What is an Application Delivery Controller (ADC)?

Application Delivery Networking

Application delivery networking is the practice of creating a framework of technologies that work together to provide the appropriate levels of availability, security, visibility, and acceleration to networked applications. These application delivery networking technologies feature their own proprietary CPUs and generally reside at the network endpoints. They enhance the delivery of applications across the Internet via a variety of optimization techniques.

What is an Application Delivery Controller?

As the name describes, an Application Delivery Controller (ADC) delivers application services and controls communications between clients and application servers. The term controller, in this context, is the function of managing (or controlling) the flow of data between computing systems, such as client devices and application services, optimizing application performance, availability and security.

ADCs Act as a Reverse Proxy

Client requests interact with the ADC, and the ADC, acting as a reverse proxy, interacts with application servers on the client’s behalf. Since the ADC is in the data path, application acceleration, monitoring, management and security services can be performed in-stream.

The diagram below shows a common configuration, with the ADC residing in the DMZ network subnet, inspecting and securing network access from clients residing on the Internet.


Commond ADC Configuration within DMZ

Application Delivery Controller Services

Server Load Balancing (SLB)

Server Load Balancers are a standard part of many enterprise and cloud infrastructures. SLB systems provide application:

  • Availability
  • Scalability
  • Performance

Health Monitoring

Since ADC’s are in the data path between clients and applications, they have visibility of application behavior and performance. ADC systems can monitor, analyze and log client requests coming to the application as well as the application responses. This visibility is often only available easily to the end user, often after receiving performance issues. ADC systems can monitor and analyze application or server bad behaviors as these occur.

Application Acceleration

Application acceleration uses a number of technologies to improve application performance and response time over network connections. Such techniques include data compression, caching, connection multiplexing, and traffic shaping.

Acceleration technologies include network optimization. Network optimization overcomes network issues such as WAN latency, packet loss, and bandwidth congestion. Network optimization also addresses challenges that adversely affect application performance such as "chatty" protocols, e.g. HTTP and CIFS/SMB, and inefficiencies in TCP/IP stack implementations.

SSL Offload

ADC often have SSL offload capabilities to move the load of terminating SSL sessions from the application server to the ADC. The ADC removes load from application servers, which often perform SSL operations in software, and performs this operation in SSL hardware platform residing in the ADC platform.

DDoS Protection

DDoS attacks are increasing in frequency three to four times year after year. These attacks cause serious disruption to businesses, often costing millions of dollars.

ADC platforms often offer DDoS prevention and mitigation systems will block attacks at the edge of the network, preventing these attacks from reaching the application servers. When the ADC has SSL offload enabled, DDoS attacks using SSL tunneled traffic can be detected and blocked safely at the ADC, without exposing applications and servers.

DNS APPLICATION FIREWALL

ADCs have been deployed to protect, load balance and ensure availability for critical DNS infrastructure by Internet and DNS service providers.

Challenges in protecting and optimizing DNS infrastructure

  • Malicious and Invalid Traffic Hitting DNS Infrastructure
  • Distributed DDoS Attacks on DNS Infrastructure
  • Increased DNS Infrastructure Pressure (growth and browser)

Reduce load for protected servers (up to 70%)

  • Legitimate DNS protocol traffic is allowed only, non-DNS traffic can be denied
  • Predictable load through high performance Surge Protection
  • Increases protected DNS server capacity while freeing resources to address increased load

Increased security for backend servers

  • Optional quarantine (redirection) of malicious or invalid traffic for inspection
  • Guarantee uptime regardless of DDoS attacks (hardware based SYN flood protection up to 50 million per second)

Web Application Firewall

Some ADC products built in a Web Application Firewall (WAF). A WAF is used to protect against web attacks and shield applications from security vulnerabilities. These security threats include Cross-site scripting (XSS), SQL injection, cookie poisoning, data form overruns, and various mal-formed HTTP packets. Some vendors include this feature with the ADC license.

Central Authentication

Application Delivery Controllers can act as a central authentication point. Clients can send their authentication session to the ADC which then is responsible for verifying authentication and authorization. ADC systems can interface with a variety of AAM systems. Providing central authentication services offloads the application servers from this processing load and reduce complexity in the application environment.

Multi-Tenancy Support

SDN and multi-tenancy networks are complex and require network systems to be aware of these new protocols and technologies. Overlay SDN protocols such as VxLAN and NVGRE encapsulate IP data streams. Network devices, such as ADC systems, are often required to see inside these encapsulated network streams to properly control and steer traffic.

Related Terms

  • Hardware Load Balancers
  • Network Load Balancers

How A10 Can Help

The A10 Networks line of Application Delivery Controllers is designed to help organizations simplify and streamline their approach to application delivery networking.

  • The Thunder Series comprehensive traffic manipulation features, load balancing methods and health checks, coupled with flexible deployment methods, make the Thunder Series ideal for a wide variety of deployment scenarios.
  • The core of A10 ADC platform covers a wide range of options for load balancing methods and health checks. Comprehensive IPv4 and IPv6 support across all models maximizes options for current and future deployment.
  • Web Application Firewall is included with A10 ADC platform.
  • All A10 ADCs have advanced capabilities such as customized traffic transformation with our aFleX scripting tool, a comprehensive RESTful management API (aXAPI) enabling automated provisioning and support for multi-data center Global Server Load Balancing (GSLB).

Learn more about the A10 portfolio of high-performance ADCs. Download the white paper Evolution of ADCs: The A10 Advantage Over Legacy Load Balancers.