Application Intelligent Networking

Delivering applications securely

Here's the answer to continuous and secure delivery of business critical applications over the Internet.

Rakesh Singh

Today's corporate dynamics necessitate business critical applications being Internet-enabled. The result is a rapidly growing demand for continuous application availability, and fully secure access to these applications—all without adversely impacting end-user performance. More importantly, a steady growth in users must be managed within the confines of existing resources.

The market today offers a number of point products that address specific needs. But the introduction of multiple products into a Web infrastructure increases management complexity, degrades application performance, and imposes a significant drain on a company's ongoing operational budget. The problems are further compounded when much of the capabilities of various point products are nullified in the face of encrypted traffic.

As a result, companies are unable to solve the fundamental problem of ensuring fully secure application delivery without, at the same time, leaving the infrastructure vulnerable to attack and degrading end-user response.

And what is most remarkable is that there is a significant reduction in the total cost of operations, without hampering benefits to the user.

The Challenge

Today's system administrators face enormous challenges in optimizing their networks to deliver complex applications over the Internet, to a rapidly expanding end-user base.

The type of applications include those residing in corporate networks and accessed by employees in remote locations such as e-mail, intranet portals and shared files, to customers who use self-service on-line systems, and manufacturers who use extranets for on-line procurement and fulfillment systems. Credit card details are also routinely given and accepted over the Internet.

Given the type of usage, both business requirements and end-user demands mandate privacy and security.

While these applications have become "business-critical" elements to the growth of a corporation, the required levels of availability, performance and network scalability have risen, making existing solutions inadequate.

However, not only does the ability to scale infrastructure for secure delivery introduce significant management complexity—it has also proved to be cost prohibitive to a large extent.

Businesses are forced to compromise security for end-user responsiveness at an immense price.

A typical application infrastructure is a complex mix of point products addressing various requirements. There is also the complexity of managing these disparate systems, as these products lose their value when traffic is secured. Though point products demonstrate commendable performance independently, a number of problems can occur.

Unfortunately, site resources and communications remain vulnerable as no single point product or combination thereof will ensure the secure, optimized delivery of applications, and provide continuous application availability. Companies use a number of ways to enhance their infrastructure to encompass data transfer. Though these encryption techniques can be effective at securing data, they come with significant trade-offs including performance degradation, management complexity and increased cost.

The Solution

Recognizing the need for a unified network, key players in the application intelligent networking segment have introduced effective solutions that help enterprises meet the overwhelming demand for cost-effective, continuous, secure delivery of business critical applications over the Internet.

Best of breed solutions in Secure Application Networking Systems offer all of the essential elements required for meeting this challenge. These requirements include:

• 100 percent secure delivery of all application requests.
• Continuous application availability in the face of attacks and legitimate surges.
• Significant reduction in cost of operations.
• Maintaining end-user responsiveness.

These solutions enable enterprises, e-commerce operations and content providers to optimize their networks for the continuous, secure delivery of all business-critical applications. They also address and overcome the inefficiencies of existing infrastructure products and Internet protocols, offering application protection and enabling secure delivery without compromise.

The Benefits

1. Fully Secure Delivery of Applications: Employees, partners and customers have continuous access to content, irrespective of location, and from any browser. Application content is secured 100 percent end-to-end, without impacting end-user responsiveness. A single system can process up to 4,400 SSL transactions per second compared to the 600 to 800 tps capabilities found in other solutions. The new breed of secure application networking systems can also deliver up to 450 Mbps of data.

For those sites requiring even more secure throughput, systems can be clustered to achieve wire speed encryption throughput, and tens of thousands of transactions per second—thus, essentially removing SSL capacity as an inhibiting factor in providing secure application delivery. Henceforth, enterprises, e-commerce vendors and service providers no longer need to accept slower performance, increased network complexity or higher cost to achieve 100 percent secure application delivery.

2. Complete Protection for Continuous Application Availability: Continuous application availability begins with a complete application protection solution. Attacks that occur as a result of traffic surges can be prevented from reaching the server. Wire speed protection against DoS (denial of service) attacks is provided, as well as protection against application level DoS, and worm attacks through features such as:

• Surge Protection: Sites are insulated against sudden spikes by queuing requests in the secure application networking system, before sending them to the server. This dynamically regulates site traffic and prevents server overloading. Regardless of whether traffic is generated from a busy on-line holiday shopping season, or following a major news event, data is protected across the system.
  
  
• Application-Level Flood (AppDDos) Attack Protection: An effective way to rob a server of resources is to flood a legitimate connection with GET requests in rapid succession. The networking system actively elevates the priority of legitimate requests. This is a unique function not found in some of the industry's leading products. Most existing attack protection products prevent attacks by shutting off traffic, significantly curtailing user access. This fulfills the purpose of the attack by denying user access.
  
  
• Network Level Flood (NetDDos) Attack Protection: These attacks are prevented at full gigabit wire speeds by products such as the NetScaler 9000 Series systems because these solutions are based on the patented suite of Request Switching technologies built from the ground up to maximize efficiencies.
  
  
• Intrusion Filtering to Block Worm Attacks: This mechanism can defend against virus attacks such Nimda and Code Red variants.
  
  
• Priority queuing: In surge conditions, traffic is prioritized to enable an overloaded site to continue processing orders without wasting resources on low priority traffic.
  
  
• Distributed Availability: When the site is unavailable traffic is directed to a backup site.

3. Reduced Cost of Operations: Industry leading secure application networking systems maximize networking capacity and reduce total cost of operations by focusing on major issues including scaling existing infrastructure capacity and reducing network management complexity and costs. It is possible to double the performance and throughput of caches, servers and firewalls.

Bandwidth utilization costs can be reduced up to 50 percent in addition to reducing content delivery charges. The load on routers and switches can be reduced significantly, as well.

Network management complexity and costs are also significantly reduced, by boosting the efficiency of existing sites. This reduces the number of servers and software licenses required to serve the same application.

4. End-User Responsiveness: Top of the line solutions have carefully woven essential performance functionality into an integrated platform to ensure that protection and security can be provided at wire speed, while ensuring an improved experience for the end-user. For example, the size of application data can be reduced by 80 percent with compression resulting in faster page downloads. This type of benefit not only saves precious dollars for the IT department but also results in end-user productivity gains that benefit the business as a whole.

Problems relating to application availability, costs, and security should not serve as impediments to an organization's plans to deliver business-critical applications overhe Internet. Now, enterprises, e-commerce operations and content providers can enable continuous and secure delivery of business-critical applications without any compromise, while reducing ongoing operational and bandwidth costs, thus simplifying network management.

The writer is General Manager, Asia Operations, NetScaler. He can be reached at: indiainfo@netscaler.com