Load Balancer

Load Balancer Solutions

Application Aware Traffic Management & Integrated Web Application Firewall Technology

Secure Application Publishing | Performance | Resilience | Security

Solutions for On-Premise, Web-Facing, Hybrid and Cloud Services

> TMG Replacement Solution

> Cloud Based Load Balancers

> Web Application - Service Load Balancer

> Ensure the best possible reliability, performance and security for your on-premise, cloud or hybrid web based services.

> Service load-balancing with integrated security (application layer firewall: IPS / IDS, SSL Decryption, Authentication)

> Microsoft approved for business applications and cloud (Azure & Office 365)

> VMware validated solution for hybrid cloud (vCloud Air)

Load balancer diagram

Do you rely on web-based applications and mobile work force?

As organisations rely more and more on web-based applications and a mobile workforce, the importance of secure web application publishing continues to increase. A solution that provides edge security, SSO (single sign on) application integration and flexible authentication options is critical for optimal user experience and information security policy compliance.

SecureNet Consulting's Load Balancer ADC solutions are ideal for organisations looking for a high-performance, yet cost-effective application delivery and security solution. With the broadest range of hardware and virtual models providing maximum flexibility for organisations looking to build highly secure and scalable application infrastructure, whether it’s deployed on-premise, hybrid and cloud infrastructure.

> Application aware traffic management

> Integrated web application firewall protection

> Essential for secure web application publishing

> Ensure end-user / client quality of service

> Remove processing load off primary server resources

> 24 / 7 system resilience & security

> Lowest cost in market

> 1 year support included in all purchases

Headline Business Solutions

If you used or use any of the below technologies, then you need a Load Balancer / ADC (Application Delivery Controller) solution, to address / support business critical applications:

Replacement for the discontinued

Microsoft
TMG

Replacement for the discontinued

Cisco ACE

Cloud infrastructure:

- VMware vCloud Air

- Microsoft Azure

- Microsoft Office 365

- IBM Cloud

** Microsoft TMG Replacement **

Historically, many Microsoft applications such as Exchange, Lync, SharePoint and IIS-based web services were deployed with Microsoft’s Forefront Threat Management Gateway (TMG) to provide a way to securely publish applications in Internet Facing deployments.

With TMG having reached its end of sale and mainstream subscription support drawing to a close – The SecureNet Consulting Proxy & Load Balancer (ADC) solutions are ready to replace TMG as the most cost effective and highly performing solution in the mark.

Load Balancer Security Features

Feature	Benefit
Layer 7 Web Application Firewall (WAF)	Analyse HTTP/S traffic and identify attacks. A WAF does not replace the network firewall and is normally deployed between the network firewall and the web server infrastructure.
SSL encryption / acceleration / termination	Power of SSL processors integrated into the application delivery controller at no additional cost. Encrypt all HTTP traffic to protect business sensitive information. Remove the SSL transactions load from your production servers to the load balancer and save valuable computing resources.
Real-Time threat protection intrusion detection, intrusion prevention	Intrusion prevention provides real-time intrusion protection and alerting.
Reverse Proxy	Protect the web server(s) by preventing direct access from the internet (The proxy server masks the internal network). A reverse proxy takes requests from the Internet and forwards them to servers in an internal network.
Data Loss Prevention (DLP)	Ability to identify and track sensitive data.
Mitigation of the OWASP top ten common vulnerabilities	Protection for the most critical web application security flaws.
Support PCI-DSS compliance	See notes in this article below
Pre-authentication	Validates access of authenticating users prior to allowing access to application servers.
Single sign-on across virtual services	Provides authenticated users who are accessing multiple protected applications on the same domain with a “sign once and done” experience.
Host and Directory Level Security	Create access whitelists by defining the host names and directories accessible on published services.
Customisable forms based authentication	Manipulate and brand FBA forms used for published services to standardise all organisational application portals with a unified look and feel.
Security group membership validation	Restrict access to published applications based on AD security group membership.
RADIUS & Dual Factor Authentication	Require RADIUS or RSA SecurID authentication for user authorisation to add additional layers of control around identity verification.

