5Get rid of hackers and viruses for



Similar documents
How To Set Up A Net Integration Firewall

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

AppDirector Load balancing IBM Websphere and AppXcel

Special Edition for Loadbalancer.org GmbH

Radware s AppDirector and AppXcel An Application Delivery solution for applications developed over BEA s Weblogic

5 Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE

Security perimeter white paper. Configuring a security perimeter around JEP(S) with IIS SMTP

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

Radware s AppDirector and Microsoft Windows Terminal Services 2008 Integration Guide

Sonus Networks engaged Miercom to evaluate the call handling

White Paper Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012

Coyote Point Systems White Paper

Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.

APV9650. Application Delivery Controller

Web Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall.

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Availability and Disaster Recovery: Basic Principles

How To Test A Web Server

STABLE & SECURE BANK lab writeup. Page 1 of 21

Cisco Application Networking for BEA WebLogic

Deploying Secure Internet Connectivity

Introduction to Microsoft Small Business Server

1. Comments on reviews a. Need to avoid just summarizing web page asks you for:

Purpose-Built Load Balancing The Advantages of Coyote Point Equalizer over Software-based Solutions

Highly Available Service Environments Introduction

Lesson 7 - Website Administration

Superior Disaster Recovery with Radware s Global Server Load Balancing (GSLB) Solution

BASICS OF SCALING: LOAD BALANCERS

Radware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International.

Web Load Stress Testing

F5 Configuring BIG-IP Local Traffic Manager (LTM) - V11. Description

CS514: Intermediate Course in Computer Systems

The Internet, Intranets, and Extranets. What is the Internet. What is the Internet cont d.

Microsoft Office Web Apps Server 2013 Integration with SharePoint 2013 Setting up Load Balanced Office Web Apps Farm with SSL (HTTPS)

Load Balancing ContentKeeper With RadWare

Staying Alive Understanding Array Clustering Technology

7 Easy Steps to Implementing Application Load Balancing For 100% Availability and Accelerated Application Performance

Microsoft SharePoint 2010 Deployment with Coyote Point Equalizer

Barracuda Link Balancer

Barracuda Link Balancer Administrator s Guide

Cisco Application Networking for IBM WebSphere

Internet Redundancy How To. Version 8.0.0

SCALABILITY AND AVAILABILITY

The Network and The Cloud: Addressing Security And Performance. How Your Enterprise is Impacted Today and Tomorrow

An introduction to Hosted SQL database applications

Chapter 8 Router and Network Management

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v9.5.0 ONWARDS)

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v ONWARDS)

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1

Using Rsync for NAS-to-NAS Backups

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

DEPLOYMENT GUIDE CONFIGURING THE BIG-IP LTM SYSTEM WITH FIREPASS CONTROLLERS FOR LOAD BALANCING AND SSL OFFLOAD

Multi-layer switch hardware commutation across various layers. Mario Baldi. Politecnico di Torino.

Jenesis Software - Podcast Episode 3

SAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation

WHITE PAPER MICROSOFT LIVE COMMUNICATIONS SERVER 2005 LOAD BALANCING WITH FOUNDRY NETWORKS SERVERIRON PLATFORM

DVR Network Security

Intelligent Load Balancing SSL Acceleration and Equalizer v7.0

Firewall Architecture

Quick Start Guide.

Buyer s Guide to Managed WordPress Hosting

Small Business Server Part 1

Remote Support Your own virtual Marine-IT specialist on board

Chapter 1 - Web Server Management and Cluster Topology

Owner of the content within this article is Written by Marc Grote

Application Delivery Controller (ADC) Implementation Load Balancing Microsoft SharePoint Servers Solution Guide

High Level Design Distributed Network Traffic Controller

Automatic Hotspot Logon

WATCHGUARD FIREBOX SOHO 6TC AND SOHO 6

S y s t e m A r c h i t e c t u r e

Deploying the BIG-IP LTM v10 with Microsoft Lync Server 2010 and 2013

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

WINDOWS AZURE DATA MANAGEMENT

Introduction site management software

Video Conferencing and Firewalls

Develop an intelligent disaster recovery solution with cloud technologies

PFSENSE Load Balance with Fail Over From Version Beta3

About IHM VoIP. Description of IHM VoIP enabled products and protocols used.

