Web front-end products shoot for speed, scale and security

When it comes to speeding up content delivery, Web administrators want it all. Until recently they couldn't get it.

While they've relied on Web server load balancers to address ever-increasing loads on high-traffic sites, these switches don't generally address other acceleration and security requirements. Enter a new class of specialized devices from Array Networks, NetScaler and Redline Networks (see Clear Choice Test).

What to call these new boxes - as well as what constitutes an appropriate feature set - is open to debate, given the immaturity of the market space. Vendors are toying with the term application front-end devices in an attempt to promote how they might improve the delivery of all applications within the corporate enterprise network. But this moniker does not indicate that the devices are best suited, at least for now, toward improving the delivery of Web-based applications. So for now, we're calling them Web front-end devices.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

When it comes to speeding up content delivery, Web administrators want it all. Until recently they couldn't get it.

While they've relied on Web server load balancers to address ever-increasing loads on high-traffic sites, these switches don't generally address other acceleration and security requirements. Enter a new class of specialized devices from Array Networks, NetScaler and Redline Networks (see Clear Choice Test).

What to call these new boxes - as well as what constitutes an appropriate feature set - is open to debate, given the immaturity of the market space. Vendors are toying with the term application front-end devices in an attempt to promote how they might improve the delivery of all applications within the corporate enterprise network. But this moniker does not indicate that the devices are best suited, at least for now, toward improving the delivery of Web-based applications. So for now, we're calling them Web front-end devices.

Most Web front-end devices focus on speed, scale and security. Features such as URL rewriting that can clean up complex URLs for usability or to improve search engine ranking are useful to an owner or a complex Web application. But other features included in these boxes - such as SSL VPN - seem out of place for fronting a Web farm. These features could be useful if the device is meant for a variety of other duties on the edge of the network, though.

Scale: Load balancers, Take 2

Traditional load balancers evenly distribute traffic among a group of Web servers based on simple metrics such as round robin, least load and fastest network response. Web front-end devices typically offer the same feature, but their load and health checks are performed higher up in the protocol stack. For example, these boxes might look at HTTP response time for an entire transaction to determine speed, while traditional load balancers might look at simpler TCP level type response time.

Web front ends also can be used to improve the utilization of back-end servers. Typically Web servers might have to maintain numerous user requests at once or have to address dozens of requests from one user for a typical Web page. The Web server might be tied up with network duties long after a request is served because it cannot terminate connections until the client receives the last packet acknowledgment. The devices can improve server utilization by terminating and multiplexing TCP and HTTP connections.

With a feature called TCP offload or connection multiplexing, a Web front-end device can set up multiple TCP connections to a back-end Web server and channel numerous client requests over these connections. These devices also might be able to make one HTTP request for an object and cache the result for multiple responses like a traditionally reverse-proxy cache. A Web front-end box can further reduce server load by offloading CPU-intensive duties such as SSL encryption/decryption and have features that help buffer load in surge conditions, holding connections for later fulfillment, and keeping the back-end farm from hitting a critical load.