Beruflich Dokumente
Kultur Dokumente
Glossary of terms
Appendix A............................................................................................................................................8
Overview
Server health checks that determine whether individual servers
are up or down
As the global business environment has evolved, companies have Load balancing algorithms that determine which of the up
significantly expanded their reliance on remote and mobile access application servers will receive the request
to business applications over the Internet. Applications that must
The most common algorithm is a round-robin that prompts the
be available to employees in the field, in branch offices and in
load balancer to go down the list of servers from top to bottom
home offices are increasingly delivered via a corporate intranet or
and then begin again. However, this assumes all requests
portal. Further, for many organizations, externally facing websites
will have a similar load and duration, and that all servers are
are an integral component of day-in/day-out business interactions
available. More-advanced algorithms use factors such as server
with customers, suppliers and partners. In addition, due to the
utilization level and current-connection counts to select the most
incorporation of Web 2.0 functionality, applications have become
appropriate server.
far more dynamic and interactive compared to their predecessors.
For all these reasons, businesses recognize they cannot function Initially, load-balancing capabilities were built directly into the
effectively without a robust solution to ensure uninterrupted, application software or the operating system of the underlying
secure and high-performance access to network-based business application server. These approaches transitioned into using
applications and corporate websites. application-neutral, purpose-built, network-based appliances.
Network-based appliances enable load-balancing of all
This reliance upon Internet-delivered applications has also
applications, not just those with built-in functionality.
changed how businesses look at their underlying network
infrastructure. On one hand, organizations understanding of how In addition to these advancements, the load balancing process
critical network infrastructure works has never been higher. On itself needs to evolve from simple packet delivery to application
the other, companies want to know explicitly how the network delivery. The increasing demands for high availability, reliability
is enhancing their ability to deliver new application services. and security of application access are driving the need for
To a business, the networks value is not its own availability, load balancers to provide not only traditional networking traffic
performance and security, but rather its ability to improve management functions, but also a comprehensive set of network-
the availability, performance and security of the businesses level and application-level services.
applications it serves.
To ensure the business is getting the investment protection to
As such, networks must evolve from highways designed to push meet both near and longer-term requirements, todays load-
packets into more-active participants in the end-to-end delivery of balancing solutions should provide the following functionality as
application services. For this to occur, many components of the part of either the base offering, or as post-deployment software
network will need to evolve at a fundamental level. upgrades:
Improving network traffic management Global server load balancing
Layer 4 load balancing In addition to enhancing load balancing with Layer 7 request
switching, organizations can benefit from global server load
Directing traffic based upon IP address and port number has balancing (GSLB) across the entire enterprise. GSLB balances
become standard functionality, but that doesnt diminish its requests from users across a geographically distributed set of
importance. Solutions must support a wide variety of load- server farms based on health, load or proximity. Effective solutions
balancing algorithms that direct traffic based upon network, server support several load-balancing algorithms (e.g., least response
and application loads. time, least packets), as well as geographic proximity and network
proximity, to intelligently distribute the load across multiple
Session persistence: In some cases it is important to have a datacenters. GSLB gives network administrators the ability to
single server handle all of a users transactions for the length of provide high availability and optimal application performance
that session. The obvious one is online shopping. Regardless for remote users worldwide. Other benefits include reducing
of how the user jumps around looking at brochure content, bandwidth costs and latency.
their shopping cart entries have to go to the same place all
the time. Session persistence ties the requests from one As part of a comprehensive business continuity solution, global
client to the same server node. Common functionality used server load balancing transparently ensures that requests are
to maintain session persistence includes cookies and header routed only to datacenters or failover sites that are operating
IDs. However, maintaining persistence for the latest generation normally. GSLB technology gives IT administrators the ability
of applications can require basing persistence on application- to create policies defining site health based upon site status,
specific content (e.g., a transaction ID in an XML document) connection load and packet rate. By continuously monitoring
carried in the payload body. the health of each datacenter and associated network links,
GSLB solutions maintain a global view of the entire hosting
Server health monitoring: Health checks to ensure a servers infrastructures status. In the event that a hosting site cannot
availability can prevent directing of a request to a failed server. meet the criteria of the health policy, further incoming requests
At a basic level, the load balancer can keep checking the are automatically directed to sites still deemed healthy. When
server port to determine its status. However, just because availability is restored, new requests are transparently directed
the network and server are responding doesnt mean the back to the original site.
application itself is available. Solutions should be able to
check the health of the applications themselves when marking
servers or services up or down.