NEFSIS DEDICATED SERVER

How To Manage A Network

Chapter 1 Introduction

USING GENIE REMOTELY

Expertcity GoToMyPC and GraphOn GO-Global XP Enterprise Edition

4 Delivers over 20,000 SSL connections per second (cps), which

Availability Digest. Redundant Load Balancing for High Availability July 2013

FIREWALL CLEANUP WHITE PAPER

Steve Goodman MCT, MCITP (EMA Exchange 2007, 2010, Office 365, Lync and Enterprise Admin), MCSE, MCSA, MCTS, VMware VCP 3+4 and Sun Solaris SCSA

axsguard Gatekeeper Internet Redundancy How To v1.2

Transcription:

Reprint from TechWorld /2007 TEChWoRLd ISSuE 2007 ThEBIG: 5 FIREWaLLS TEChWoRLd ISSuE 2007 ThEBIG: 5 FIREWaLLS TEChWoRLd ISSuE 2007 ThEBIG: 5 FIREWaLLS # # #

Load balancing is basically a simple task where it s hard to fail completely. Though under pressure, the products show their strengths and weaknesses. If you invest more money, you get a more stable product, but even a less pricey solution goes a long way. Radware Best Balance for the Net Tex t: per a forsberg photo: andre as eklund Radware s Interface a Winner It wasn t easy to choose a winner in this test. In the more advanced solutions Coyote Pont Equalizer E50si was a bit harder to work in than the others, but it s more than adequate for simpler solutions. Last year s winner F5 Big-IP 400 continues to perform in good health and provides great opportunities for advanced solutions with retained high stability and performance. This year it s not enough for a first place, though. Best in test is Radware Appdirector 1000, primarily for the excellent interface. The solution is sound and solid and performs excellently in our tests. It s also a truly stable solution for load balancing. Per A Forsberg, Product Tester per.forsberg@techworld.se Tested Products Coyote Point equalizer E50si F5 Big-IP 400 Radware Appdirector 1000 The solutions for load balancing are relatively simple today, compared to a couple of years ago. Even if the technology is developing and the tasks performed by the load balancers, are significantly more advanced today. Changing and masking outgoing traffic to hide the servers is one of the areas where a lot has happened. Another of those areas is directing the traffic to different servers, depending on the requested information. Scenario For mid-sized businesses load balancers can be used internally to extend performance or increase availability. They can also be used externally to make a web site or service more accessible. In the test we look at both these scenarios. In the first case we use Windows Servers, running Microsoft SQL in a cluster, and in the second one we use web servers with Internet Information Server. There are different price levels, depending on how advanced a solution you need, and how much data passing through the load balancer. The best product isn t always the most expensive and advanced. Different Operating Systems The need for load balancing varies. If it s just a quest for increased capacity, a load balancer is a perfect tool, since it s possible to have as many servers you like behind it. The servers can have completely different hardware and use different operating systems, as long as the service is the same. In reality it s quite common to have servers with the same operating system and software to simplify maintenance and development. Another common motive for using a load balancer is increased availability. In those cases it isn t enough to have multiple servers, covering for each other, it s also necessary to have double load balancers. This means that the prices in the chart on page 8 will be doubled too. To maintain a high availability, you might have to get redundancy on network switches, routers, and the Internet connection as well. A third motive for using load balancers is to improve performance when the users are scattered around different cities, countries or continents. With geographical load balancing it s possible to assess access times for different users and connect them to the closest server. Of course there will be some redundancy, if one server fails, the others can take care of its requests, even if the access times will increase As a rule, today s load balancers can handle all the tasks mentioned above, and the products in our test are no exceptions. Protect the Server from Attacks. Another advantage with using a load balancer is that it will protect your servers as well as remove overloads of faulty traffic. If the load balancer gets a non-complete request, the load balancer won t sent it on to a server, the user session will instead be aborted right away. This contributes to protecting your web server against DoS attacks, (Denial of Service) but it will also prevent other types of attacks against the servers. Since you define the available port (or ports) in the load balancer, the servers behind it get additional protection. TechWorld 2007 techworld.se Reprint from TechWorld 2007 techworld.se