Key Features

Feature	Benefit
Layer 4/7 Load Balancing	Deployed as a hardware, virtual appliance or software onto bare-metal, can intelligently load balance hardware or virtual servers running any number of Layer 7 and Layer 4 protocols.
Caching	Content Caching: it can cache content from the web server(s) behind it and thereby reduce the load on the web server(s) and return some static content back to the requester without having to get the data from the web server(s). Improving Performance with Content Caching. A reverse proxy may also cache content locally so that not all client requests need to be forwarded to a server. This can significantly reduce the server workload as frequently requested items such as brand images are served directly from the proxy cache. This also improves the client quality of experience as cached content is delivered without having to access back-end resources.
Compression Engine	Automatically compress content to minimise network traffic between application servers and the end user.
Content Switching	Full traffic control and can route requests to servers based on region, device, browser, or a number of other factors. This enables organisations to deliver customised application responses to users. For example ‘longer life’ and stable connections for Streaming video and audio content.
IPv6 Load Balancing	IPv6 traffic mixed with IPv4 traffic handling.
Support for Microsoft workloads	Certified by Microsoft as preferred Load Balancing solutions. Delivering Optimisation for Key Microsoft Workloads: Replacement for TMG Exchange 2010 / 2013 Lync 2010 / 2013 Remote Desktop Services SharePoint Dynamics Office Web Apps Azure-Hosted Workloads ADFS IIS
High Availability	Eliminates a single point of failure. Guaranty business continuity Ensure service availability
Multi-Site / Global Load Balancing	For scalability and high availability across data centres and hybrid environments (physical, virtual and cloud locations). Can be deployed to balance traffic among different sites in different geographic regions. Organisations can route traffic using a variety of methods such as primary disaster recovery (DR) or closest geographical data centre.
Pre-configured templates for Microsoft applications and virtual service	Pre-configured application templates are intended to reduce the time and effort required to deploy applications. In some cases, they reduce the time to minutes rather than hours or days. Commonly deployed models and versions of Microsoft Exchange, SharePoint, Lync, Terminal Services, IIS and various virtual server configurations.
Service aware health checking Resource based traffic distribution	See the health of your network—in real time. The traffic distribution is based on a load balancing algorithm or scheduling method. The scheduling are applied on a per Virtual service basis. Here is a list of the methods: Round robin Weighted round robin Least connection Weighted least connection Resource based (Adaptive) Fixed weighting Weighted response time Source IP hash

Addressing Payment Card Industry Data Security Standards Compliance (PCI-DSS)

Requirements Supported by Web Application Firewall Load Balancer:

PCI-DSS Section 1.2: Deny traffic from untrusted networks and hosts
Limit access to only explicitly allowed entities using only the protocols that are dictated as allowable.

PCI-DSS Section 3.3: Mask account numbers when displayed
Prevent the leakage of sensitive PII (Personally identifiable information) data as often exploited through a variety of application vectors.

PCI-DSS Section 3.5: Protect encryption keys against disclosure and misuse
By supporting FIPS 140-2 Level 2 compliance, the load balancer, protects encryption keys while delivering application firewalling.

PCI-DSS Section 4.1: Use strong cryptography and security protocols
Provides an overlay for applications that may have not been originally developed to leverage SSL and TLS sessions to improve environment security.

PCI-DSS Section 6.6: Audit and correct application code vulnerabilities or institute an application firewall
Enable ongoing real-time protection against the latest application threats to prevent the exploitation of potential application code vulnerabilities.

Microsoft Applications

Approved by Microsoft
Optimised to provide high availability and application traffic acceleration for Microsoft platforms:

Microsoft Exchange 2010 & 2013 / Microsoft Lync

Microsoft SharePoint

Microsoft Remote Desktop Services

Active Directory Federation Services

Custom Web Applications

All of the load balancer features work together to improve application response time, scalability and capacity to meet the needs defined for Microsoft workloads.

provide a virtual Application Delivery Controller for Hyper-V

also ideal for Windows Azure provides true load balancing in the cloud to offer Layer 7 front end services for critical applications as they migrate into the Windows Azure environment.

