while remaining simple to manage, scalable to accommodate future growth, and cost effective for almost any business or other organization.
In addition to server load balancing, discussed in this reference architecture, APV Series application deliver controllers can provide link load balancing, which helps ensure availability across multiple WAN connections. Global server load balancing is ideal for geographically distributed servers and applications, multi-site architectures and hybrid cloud deployments. SSL intercept is yet another feature option that provides decryption of SSL/TLS traffic to allow security appliances to fully inspect the traffic without incurring the large compute load of SSL processing.
Modern data center topologies have evolve greatly over time. Once difficult to manage at scale, application and web platforms have reached a level of maturity and, with a simplified architecture, they have evolved to support high availability and scalability by design. Without server load balancing, however, there are a number of inherent problems. The diagram below shows a typical network topology for a deployment that does not include server load balancing.
In the example, client requests are directed to the web or application servers via DNS. Because DNS load balancing only averages out traffic load over long intervals, it can easily cause individual servers to be oversubscribed. If servers cannot tolerate transient oversubscription gracefully, it would lead to a poor user experience. Further, if a server is offline for any reason, as one of the servers above is depicted, users would receive no response at all. Other servers might be underutilized, which is not efficient in terms of CapEx or OpEx. In addition, the servers’ IP addresses are exposed to the clients, which increases risk of DDoS or other attacks.
Another challenge arises within the infrastructure itself. Data served to users is derived from complex interactions between the web layer (presentation), middleware (business logic) and databases (structured data). Without load balancing, each of these layers must access the next layer using transactions over a full mesh of connections. This ‘mesh’ topology can lead to multiple points of failure, which can further impact response times for users.
In addition, as illustrated above, each client touchpoint in the architecture (web or application server, middleware and database) must communicate with various operational controls such as certificate expiry and revocation management, security vulnerability patch server, and similar mechanisms. This introduces operational complexity that only gets worse as additional services are added (most likely in an exponential manner). This can make problem detection more difficult and increase response times for vulnerabilities, as well as an ever-increasing IT staff workload.
By contrast, a data center topology that includes server load balancing offers a streamlined and efficient infrastructure that eliminates the possibility of a single point of failure. Scalability is also simplified; resources can be added on the fly as needed. In the simplified example above, two Array application delivery controllers are deployed as a high-availability pair. All client requests are directed to the ADCs, which perform several important functions beyond routing and load balancing of the servers, middleware and databases.
In the diagram, one of the servers is depicted as failed, unresponsive or offline within the web or application virtual service; however with server load balancing in place, the impact on user experience is minimized. The Array ADC supports a variety of health checks at the Real Service and Real Service Group level that poll at predefined intervals for unresponsive servers. Traffic is automatically routed around an unresponsive device, and logs notify the IT administrator of the problematic server. For added flexibility, custom-defined composite health checks can be scripted as well.
The APV Series is configured as a reverse proxy with address translation in order to conceal the IP address of the servers from the outside world, thus improving security. As shown in the diagram, because the network elements are behind the APV Series, only a single point device (the ADC) needs to communicate with the operational controls, reducing server load and network complexity.
Array’s ADCs provide high-performance on-board client certificate verification, international language support, access control, and flexible client information-forward functions. They also include full-functioned support for certificate validation via an external certificate authority (CA) via certificate revocation lists (CRLs) and online certificate status protocol (OCSP). APV Series also integrates with key management tools such as Venafi’s Trust Protection Platform to further simplify certificate and key management.
In the example topology, the APV Series decrypts SSL/TLS traffic before forwarding it on to the back-end infrastructure, a technique referred to as SSL offloading. Array’s hardware-based ADCs include high-performance cryptographic resources that are highly efficient at processing SSL/TLS traffic; virtual ADCs perform SSL/TLS processing in software, or may be deployed in a hybrid virtual/dedicated ADC model in order to reap the benefits of hardware-based processing while maintaining the agility of virtual appliances. SSL offloading greatly reduces the processing load on servers and other infrastructure, freeing the resources for their respective core functions.
Depending on the network and server configuration, it may be advantageous to utilize the Array ADC to translate outward-facing IPv6 addresses to IPv4, or vice versa. The APV Series can also convert HTTP/2 traffic to HTTP/1.1 (and vice versa), allowing a configuration in which the ADC transmits and receives HTTP/2 traffic with clients, and HTTP/1.1 traffic to and from the back-end infrastructure. The latter deployment option allows IT teams to reap the benefit of an optimized protocol for internet traffic while continuing to rely on the legacy protocol for HTTP/1.1 compliant applications on the internal network.
In addition, the APV Series can provide load balancing services for a variety of protocols other than HTTP and HTTPS, such as SIP, Diameter, TCP and others. In addition, Array APV appliances can recognize Microsoft Office 365 traffic through deep packet inspection and route it appropriately via link load balancing.
In addition to the fundamental technologies described above, the APV Series offers a number of other features that serve to further accelerate and secure web and business application servers. Among them are:
The entirety of Array’s data plane technology has been built from scratch over two decades. Thousands of customers and millions of users have used Array’s ADC technology over time, bringing it to the stable, secure and high-performance solution that it presents today.
Server load balancing has become a standard solution in data centers and enterprise computing environments for a reason; without it, network complexity increases, the efficiency of servers and other infrastructure elements can be heavily impacted and the user experience can suffer.
With Array’s application delivery controllers, IT teams have an easy-to-manage, robust and flexible solution that maximizes infrastructure performance, improves security and assures a high-quality user experience. Array ADCs offer the best price/performance ratio in the industry, enhanced security, flexible deployment models and rapid return on investment.