Fast and easy. The entire configuration of Radware Appdirector 1000 can be performed through the web interface, which is easy to use as well as fast. The built-in surveillance reacts quickly if something is out of order. Installation jungle. When you configure F5 Big-IP 400 there are so many parameters that you might get lost. Luckily the help is close by and explains what everything means right away Central management. Appdirector can also be administered through a central Java application. The Java application can manage all Radware products and draw a graphic scheme of the network as well as performing every necessary setting in an easy and perceptive manner. Time differences. With Big-IP it s easy to get reports of the traffic flow through the load balancer, as well as graphs showing the differences over time. If a user sends a request, for example an URL, asking to show a web page, the request is forwarded to the load balancer, which looks at the incoming packet and sends it on to the server with the least workload. Simultaneously, the load balancer adds identification to the packet, so it can connect he request with the right user. When the server sends the answer, the load balancer forwards it to the user. Several Requests in one Session To enhance performance the load balancer can facilitate the use of the servers behind it. The load balancer can choose to send the requests from several different users in the same session, which means that the server won t use as much processing power and memory on several simultaneously open sessions. If you use encrypted traffic the load balancer can act as a SSL terminator and take care of the encryption to and from the user. It s a common feature in today s load balancers and all the products in our test can do it, with slightly different performance results. Depending on how many different sessions the web servers usually manage, the performance gains can be huge. Sometimes a server can manage twice as many requests if it won t have to take care of thousands of simultaneous sessions. But the performance loss could be caused by the hard drives or the software. Visitors from the Web To test if the load balancer works in real life situations and if users are lost or get the wrong answers we set up a testing environment which simulates users coming from the Internet to our load balancers. We used Windows servers with Internet Information Server to deliver a web service. The clients connecting to the load balancers used different scripts to simulate a user clicking his or her way around the web server, and stored the results of our comparisons. Everything turned out well during our tests, and the load balancers managed to sort out which client had sent which request even when we increased the traffic and when we let every workstation act as several clients. This process is normally performed through cookies, but what happens if the user turns them off? You can configure F5 Big-IP 400 to use cookies primarily. If it isn t possible, it can use session ID or IP address for identification instead. Harder to Find Settings Radware Appdirector 1000 works in a similar way and even if it s a bit harder to find Everything turned out well during our tests, even when we increased the traffic the settings, they are there. Coyote Point doesn t differ that either, but it s not quite as efficient as the others in the test. Persistant sessions, as the feature is often called, are necessary to manage protocols with real time streams, for example IP telephony, but also for load balancing of Terminal Services. The load balancer must analyze the traffic contents and identify different users. Instead of placing a cookie in the user s web browser, the information is stored in a chart in the load balancer. The stored information consists of active streams and to which server in the cluster the session is directed. Misplaced Information All above is enough for most cases, but if the users are coming from a network using Network Address Translation, NAT, or a firewall which hides the addresses, the load balancer and the firewall on the user side might fail and send the wrong information to the wrong user. We didn t obtain that during our tests, but from experience we know that it might occur. If you work with logins to a web server and want the users to have access to sensitive information, the most secure way is to use cookies to increase the reliability. There are different ways to distribute the traffic between the servers. With the Round robin method the load balancer distributes each new request to a new server. When it has reached the last server it starts with the first one again. A Fast and Simple Method The advantages with this method is that it s fast, easy and works excellently, if the servers have the same hardware and if the incoming requests don t bring different loads to the individual servers. Weighted distribution is an alternative to Round robin where you can decide if one server should manage twice the traffic as another and so on. The problem remains though, that you don t know the servers status and if they can manage the workload. A more common method is to make the load balancer check the traffic sent to and from the service and estimate the number of active sessions and how long it will take the server to send an answer. By comparing the response time with the server s normal response time and the response times of the other servers in the cluster, the load balancer makes an intelligent distribution of the traffic. With this method it s easier to do a better distribution, which is particularly important when one user request requires more from the server than another user s. It s more common in other areas than simple web servers, for example in connection o streaming video, IP telephony or database searches. To test this we made the server cluster act as database servers and let the clients make advanced searches or simply add and remove data. Rising Memory Questions F5 Big-IP 400 can determine the traffic in active sessions; compare traffic to and from different servers and measure the workload for each server by asking questions about processor workload and memory from time to time. The requests in our Windows server 4 Reprint from TechWorld 2007 techworld.se Reprint from TechWorld 2007 techworld.se 5