Layer 7 request switching High application availability with Global Server Load
Balancing
To advance to the next generation of traffic management,
load balancers began to use Layer 7 of the OSI model the A U.S. beverage company needed a solution to load-
application layer to read the packet payload instead of just balance requests from global users to access a mission-
the addressing information to determine the best place to send critical application over the web. Through global server
the traffic. Content switching at Layer 7 provides intelligent traffic load balancing capability, the solution directs user
management, enabling application-layer information such as client requests to the optimal server, provides high availability,
type, requested URL, cookie information and application software maximizes server resources, and provides traffic
usage to be used to optimize delivery, without requiring changes management for the companys multi-site enterprise.
to Layer 4 network addressing.
that accelerates application performance has become critical Compression: Compressing content minimizes the amount of
in meeting the larger business goal of successfully delivering data that must traverse the wire and also decreases the back
applications over the Internet. and forth overhead of TCP that is so sensitive to latency.
Network congestion is reduced, and applications can be
All too often, problems with application performance are deemed accelerated by three to five times.
to be a function of server hardware after network infrastructure
has been ruled out. Although the server has a direct impact on SSL Offload: Offloading encryption/decryption onto a
processing performance, it is not necessarily directly related to dedicated device to reduce datacenter costs removes the
application performance. There needs to be a distinction between burden of SSL processing from the server. Offloading can
processing and application performance. Simply increasing significantly lower CPU utilization and even enable fewer
processing power in a server may have little or no effect on servers to handle application loads.
application performance and scalability. The same may be said for
adding load-balanced servers to cope with increased load. TCP Multiplexing: TCP overhead can slow any applications
performance. TCP optimization reduces the number of client
connections each application server has to deal with while
Offloading tedious or repetitive processes from application servers
optimizing server response. The result is a server that can
can free them to perform their main functions of serving content.
support an increased number of users. This can extend the life
Offloading also enables servers to scale up beyond their original
of existing hardware while delivering application content with
capacity while accelerating application content delivery.
much better performance.
Application-aware delivery firewalls because they look at all content within every request
and response. Some application firewalls look for certain
For networks to provide true business value, they must advance attack signatures to try to identify a specific attack that an
from merely transporting network packets from point A to point intruder may be sending, but this only protects against known
B to actively improving the applications themselves. To do this, attacks. True application-layer defense protects against known
solutions must be able to inspect all aspects of application traffic, and unknown attacks.
take action based upon this inspection, and potentially change
or act on behalf of the applications themselves. With these
capabilities, the network becomes an enabler of overall business Improved security of access by home-based workers
agility and flexibility.
A newspaper publishing company wanted to enable
One of the most important capabilities is improved application
employees to connect to network resources from
security. Network firewalls and authentication solutions have
home computers to meet tight deadlines without
largely secured the network itself. However, applications
compromising security. An advanced SSL VPN solution
themselves remain surprisingly vulnerable to attack. Cross-site
allows IT administrators to define granular access
scripting, buffer overflows, SQL injection and other common
policies for different users. End-point analysis allows
hacking techniques are continually used to steal valuable customer
them to thoroughly check each device that connects to
and corporate data from applications.
the network and ensure it meets security requirements.
As application services are rolled out to employees, agents, With these security capabilities the company agreed
customers and contractors on a global basis, the need to finely to let workers monitor content and make changes
control which users have access to which functions in which necessitated by late-breaking news from home. Work is
applications has increased. SSL VPNs have emerged as the de performed more quickly, deadlines are met and people
facto method for providing trusted application access. Integrating do not have to drive into the office.
SSL VPNs and application security with load balancing and traffic
management strengthens end-to-end application security and
simplifies the IT infrastructure. Another important functionality that In many respects, the final frontier of successful application
improves application delivery is end-user performance monitoring delivery is obtaining direct feedback on how the applications
solutions. themselves are performing. Ultimately, applications and networks
are only as good as the perception of the people who use
SSL VPN with granular access control: With the prevalence them. Directly monitoring end users actual experience with an
of Internet threats, organizations need to control who is application is critical to understanding how effectively users are
accessing corporate applications and what actions they are served, and how well the network is working. The point in the
taking with each application. By integrating special SSL VPN network where load balancers are traditionally deployed is an ideal
technology with granular access control into a load-balancing junction for performing this monitoring. As such, solutions should
solution, administrators can control both access and actions provide the ability to directly and transparently measure and track
(such as downloading, printing or saving) of remote and mobile end-user performance.
users who want to connect to applications over the Internet,
mitigating the risk of opening the corporate network to threats.
Conclusion Application-aware delivery: NetScaler protects applications
from application-layer attacks, helping to prevent the theft
Fundamental changes are affecting networks, particularly the and leakage of valuable corporate and customer data. The
sweeping transformations of Web 2.0. Because Web 2.0 is latest version, 8.0, includes application firewall technology
driving greater user participation, openness and network effects, that proactively protects against application-layer attacks
tomorrows networks will require infrastructure that is agile, flexible and helps prevent theft and leakage of valuable corporate
and dynamic. Is your organization prepared for these changes with and customer data. It also includes real-time and historical
a load-balancing solution that can optimize application performance, page-level monitoring of the end-user experience with
ensure high application availability and provide tools to safeguard application performance. NetScaler 8.0 makes secure access
data and improve the application experience? Citrix NetScaler to applications easier by tightly integrating SSL technology
offers a powerful and comprehensive solution to these challenges. that automatically responds to each user scenario with the
appropriate level of application access, including control of
actions such as print, save and edit.
