Application Intelligent Networking
Delivering applications securely
Here's the answer to continuous and secure delivery of business
critical applications over the Internet.
Today's corporate dynamics necessitate business critical applications being
Internet-enabled. The result is a rapidly growing demand for continuous application
availability, and fully secure access to these applicationsall without
adversely impacting end-user performance. More importantly, a steady growth
in users must be managed within the confines of existing resources.
The market today offers a number of point products that address specific needs.
But the introduction of multiple products into a Web infrastructure increases
management complexity, degrades application performance, and imposes a significant
drain on a company's ongoing operational budget. The problems are further compounded
when much of the capabilities of various point products are nullified in the
face of encrypted traffic.
As a result, companies are unable to solve the fundamental problem of ensuring
fully secure application delivery without, at the same time, leaving the infrastructure
vulnerable to attack and degrading end-user response.
And what is most remarkable is that there is a significant reduction in the
total cost of operations, without hampering benefits to the user.
Today's system administrators face enormous challenges in optimizing their networks
to deliver complex applications over the Internet, to a rapidly expanding end-user
The type of applications include those residing in corporate networks and accessed
by employees in remote locations such as e-mail, intranet portals and shared
files, to customers who use self-service on-line systems, and manufacturers
who use extranets for on-line procurement and fulfillment systems. Credit card
details are also routinely given and accepted over the Internet.
Given the type of usage, both business requirements and end-user demands mandate
privacy and security.
While these applications have become "business-critical" elements
to the growth of a corporation, the required levels of availability, performance
and network scalability have risen, making existing solutions inadequate.
However, not only does the ability to scale infrastructure for secure delivery
introduce significant management complexityit has also proved to be cost
prohibitive to a large extent.
Businesses are forced to compromise security for end-user responsiveness at
an immense price.
A typical application infrastructure is a complex mix of point products addressing
various requirements. There is also the complexity of managing these disparate
systems, as these products lose their value when traffic is secured. Though
point products demonstrate commendable performance independently, a number of
problems can occur.
Unfortunately, site resources and communications remain vulnerable as no single
point product or combination thereof will ensure the secure, optimized delivery
of applications, and provide continuous application availability. Companies
use a number of ways to enhance their infrastructure to encompass data transfer.
Though these encryption techniques can be effective at securing data, they come
with significant trade-offs including performance degradation, management complexity
and increased cost.
Recognizing the need for a unified network, key players in the application intelligent
networking segment have introduced effective solutions that help enterprises
meet the overwhelming demand for cost-effective, continuous, secure delivery
of business critical applications over the Internet.
Best of breed solutions in Secure Application Networking Systems offer all of
the essential elements required for meeting this challenge. These requirements
- 100 percent secure delivery of all application requests.
- Continuous application availability in the face of attacks and legitimate
- Significant reduction in cost of operations.
- Maintaining end-user responsiveness.
These solutions enable enterprises, e-commerce operations and content providers
to optimize their networks for the continuous, secure delivery of all business-critical
applications. They also address and overcome the inefficiencies of existing
infrastructure products and Internet protocols, offering application protection
and enabling secure delivery without compromise.
1. Fully Secure Delivery of Applications: Employees,
partners and customers have continuous access to content, irrespective of location,
and from any browser. Application content is secured 100 percent end-to-end,
without impacting end-user responsiveness. A single system can process up to
4,400 SSL transactions per second compared to the 600 to 800 tps capabilities
found in other solutions. The new breed of secure application networking systems
can also deliver up to 450 Mbps of data.
For those sites requiring even more secure throughput, systems can be clustered
to achieve wire speed encryption throughput, and tens of thousands of transactions
per secondthus, essentially removing SSL capacity as an inhibiting factor
in providing secure application delivery. Henceforth, enterprises, e-commerce
vendors and service providers no longer need to accept slower performance, increased
network complexity or higher cost to achieve 100 percent secure application
2. Complete Protection for Continuous Application Availability:
Continuous application availability begins with a complete application protection
solution. Attacks that occur as a result of traffic surges can be prevented
from reaching the server. Wire speed protection against DoS (denial of service)
attacks is provided, as well as protection against application level DoS, and
worm attacks through features such as:
- Surge Protection: Sites are insulated against sudden spikes by queuing
requests in the secure application networking system, before sending them
to the server. This dynamically regulates site traffic and prevents server
overloading. Regardless of whether traffic is generated from a busy on-line
holiday shopping season, or following a major news event, data is protected
across the system.
- Application-Level Flood (AppDDos) Attack Protection: An effective way to
rob a server of resources is to flood a legitimate connection with GET requests
in rapid succession. The networking system actively elevates the priority
of legitimate requests. This is a unique function not found in some of the
industry's leading products. Most existing attack protection products prevent
attacks by shutting off traffic, significantly curtailing user access. This
fulfills the purpose of the attack by denying user access.
- Network Level Flood (NetDDos) Attack Protection: These attacks are prevented
at full gigabit wire speeds by products such as the NetScaler 9000 Series
systems because these solutions are based on the patented suite of Request
Switching technologies built from the ground up to maximize efficiencies.
- Intrusion Filtering to Block Worm Attacks: This mechanism can defend against
virus attacks such Nimda and Code Red variants.
- Priority queuing: In surge conditions, traffic is prioritized to enable
an overloaded site to continue processing orders without wasting resources
on low priority traffic.
- Distributed Availability: When the site is unavailable traffic is directed
to a backup site.
3. Reduced Cost of Operations: Industry leading secure
application networking systems maximize networking capacity and reduce total
cost of operations by focusing on major issues including scaling existing infrastructure
capacity and reducing network management complexity and costs. It is possible
to double the performance and throughput of caches, servers and firewalls.
Bandwidth utilization costs can be reduced up to 50 percent
in addition to reducing content delivery charges. The load on routers and switches
can be reduced significantly, as well.
Network management complexity and costs are also significantly
reduced, by boosting the efficiency of existing sites. This reduces the number
of servers and software licenses required to serve the same application.
4. End-User Responsiveness: Top of the line solutions
have carefully woven essential performance functionality into an integrated
platform to ensure that protection and security can be provided at wire speed,
while ensuring an improved experience for the end-user. For example, the size
of application data can be reduced by 80 percent with compression resulting
in faster page downloads. This type of benefit not only saves precious dollars
for the IT department but also results in end-user productivity gains that benefit
the business as a whole.
Problems relating to application availability, costs, and
security should not serve as impediments to an organization's plans to deliver
business-critical applications overhe Internet. Now, enterprises, e-commerce
operations and content providers can enable continuous and secure delivery of
business-critical applications without any compromise, while reducing ongoing
operational and bandwidth costs, thus simplifying network management.
The writer is General Manager, Asia Operations, NetScaler.
He can be reached at: email@example.com