Applications are the king of the enterprise cloud, with companies making more applications available via the cloud in a quest to enhance productivity. Keeping applications performing acceptably takes a properly designed infrastructure - one that relies on techniques such as application acceleration, load balancing and overall performance management.
Security often gets overlooked when talking about application performance. Most administrators look at security-focused solutions to protect applications because they think of security in terms of protecting information rather than performance.
Yet the security of applications can be impacted by more than traditional hack attacks and intrusions; security also means that applications must be available for use when needed. That brings us back to application performance management, where poor performance may indicate that an application is under attack.
APM Hardware vs. Services
An APM service from Lagrange Systems called Cloud Maestro, which was reviewed recently on Enterprise Networking Planet, has raised the security bar for the APM community. Simply put, the company’s APM service detects security problems such as distributed denial of service (DDoS) attacks as part of its load management and balancing algorithms and prevents those attacks from taking applications down.
Lagrange isn’t the only player in the APM market. Oher vendors such as F5 Networks, Coyote Point Systems, Kemp Technologies and Riverbed offer hardware-based application delivery controllers (ADCs) which offer load balancing as well as APM for cloud-based applications.
However, on-site hardware devices have some challenges when it comes to distributing loads across cloud based applications. The physical hardware device remains a single point of failure, unless multiple devices are tied together across multiple locations, effectively creating a fail-over capability to combat attacks that flood individual devices with traffic.
That is where an APM/ADC service-based offering has an advantage over traditional hardware based controllers. There are some prerequisites that must be met for service-based solutions to offer any security advantages, though.
First and foremost, the service must offer support for distributed hosts. In other words, the ADC must be distributed across several clouds rather than being based at a single cloud service provider. In effect, this prevents a single point of failure from becoming the reason for a failed application.
It all comes down to application availability. Application delivery controllers have the unenviable job of making sure applications perform properly and reliably. This means the controllers need to have fail-over, as well as load balancing capabilities -- both of which prove to be a good foundation for securing applications from DDoS attacks. Good administrators will leverage those capabilities to make ADCs part of their security solutions.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with over 25 years of experience in the technology arena. He has written for several leading technology publications, including ComputerWorld, TechTarget, PCWorld, ExtremeTech, Tom's Hardware and business publications, including Entrepreneur, Forbes and BNET. Ohlhorst was also the Executive Technology Editor for Ziff Davis Enterprise's eWeek and director of the CRN Test Center.