About Citrix NetScaler
Citrix NetScaler from Citrix Systems, Inc., is an ideal solution
for any enterprise organization seeking basic and advanced load
balancing capability combined with application performance
enhancement, improved application security and increased
application availability for users. Citrix NetScaler integrates all the
critical functionality of Layer 4-7 network traffic management,
application acceleration and application-aware delivery in a single
appliance.
Appendix A
Glossary of terms
Application firewall An enhanced firewall that limits access to the operating system (OS) of a computer. Conventional firewalls merely
control the flow of data to and from the central processing unit (CPU), examining each packet and determining whether or not to forward it
toward a particular destination. An application firewall offers additional protection by controlling the execution of files or the handling of data
by specific applications.
Application-layer attack Targets application servers by deliberately causing a fault in a servers operating system or applications, which
results in the attacker gaining the ability to bypass normal access controls.
Caching Local storage of remote data on a file server, which is designed to reduce network transfers and therefore increase speed of
download.
Compression Encoding data to take up less storage space and less bandwidth for transmission.
Content switching Allows traffic management to be based on application-layer content such as the information contained in the body of
a TCP or HTTP request.
Global server load balancing, GSLB, (also known as global traffic management) The load balancer distributes load to a
geographically distributed set of server farms based on health, server load or proximity.
Layer 4 (Transport layer of the Open System Interconnection model) Provides transparent transfer of data between end systems,
or hosts, and is responsible for end-to-end error recovery and flow control.
Layer 7 (Application layer of the Open System Interconnection model) Defines the services that directly support applications, such
as software for network management, electronic mail or file transfers. It interfaces directly to and performs common application services for
the application processes.
Load balancing A technique performed by load balancers to spread work between many computers, processes, hard disks or other
resources in order to get optimal resource utilization and decrease computing time.
SSL offloading Relieves a Web server of the processing burden of encrypting and/or decrypting traffic sent via SSL, the security
protocol that is implemented in every Web browser. The processing is offloaded to a separate device designed specifically to perform SSL
acceleration.
SSL VPN Provides a comprehensive, secure remote access technology for remote users without the use of additional remote client
software, but instead uses common client technology and industry-standard Secure Sockets Layer technology for content privacy.
TCP optimization Reduces the number of client connections each application server has to deal with while optimizing server responses.
Web 2.0 applications Deliver software as a continually updated service that gets better the more that people use it, consuming and
remixing data from multiple sources including individual users.
Web server farm A redundant cluster of several Web servers serving a single IP address.
Citrix Worldwide
Worldwide headquarters
Regional headquarters
Americas
Citrix Silicon Valley
4988 Great America Parkway
Santa Clara, CA 95054
USA
T +1 408 790 8000
Europe
Citrix Systems International GmbH
Rheinweg 9
8200 Schaffhausen
Switzerland
T +41 52 635 7700
Asia Pacific
Citrix Systems Hong Kong Ltd.
Suite 3201, 32nd Floor
One International Finance Centre
1 Harbour View Street
Central
Hong Kong
T +852 2100 5000
www.citrix.com
Notice
The information in this publication is subject to change without notice. THIS PUBLICATION IS PROVIDED AS IS WITHOUT
WARRANTIES OF ANY KIND, EXPRESSED OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE OR NON-INFRINGEMENT. CITRIX SYSTEMS, INC. (CITRIX), SHALL NOT BE LIABLE FOR TECHNICAL
OR EDITORIAL ERRORS OR OMISSIONS CONTAINED HEREIN, NOR FOR DIRECT, INCIDENTAL, CONSEQUENTIAL OR ANY
OTHER DAMAGES RESULTING FROM THE FURNISHING, PERFORMANCE, OR USE OF THIS PUBLICATION, EVEN IF CITRIX
HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE. THE USE CASES IN THIS PAPER ARE PROVIDED
ONLY AS POTENTIAL EXAMPLES AND YOUR ACTUAL COSTS AND RESULTS MAY VARY.
About Citrix
Citrix Systems, Inc. (Nasdaq:CTXS) is the global leader and the most trusted name in application delivery infrastructure. More than
200,000 organizations worldwide rely on Citrix to deliver any application to users anywhere with the best performance, highest
security, and lowest cost. Citrix customers include 100% of the Fortune 100 companies and 98% of the Fortune Global 500, as well
as hundreds of thousands of small businesses and prosumers. Citrix has approximately 6,200 channel and alliance partners in more
than 100 countries. Annual revenue in 2006 was $1.1 billion.
2007 Citrix Systems, Inc. All rights reserved. Citrix and NetScaler are trademarks or registered trademarks of Citrix Systems, Inc. and/or one or more of its
subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property
of their respective owners.
PDF-12-07
www.citrix.com