BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
An application delivery controller (ADC) is a network component that manages and optimizes how client machines connect to web and enterprise application servers. In general, a controller is a hardware device or a software program that manages or directs the flow of data between two entities.
An ADC performs load balancing between servers and accelerates applications. As the technology has evolved, newer ADC offerings have expanded functions that surpass traditional load balancers and first-generation ADCs, such as Secure Sockets Layer (SSL) offloading, rate shaping or firewalls for web applications.
How application delivery controllers work
An ADC essentially functions as a load balancer, optimizing end-user performance, reliability, data center resource use and security for enterprise applications. But ADCs also perform other functions, like application acceleration, caching, compression, traffic shaping, content switching, multiplexing and application security.
An ADC accelerates the performance of applications delivered over the wide area network (WAN) by implementing optimization techniques, such as application classification, compression and reverse caching. Typically, ADCs are placed behind a firewall and in front of one or more application servers to act as a single point of control that can determine the security needs of an application and provide simplified authentication, authorization and accounting.
An ADC can be deployed physically as a hardware appliance or virtually as software, running on an 86x server. Virtual application delivery controllers are particularly useful in large enterprise data centers and cloud computing environments where customers need to be able to scale capacity up and down as application demand fluctuates.
ADCs provide Layer 3, 4 and 7 load balancing. In Layer 3 and 4, traffic is distributed on the basis of subnets and IP addresses, TCP session information, protocols and port numbers. Layer 7 functions are content load balancing -- distributing traffic based on URL, domain, Hypertext Transfer Protocol (HTTP) header or query. ADCs vary based on the ability to support different applications.
ADCs alternate connections between devices and may use round robin, response time or least packets approaches. Modern ADCs are able to determine the health of a server, an important step before sending traffic that otherwise might reach an overloaded server. Many protocols are used for monitoring, including domain name system (DNS), File Transfer Protocol (FTP), HTTP, HTTP Secure (HTTPS), TCP, User Datagram Protocol (UDP) and others.
By carrying out TCP multiplexing, ADCs compress the number of TCP sessions to save network bandwidth, sending multiple signals at the same time. Multiplexing is significant because, on application servers, device load and exchange traffic grow exponentially with new sessions. Most ADCs also support integration with the existing network and dynamic routing protocols, such as Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Virtual Extensible LAN (VXLAN) or emerging software-defined networking (SDN) protocols. Additionally, ADCs are intended to take the SSL processing load off of servers, accelerate applications and maintain high availability (HA). These systems also increasingly offer virtualization support, multi-tenancy and forms of central authentication.
ADCs play an important role in network security, providing, among other benefits, a first line of defense against distributed denial-of-service (DDoS) attacks. Through the use of such techniques as firewall load balancing, intrusion prevention and detection and web application firewalls (WAFs), ADCs are engineered to handle DDoS attack traffic and keep that traffic from flooding servers.
In other cases, ADCs can terminate SSL tunneling attacks. To guard DNS servers, some ADCs come with a DNS application firewall to stop a sudden influx of DNS traffic to a server.
WAFs are also used to stop cross-site scripting (XSS). Depending on the vendor, this may be treated as a built-in feature with the ADC license or a special add-on. WAFs can disrupt Structured Query Language (SQL) injections, eliminate cookie poisoning and protect access to sensitive data.
Some ADCs also offer data loss protection, where data is inspected to determine if it meets company policies and flagged or blocked if it is malicious or a violation of those policies.
Advantages and issues with ADCs
Among their other benefits, ADCs provide application load balancing, secure application delivery and manage application behavior. They can be installed as hardware or virtualized software, giving enterprises additional flexibility in how they are deployed. They can also support the use of dedicated microservices within enterprises environments by efficiently managing the internal data traffic generated by these services. Recent ADC enhancements include support for containerized applications and comprehensive analytics, which allow enterprises to more efficiently manage traffic flows within their operations. As a result, ADCs offer many more features and improved performance.
ADC features are proprietary, so comparing competing ADCs can be a challenge. Each ADC will process traffic differently, which may cause performance bottlenecks and other operational issues. Decrypting and offloading SSL traffic can consume significant resources.