Site icon SSL.com

Load Balancing, ADCs, and SSL/TLS

What are Load Balancers?

Load balancers use a variety of algorithms to efficiently distribute network traffic across a backend cluster of servers. Load balancing is a foundational technology of modern networked application availability and scalability; if a server in the cluster is unavailable or overworked, the load balancer will distribute requests to the other servers. To scale capacity up or down, servers (either hardware or, increasingly, virtual) can simply be added to or removed from the pool. The first load-balancing hardware appliances, introduced in the mid-1990s, used bi-directional network address translation (NAT) to distribute client connections to a single public-facing IP address among a farm of servers. Today, this load-balancing functionality is commonly performed by Application Delivery Controllers (ADCs), which are often software-based virtual appliances.

Application Delivery Controllers (ADCs)

Service-Based Load Balancing

The load-balancing functionality of modern ADCs is conceptually similar to earlier load-balancing appliances: A public-facing virtual server distributes network traffic to services running in a backend server farm and performs network address translation between clients and servers. However, ADCs can work in sophisticated and integrated ways with specific applications rather than simply distributing network traffic. By distinguishing between an individual host (a hardware or virtual server, represented by an IP address) and the application services running on it (for example a web server running on port 80 and a MySQL server on port 3306 of the same host), ADCs can base load balancing on the availability of and need for specific services, allowing tighter integration with application delivery. Rather than simply pinging a host to determine its availability on the network, a modern ADC can assess the health of the different services running on the host, and knows that if the MySQL service is sluggish or not responding, the HTTP service might still be up and running well.

Connection Maintenance and Persistence

Modern ADCs can also determine when it is necessary to suspend load balancing for the sake of maintaining an open TCP connection (such as an FTP or SSH session), or multiple, persistent connections to the same host. In web-based e-commerce transactions, for example, it is vital that a client’s series of HTTP connections persist with the same backend server. An ADC can use a variety of means to maintain persistence: SSL session IDs, cookies, or even client information such as usernames, further demonstrating the tight integration of ADCs with networked applications.

Load Balancing and SSL/TLS Offloading

If security considerations permit, it is possible to use a load-balancing ADC to offload SSL from the backend servers, freeing computing resources. In this situation, a signed SSL/TLS certificate is installed on the ACD. The client establishes an encrypted connection with the load balancer, which in turn uses unencrypted protocols with the server pool (e.g. HTTP on port 80). Alternately, it is possible to install a unique signed certificate on each backend server by using the same subject alternative name on each certificate, allowing each server in the cluster to represent the same fully qualified domain name (FQDN).

F5 BIG-IP ADCs

Some of the most powerful and widely-used load-balancing ADCs are the BIG-IP series of hardware- and software-based appliances from F5 Networks. In addition to service-based load balancing, these ADCs provide:

For detailed information on requesting, installing, and managing signed certificates from SSL.com on F5 BIG-IP ADCs, see our How-To, and do not hesitate to contact us at support@stg.ssl.com for more information.

And, as always, thank you for choosing SSL.com, where we believe a safer Internet is a better Internet.

Exit mobile version