Microsoft Exchange

Make your Exchange more reliable, scalable and accessible

Instance failures, hardware migrations and even simple tasks such as mailbox moves all resulted in service interruptions that slowed business communications and negatively impacted the KPIs of the Exchange administration teams. Load balancers help improve performance, reliability and availability of your entire Exchange messaging platform.

Microsoft Lync

In both Lync 2010 and 2013, there is a core requirement for load balancing and reverse proxy services. While DNS load balancing provides high availability and traffic distribution for certain pool services, HTTP traffic requires an external load balancer. These two methods can be combined across an environment for a highly performing and reliable infrastructure. Additionally, published HTTP services require a reverse proxy.

Microsoft RDS

Improve 'Remote Desktop Service' deployments
Provide high-speed load balancing, content switching, data compression, content caching and SSL offload / acceleration.

Microsoft SharePoint

It is recommended that high availability and disaster recovery be of the highest priority when engineering SharePoint environments since other important aspects such as performance and capacity are negated if farm servers are unavailable or cannot be recovered after an unexpected failure.

SharePoint high availability is achieved in the web tier by deploying multiple front end servers to serve web pages and host web parts. A load balancer directs traffic across these servers, monitors health, data compression on responses to application requests to reduce bandwidth utilisation and ensures that the best possible target is used for individual requests. When combined with content caching to reduce the number of requests that have to be directed to pool servers for static content, improved application performance results.

Microsoft Active Directory (ADFS)

Active Directory Federation Services (AD FS) is a Microsoft identity access solution.

If you are using AD FS, you can utilise the inherent processing proxy authentication requests in the load balancer device to internal AD FS servers without requiring additional AD FS proxy (WAP) servers. This can help customers save, hardware, software and management costs associated with maintaining additional AD FS proxy servers.

Microsoft Azure (cloud)

Moving your IT Infrastructure to the Cloud? Utilising Microsoft Office 365? Running on Microsoft Azure?

Ensure capacity and performance.
Native Azure load balancing is not application aware.
Layer 7 application load balancing & content switching
Looking for a Hybrid infrastructure solution (of on-premise, supported by services delivered anywhere from the cloud)?
Layer 7 application load balancing allows you to seamlessly move existing private cloud enterprise applications into a hybrid deployment using Azure and scale your application delivery services as application needs increase.
Ensure high availability across ‘on-premise’ and ‘cloud based’ application pools.
Provide intelligent global traffic distribution across multiple private cloud infrastructures and Azure.
Provide visibility into encrypted traffic.

Hybrid Cloud

Simplify disaster recovery
Secure delivery of application services to users around the world

Load-balancing protection for VMware, vCloud Air, Virtual Workspace and Desktop deployments.
Application delivery and load balancing are critical services for the successful operation of virtualised application infrastructures.
Enable comprehensive monitoring and simplifying application related troubleshooting for the assurance of performance and systems health.
Enhance and protect your native on-premise virtual environment, with test / dev and web services being provisioned from vCloud Air. Enhance performance with capabilities such as content switching, SSL offload, edge security services, server name indicator and multi-protocol application persistence.
To provide high availability and improved scalability VMware recommends that multiple Gateway VAs and Connector VAs be placed in load balanced clusters. In fact, if you do not use a load balancer, it is impossible to expand the number of Gateway VAs that are deployed.

Solution benefits of load-balancer for hybrid cloud infrastructures

Intelligent hybrid traffic distribution – In the event an application server or whole site goes down – the load balancer enhances user experience and simplifies disaster recovery (DR) by directing users to the best target.

Multi-Protocol application persistence enables persistent client communication with applications leveraging multiple protocols per session.