Minute compilations. The surveillance options with Coyote Point Equalizer E50si are relatively sparse, as shown in the minute compilations with status for the number of session. No extras. The entire configuration of Coyote Point is done through the web interface. It includes every essential setting, and not much else. The interface itself is also fairly simple. Port inspection. There are huge differences between the load balancers, from the inside and out. F5 and Radware have switched ports, working with VLAN to connect different clusters and leading them out on the Internet. test used Windows Management Instrumentation, WMI, but it s possible to install a program which gives information to the load balancer. Though the program will somewhat reduce the server s performance. Radware Appdirector 1000 and F5 work in similar manners, but in our opinion the former is more efficiently built. Both F5 and Radware manage the task capably and distribute the traffic between the servers efficiently. Coyote Point has solutions for traffic management as well, but it s evident that the performance isn t up to par with the others. The hardware in Coyote Point is simpler, which shows when it has to work with more advanced tasks. Differences in Administration Before we could test the load balancers, they had to be appraised and configured. And in this part we found some differences between them. After the basic configuration with network settings and gateways, we had to characterize our servers, their IP addresses and weigh the distribution between them. The administration of Coyote Point Equalizer E50si is entirely done through the web interface, which is quite plain, though the simple shell makes is easy to find the necessary settings. In less than five minutes it s ready to distribute the traffic to the server cluster. Coyote Point has the least finesses in the test; among other things the report feature is a bit too simple. It s fairly easy to find the settings, even if you haven t used the products in several years. The settings are few and the names of the different parts of the configurations are quite self-explanatory. F5 Big-IP 400 was appointed Best in test in the test last year. Back then we praised the management web interface, among other things. But since then, not much has happened, which in fact is a good thing. The help feature is always close by, and it s easy to navigate in the different setting categories. The status page provides traffic information, both in text and graph format. Other than that, there are plenty of different report features, available directly in the web browser. Spreading the Information One feature F5 proudly offers is forwarding relative URL s to other clusters or obtaining certain information from another place. For example, the pictures to be downloaded are usually static, even if the rest of the page is dynamic and adapted to each unique user. F5 can be set to get the pictures from one In less than five minutes we ve got it configured from scratch server and the rest of the page from another. This way, the information is distributed in aid of the server, which can focus on putting the dynamic pages together. Hard to Remember If you don t have to change anything in Big IP 400 for several years, it can be a bit hard to find the settings or remember which window did what. In those cases the built-in help provides a huge support, but we can t help glancing furtively at Radware s solution. Radware s administrative web interface reminds us of the one in F5, with just about the same setting categories, and the same features and choices. The help feature isn t as good as the one in F5, but quite sufficient for the task. The thing which makes Radware s web interface easier to work in is the page setup and the configuration. Radware s central administrative interface is also a strength, while working with multiple load balancers. I you have several Radware applications it s a boon that all of them can be managed from one program on your own computers. The configuration can be performed in advance, stored as files and easily implemented if needed. Backup copies of configuration data and restoring settings from configuration files are also possible in Coyote Point and F5, but Radware s solution is one step ahead. Good Performance In spite of some flaws and failed configurations, we are very pleased with the performance of the load balancers. We couldn t get comparable data in the test we exposed them, in part since we couldn t stress them to their limits, and also since the performance of the different models aren t the same. Yet our advanced tests, where several clients work from the same IP address to the database, show that everything works as intended. This is also apparent when we use around twenty concurrent sessions from each Precision work. Configuring our test networks craved tense concentration. There are plenty of settings and choices and the suppliers use different terminology. Reprint from TechWorld 2007 techworld.se Reprint from TechWorld 2007 techworld.se

It shows that F5 and Radware have influenced each other client and run the same script from five different workstations and get one hundred simultaneous sessions. It doesn t prove that everything will work with several thousand or tens of thousands simultaneous sessions, but in our opinion it at least points in that direction. Three tight test participants In spite of the thorough tests we put the load balancers through - the setting options and the performance tests it s hard to separate them. Load balancing is basically a pretty simple task. We couldn t get any of the load balancers to fail in the traffic distribution, which of course is a positive trait. It s clear that Radware and F5, with more expensive and advanced hardware solutions, provide a more stable impression than Coyote Point, which in effect uses a modified standard computer for the load balancing. Coyote Point is also a lot more inexpensive than the others. When we look at features and finesses it shows that F5 and Radware have influenced each other and have just about the same features. One of them would be the best solution for advanced load balancing. Coyote Point Equalizer E50si is first and foremost intended for load balancing of normal solutions like databases and web servers. Without doubt it can manage some more advanced tasks, but it doesn t hold up to F5 and Radware. Coyote Points most advanced load balancer doesn t reach the level of the opponents, but it s enough for solving most problems. If you, on the other hand, work with really advanced solutions, want the best performance, and regard a fast workflow as the most important feature, the most advanced load balancers from F5 is almost impossible to beat. The Must-have Interface Except the traffic management, the configuration and administration of the different load balancers are important as well. The interface of Coyote Point is rather Spartan and the company could learn a lot from F5 and Radware. Radware s central administrative interface Apsolute is essential if you have a large network with load balancers or use other Radware products. Per A. Forsberg works as a Network and Security Consultant. He can be reached at per.forsberg@ techworld.se. Facts & Grades Load Balancer Radware Appdirector 1000 F5 Big-IP 400 Coyote Point Equalizer E50si Price SEK 25,000 SEK 210,000 SEK 48,000 Version 1.02.04 (build 25) 9.1.2 7.2.2c Support Different packages. SEK 42,000/year for support around the clock, software upgrades and next day replacement warranty. Different packages. SEK 20,000/year for support around the clock, software upgrades and next day replacement warranty. Updates and daytime support include. SEK 54,000/year for three years support around the clock and extended replacement warranty. Cluster Max 1+1 unit as hot spare for failover/high availability. Max 1+1 unit as hot spare for failover/ high availability. Max 1+1 unit as hot spare for failover/ high availability. Installation & Configuration Administration Features & Finesses Solidity / Stability Totalt 7 out of 10 8 out of 10 6 out of 10 18 out of 20 1 out of 20 10 out of 20 22 out of 0 22 out of 0 16 out of 0 0 out of 40 out of 40 20 out of 40 77 7 52 OF 100 O F 10 0 O F 10 0 Reprint from TechWorld 2007 techworld.se

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information