What is an ADC, Application Delivery Controller?

Web-based applications have become the most common way to deliver customer facing applications and services but doing so at enterprise scale requires solving a number of core problems including how to handle high transaction volumes with minimal delay, ensuring availability, fault tolerance, and protecting the web application servers.

Application delivery controllers (ADCs), are software or hardware appliances that provide these services along with other features to enhance performance and security. Often located in a DMZ subnet to provide a layer of security “insulation” between the internet and the application servers, Application delivery controllers (ADCs) act as reverse proxies, receiving client requests, decrypting the request, checking whether the request is valid, passing it to one of the backend servers, getting the server response, then finally encrypting, and sending the response to the client.

Because the Application delivery controller (ADC) is in the data path, functions such as application acceleration, traffic and performance monitoring, systems management, and security analysis can be performed in-stream. This also makes the application delivery controller a strategic component of enterprise security strategies because network segmentation is a key component of a Zero Trust architecture.

Earlier generations of Application delivery controllers (ADCs) were hardware-based and focused mainly on load balancing and caching. As networks and web applications became more complex, new features were added to enhance security and performance and, as cloud services evolved, ADCs also became available as virtual appliances.

Today’s advanced ADCs are key to delivering high-performance, secure enterprise web applications whether on-prem, in a single cloud, or in a multi-cloud environment.

ADC Application Delivery

The purpose of an application delivery controller is to deliver requests from users to web application servers and return data while ensuring availability, scalability, and optimized performance. Application delivery controller (ADC) features supporting application delivery include:

• Network Support: Today’s internet environment requires Application delivery controllers (ADCs) to support IPv4 and IPv6 along with HTTP and HTTPS proxying.
• Server Load Balancing: To support high transaction volumes, multiple servers are needed so load balancing—that is, distributing incoming requests across multiple servers to maximize performance—is required to optimize throughput. A Layer 4 load balancer works at the transport layer using the TCP and UDP protocols to manage traffic based on a load balancing algorithm and information such as server connections and response times. A more sophisticated approach is a Layer 7 load balancer which works at the application layer and makes routing decisions based on more detailed information such as the characteristics of the HTTP/HTTPS header, message content, URL type, and cookie data.
• Server Scale-out: As transaction volumes increase and servers become maxed out, Application delivery controllers (ADCs) scale out by bringing more web application servers online to increase capacity.
• Health Monitoring: A key function of an application delivery controller, health monitoring involves ADCs polling their server clusters to check whether individual servers are performing correctly and to remove servers from the pool when they fail.
• Seamless Failover: Servers can and do fail. By synchronizing (duplicating and updating in real time) user sessions between servers—which could be between servers in a single cluster or across multiple clusters and or across multi-cloud deployments—and transparently handing off execution to a duplicate session when a server fails, it ensures an uninterrupted and error-free user experience.
• Global Server Load Balancing (GSLB): Global server load balancing handles multi-cloud, multi-region environments with automatic scaling, regional and cross-regional failover, and centralized management. Prime uses cased for GSLB are in disaster recovery (major network outages particularly where multi-cloud networks are involved) and DDoS attacks. GLSB transfers traffic with no or minimal service interruption from the client’s point of view.
• Firewall Load Balancing: Firewalls are crucial for protecting network resources and ensuring business continuity and where multiple firewalls support large network systems, load balancing provides high availability and scale-out ability.
• DNS Server Load Balancing: DNS servers are usually behind a server load balancing system which overcomes the shortcomings in the standard DNS failover mechanism and greatly increases performance. DNS load balancing can also detect failed DNS servers and automatically take them off the service roster and scale out as the demand for DNS lookups increases.

ADC Application Acceleration

Because an application delivery controller is the connection between internet users and web application servers, they are the ideal location to gather performance data and apply optimizations. Application delivery controller (ADC) features that provide application acceleration include:

• Traffic Optimizations: Application delivery controllers (ADCs) use several techniques to traffic compression to minimize data volumes and caching to offload client requests that were previously serviced, for example, to retrieve a JavaScript file.
• Blue/Green Deployment: In a DevOps environment, the ability to steer and monitor traffic in real-time to either old (blue) and new (green) deployments based on testing goals (traffic percentage, geographic regions, and IP address ranges) provides continuous delivery with zero downtime.
• SSL Offload (TLS Offloading): Decrypting and encrypting SSL/TLS sessions requires significant computation so offloading the task from the web application servers to an Application delivery controller (ADC) with custom encryption hardware provides significant performance acceleration and reduced server load. Comprehensive SSL/TLS support includes TLS 1.2 and TLS 1.3 and support for Perfect Forward Secrecy (PFS) with Elliptic Curve Diffie-Hellman Exchange (ECDHE) and other Elliptic Curve Cryptography (ECC) ciphers including AES-NI and GCM ciphers. Other performance enhancing technologies include SSL termination, SSL bridging, SSL proxy, and SSL session ID reuse.
• Analytics: ADCs gather a wide range of metrics including real-time traffic statistics, security events, server performance data, and system health, which can be used to gain insights into problems and optimizations.

ADC Application Security

Security is a primary requirement of enterprise networks and application delivery controllers are the frontline defense for web application servers. Application delivery controller (ADC) features that enhance security include:

• DNS Application Firewall: In enterprise systems DNS infrastructure is crucial for routing to and from networks and, not surprisingly, attacking the DNS service has become a hacking favorite. DNS attacks include malicious and invalid requests, DDoS attacks on DNS servers, and DNS flooding attacks.
• DDoS Protection: DDoS attacks are now a routine hazard for enterprise networks so ADCs are the first line of defense for protecting web applications.
• Web Application Firewall: A web application firewall (WAF) prevents attacks from security vulnerabilities such as cookie poisoning, cross-site scripting (XSS), data form (buffer) overruns, SQL injection, and malformed HTTP packet attacks.
• Central Authentication: An application delivery controller can serve as central authentication points to handle authentication and authorization for clients and interact with application access management (AAM) systems. Centralized authentication services are crucial for managing multi-cloud environments.

How A10 Networks Can Help

A10 Networks application delivery controllers are designed to simplify and streamline application delivery networking along with enhanced security and manageability.

A10’s Thunder series ADCs provide comprehensive traffic management features, load balancing methods, and health checks as both software and physical appliances to meet a wide variety of scenarios including on-prem, single cloud, and multi-cloud deployments. Moreover, as virtualization and the cloud become increasingly strategic in web application deployment and service, A10 offers the Thunder virtual appliance for VMware vSphere ESXi, Microsoft Hyper-V, KVM, Nutanix AHV, Amazon Web Services (AWS) AMI, Microsoft Azure VHD and QCOW2 for Oracle Cloud and others as well as Thunder ADC for containers and networking acceleration (SRIOV, DPDK) and management integration.