Most businesses have multi-function printers that can fax, scan, and copy. In our roles, we are multi-functional as well. A network architect is often the operational troubleshooter because of his/her knowledge and expertise. The financial expert can take on the role of the supply logistics because of their understanding of the parts and processes involved in the day to day business.
The multi-function printer exists because all of the functions utilize a common engine that is purposed in different ways. In the network, some functions are meant to work together by leveraging functions for multiple purposes. It makes sense to use a tool meant for one purpose to be used for another when the capability is there. The application delivery controller (ADC) is a multi-function network tool that is designed for this type of role.
One function, multiple results
First, the ADC is a load balancer. It manages the connections to pools of application servers for scalability and resiliency. Part of the load balancer’s job is to inspect the content to determine the correct group of application servers for any given connection. The ADC looks at the user’s requests and server responses to ensure that the connection is managed efficiently.
If the ADC is inspecting the content of the application for load balancing purposes, it can also inspect the content to confirm the validity of the traffic. When the ADC is validating the content, it is performing application security. With the right policies and mechanisms, the ADC becomes a web application firewall (WAF) and provides the application security.
It makes sense for the ADC to provide the WAF functionality for the application. It has the capability to look inside the application sessions and apply positive and negative security rules to the content as it is being load balanced.
Open once and re-gift
This combination of roles becomes more beneficial when the application traffic is encrypted. Over half of the internet is encrypted using SSL/TLS for privacy and security. The effort required to decrypt the traffic in order to make load balancing decisions is high. It takes a lot of computing resources to decrypt and re-encrypt the traffic. Many solutions use hardware-based encryption acceleration because of this fact.
If the ADC and WAF are separate devices, the application traffic must be decrypted, inspected, and re-encrypted each time introducing latency and complexity into the network infrastructure. This doubles the encryption engine requirements, costs money to implement, and makes the operational management of the application delivery infrastructure harder to maintain.
When the ADC and WAF are combined into a unified solution, the application traffic only needs to be decrypted once for load balancing decisions and security validation. The simplicity of decrypting the content once to perform all of the content inspection functions in one process makes everything run faster and smoother.
Multi-function, not multi-task
The ADC is a IT tool that performs many functions. It is able to do so by utilizing the functions it performs in multiple ways. The ADC is able to combine the load balancing and WAF requirements of a business by extending its content inspection capability. The network infrastructure maintains its simplicity and gains added abilities when businesses take advantage of the technologies to add additional roles based on a common function. Load balancing and WAF are two functions that should always be combined because of the common content inspection requirements.
Read “Keep It Simple; Make It Scalable: 6 Characteristics of the Futureproof Load Balancer” to learn more.
Frank Yue is Director of Solution Marketing, Application Delivery for Radware. In this role, he is responsible for evangelizing Radware technologies and products before they come to market. He also writes blogs, produces white papers, and speaks at conferences and events related to application networking technologies.
Mr. Yue has over 20 years of experience building large-scale networks and working with high performance application technologies including deep packet inspection, network security, and application delivery. Prior to joining Radware, Mr. Yue was at F5 Networks, covering their global service provider messaging. He has a degree in Biology from the University of Pennsylvania.
This is a Security Bloggers Network syndicated blog post authored by Frank Yue. Read the original post at: Radware Blog