Layer 7 UDP support provides advanced load balancing capabilities for applications reliant on UDP communication in vCloud Air.

SSL offloading accelerates application performance by relieving VMs of processor-intensive SSL handshaking, key exchange and encryption.

Edge security services provide support for single sign-on, dual-factor authentication and security group validation.

Server name indicator and content switching offers services needed to enable multi-tenant applications hosted in vCloud Air.

Cisco UCS

Native integration, performance enhancement and reliability for Cisco UCS platforms.
One of the driving forces behind the selection of this type of sophisticated platform for the modern Large Enterprise is the need to deliver scalable business critical applications in a high performance and highly available manner while reducing total cost of ownership. To this end, a supporting key requirement is the ability to manage and optimise user traffic across the infrastructure.

Oracle E-Business Suite & WebLogic

As a critical element of corporate operations, Oracle E-Business suite needs to be delivered as a resilient service capable of handling dynamic workloads and being resilient to platform outages. The Oracle hardware and software stack provides the clustering and replication capability required to meet this business requirement and can be further enhanced with the use of load balancer to offload workloads from the servers and to intelligently allocate resources to client requests.

Using a load balancer benefits an Oracle E-business environment whether deployed as a hardware appliance, as a virtual appliance on Oracle VM Server for x86 or as a bare-metal install on an Oracle Sun x-86 server.

The load balancer can offload the SSL processing overhead from the server infrastructure and centralise the management of SSL certificates and key material. This simplifies estate management while also significantly increasing security performance where dedicated SSL offload hardware is used.

Monitoring of the health and capacity of each host in an E-Business cluster leads to better distribution of workloads.

Virtual Platform Load-Balancer

VMware
Microsoft Hyper-V
XenProject Xen

All the features and benefits provided for physical environments, but with capabilities to provide best of breed resilience and security for virtualised systems.

Global offices and web based operations

Allowing for services to be intelligently distributed across multiple sites
Enable global intelligent traffic steering of client application communication to the best location on a request-by-request basis, ensuring an optimal user experience and simplifying steps required for disaster recovery.

Why Deploy A Load Balancer?

When the application needs of a company grow beyond a single server, an intelligent approach is required to distribute traffic to and monitor the status of what becomes a pool of servers. This ensures that traffic is only sent to available and healthy application servers that can service client requests and alerts administrators when issues are encountered with individual servers. Anytime high availability is needed for web applications an application load balancer is also needed.

Application Delivery Controllers are the next generation of load balancers, and are typically located between the firewall / router and the web server farm. An application delivery controller is a network device that helps sites direct user traffic to remove excess load from two or more servers. In addition to providing Layer 4 load balancing, ADCs can manage Layer 7 for content switching, and also provide SSL offload and acceleration. They tend to offer more advanced features such as content redirection as well as server health monitoring. An Application delivery controller may also be known as a Web switch, URL switch, Web content switch, content switch and Layer 7 switch.

Deploy on any platform

Appliance	Virtual	Bare Metal	Cloud
	- VMware vCloud Air - Microsoft Azure - Amazon Web Services (AWS) - VMware, Hyper-V, KVM, Xen, Oracle VirtualBox	Turn a server into a high performance Application Delivery Controller	- Microsoft Azure - VMware vCloud Air - Amazon Web Services (AWS)

Solutions Platform Support

VMware, Microsoft Hyper-V and XenProject Xen
EMC Atmos
Moodle - open source learning platform
OpenStack
Custom .Net Applications
Oracle – E-Business Suite

Supported platform logos:

Professional Services

> Design, Implementation, Configuration

Application Delivery Controllers / Application Acceleration / Load Balancers are often an essential component, in a data centre design or major application roll-out. Applications are being consolidated, centralised and outsourced. In many cases, consolidated applications perform poorly often due to long distances between users and applications.

Contact SecureNet Consulting today for solutions advise, professional services, engineering and proof of concept resources for Load Balancing.

	+44(0)7714 209927 +44(0)1273 329753
	info@securenetconsulting.co.uk