Express Delivery

Web-enabled application delivery appliances combine several technologies to ensure fast, secure and reliable access to Web applications.

ChartOne Inc. had invested heavily in a new Web-enabled application, only to discover that it reached end users too slowly. "We were having challenges running PeopleSoft efficiently," says Henry Svendblad, director of IT and information systems at the San Jose-based company, which provides technology services to health care institutions.

"The advice from vendors and integrators was to tune the application or the database or add more server hardware," Svendblad says. But he tried a different approach, spending $100,000 on four E|X 3250 Enterprise Application Processor appliances from Campbell, Calif.-based Redline Networks Inc.

By taking advantage of features such as traffic compression, load balancing, session management and TCP optimization capabilities available in the devices, Svendblad says ChartOne has improved the performance of PeopleSoft and all of its other Web applications as well. "We see on average a 70% reduction in bandwidth. It makes a night-and-day difference in the way applications go, from being very slow to snappy and very responsive," he says.

All in One

Vendors have traditionally offered an array of products -- from Secure Sockets Layer (SSL) acceleration appliances to Web server load balancers -- to ensure fast, reliable and secure delivery of Web-based applications. With products such as the E|X 3250, those technologies are beginning to converge into consolidated offerings. A half-billion-dollar market has emerged for products from more than a dozen vendors that integrate, usually in a single switchlike appliance, a range of functions designed to improve the speed and security of Web-enabled applications.

The products, variously referred to as Web-enabled application delivery, Layers 4-7 switching or application front-end appliances, may support a variety of functions. Among them are SSL encryption and acceleration, compression, load balancing, route optimization and control, XML optimization, attack-signature filtering, TCP offloading and optimization, and application performance optimization. The core functions most large businesses want are compression, TCP optimization and offloading, and SSL acceleration, says Lynn Nye, an analyst at APM Advisors in Portland, Ore.

IT organizations say they're attracted to consolidated devices because they require less data center space, lessen setup and management headaches and save money by reducing the need to add hardware and bandwidth.

The leading players in this niche are smaller companies, says Mark Fabbi, an analyst at Gartner Inc. In contrast, major network switch vendors such as Cisco Systems Inc., Nortel Networks Ltd. and Foundry Networks Inc. offer load balancing, but they've mostly omitted the other optimization features needed to ensure speedy Web application delivery. "The big guys don't get it," Fabbi says.

Yet the need for such products is real. "Companies spend a lot of money on expensive applications and find the network performance is lacking," he says. "You can spend $10 million for a critical application, and the performance to remote users doesn't work well."

Gradual Rollout

ChartOne's main goal in using the E|X 3250 was to reduce bandwidth by using its compression capabilities, but Svendblad decided to use several other features as well. ChartOne's experience is similar to that of other users interviewed for this story, all of whom say their primary concern was to improve performance.

"Typically, customers buy the appliance for one function and turn on other functions as time goes on," says Nye.

UBid Inc., an online auction provider in Chicago, started using the NetScaler 9000, an appliance from NetScaler Inc. in San Jose, last March. It deployed the device to provide load balancing across the company's Web servers but quickly deployed other features, says Mano Sivashanmugam, vice president of technology.

UBid's Web site allows simultaneous bids from hundreds of users but prevents them from seeing the final bid price to protect retailers. Some users, however, had written scripts to discover the final price, he says. The NetScaler appliance prevents such scripting attacks from succeeding.

UBid had 30 Web servers before installing NetScaler, but by using its load-balancing features, UBid was able to reduce that to just eight. Sivashanmugam bought two appliances for about $60,000 but says he has saved up to $80,000 on new hardware he didn't have to buy, as well as up to $10,000 per month for additional electrical power and bandwidth that won't be needed.

"My cost of ownership is less, hosting is less, power is less, and bandwidth is a lot less," Sivashanmugam says. In all, bandwidth needs have dropped from 35Mbit/sec. to 17Mbit/sec., he estimates.

NetScaler's SSL acceleration capability also has made UBid more efficient, Sivashanmugam explains. SSL puts a strain on Web servers. As a result of offloading encryption and decryption tasks to the NetScaler appliance, the Web server request queue is much smaller - about one-tenth what it once was.

Sivashanmugam says he likes the idea of using a single product that handles all aspects of application performance. "If anything goes down, our business is down. ... We've seen most big [vendors] take too long to understand that," he says.

For Kentucky, load balancing is a key function of four application switches running Big-IP software from F5 Networks Inc. in Seattle. But the state government also uses the switches in its four data centers to monitor traffic and the health of connections to 45 Web sites, says Rajesh Bhabaraju, a consultant at Analysts International Corp. in Minneapolis and a Web administrator for the state. Kentucky also uses Big-IP to create SSL proxies, so it doesn't need to purchase a separate SSL product from another vendor. The system has been in place for about 18 months and has helped reduce support hours and costs "drastically," says Bhabaraju.

"Big-IP primarily provides reliability," says Bhabaraju. Putting all the features together with a variety of vendors might have been too complex and wouldn't ensure ease of management or interoperability, he says.

Thinking Out of the Box

While vendors offer a variety of security and performance options from one source, the products aren't always in one box. LifeWay Christian Resources of the Southern Baptist Convention in Nashville uses two devices from Radware Inc. in Mahwah, N.J.

LifeWay, which operates 118 retail stores and provides online Bible study and other online Christian resources, installed Radware's LinkProof load balancer and FireProof firewall load-balancing products.

David Elliott, systems engineer at the nonprofit, says that when a new online curriculum was introduced, bandwidth use surged 35%, but LinkProof handled the load without adding bandwidth. Prior to LinkProof's launch, bandwidth had been sluggish across three T1 lines, Elliott says. "In that first immediate use of Radware, it got us out of the hole," he says.

Using the separate boxes, which cost about $60,000, hasn't been a problem, but the implementation of such products can be complex, Elliott warns. "It's pretty involved, and I was surprised at the level of technical knowledge that your engineers need to have," he says.

While many companies use just a few features today, some are taking maximum advantage of consolidated products. Savvis Communications Corp. in St. Louis is making full use of all of the features available in the 30 Virtual Service Switches it purchased from Inkra Networks Corp. in Fremont, Calif.

Savvis operates application infrastructure for other companies and uses Virtual Service Switches in 25 data centers to offer customers SSL acceleration, load balancing, firewall protection, intrusion detection and IPsec virtual private network tunnel termination, says CEO Rob McCormick. He says each switch costs $200,000.

With this approach, Savvis can use one switch to serve multiple customers, although some still prefer to have separate products for each function tied directly to their servers. McCormick estimates that he can replace the need for 1,200 Ethernet ports to various Web servers with one Inkra switch filling half a rack for a significant savings in space.

McCormick passes on the savings from using a consolidated appliance to customers. For example, Savvis charges customers about $1,500 per month for a dedicated, managed firewall but charges just $250 per month if the customer uses the managed firewall in its Virtual Service Switch product.

"Inkra is the only vendor I've found to pull all the functions we need into a single product," McCormick says. But as the market matures, other vendors will offer more application delivery features in their appliances. And that's something that both Savvis and other corporate IT organizations are bound to want, says Fabbi.

Copyright © 2004 IDG Communications, Inc.

Shop Tech Products at Amazon