Barracuda Load Balancer Server Availability & Scalability October 12th, 2012
Barracuda Load Balancer Full-featured server load balancing solution Reliable, solid-state hardware Simple setup via intuitive Web Interface Integrated Intrusion Prevention System Advanced Feature Support Layer 7 content routing Windows Remote Desktop Services integration Aggressive pricing 2
Scenarios High traffic Web sites Internet Corporate Firewall Switch Server High traffic Web sites Any application needing high availability Applications on Windows Remote Desktop Services Customers with multiple Barracuda Spam & Virus Firewalls
Scaling the server infrastructure Service 216.129.105.22 Internet Corporate Firewall Barracuda Load Balancer Switch Switch Server Servers Distributes traffic to multiple servers Provides high availability Layer 7 content routing Easy scalability Server health and load checking
Key Features Flexible deployment Layer 3 and Layer 7 load balancing Ease of operations Layer 3 and Layer 7 load balancing SSL offload Server health monitoring Integrated intrusion prevention system Terminal Services integration Application acceleration 5 5
Flexible Deployment One-line Setup Deploys in every environment Easy to set up – just provide a name to the service the external facing IP on which the LB will receive traffic for this service And the IP address of the servers Auto discover – in case you don’t know the IP address of your servers from the top of your head – use the auto discover capabilities. One-line Setup Deploys in every environment Supports Direct Server Return for high bandwidth streaming or download applications 6
Load Balancing Capabilities Distribution Algorithms Session persistence Session Persistence The Barracuda Load Balancer offers multiple ways to load balance the traffic. It can be done either via a normal Scheduling policy like Round Robin: where the load balancer goes round the server pool one by one when it needs to create a new connection Weighted Round Robin: Where a higher weight can be assigned to a more capable server. Least request: Here the load balancer keeps a count of open connection to each of the servers and when a new request comes in it sends it to the server having least number of open connections In addition to normal scheduling policies the load balancer also has Adaptive scheduling capabilities where the load balancing decision is based on inputs from the servers themselves. For e.g. if the server has SNMP then the Load Balancer can query the CPU load on the server via SNMP and base its decision to send the next request to the server have least CPU load. Administrators can create their own logic on the server and expose it as a GET request which the LB will query and based on the weight returned it can make a decision based on that. In case you wish to load balance Windows Terminal Servers the load balancing decision can be based on how many terminal sessions are open for a given terminal server The load balancer supports persistence between the client and the server either via the client ip or by inserting a cookie or based on the terminal session in case where terminal servers are being load balanced. 7
Traffic Management Business Partner Some other examples: Rules that specify conditions in which to send certain requests to alternate servers For partitioning traffic flow based on HTTP request content URL HTTP Headers Other HTTP content Dynamic pages bn.com/php/* Graphics Business Partner Cache bn.com/images/* For Example: Send dynamic pages in Application Traffic to one set of servers connected to the databases Documents bn.com/docs/* Redirect requests for images etc to another Some other examples: Access from mobile phone goes to a specific server Search bots can be sent to specific servers Redirect requests for documents etc to another
SSL Offloading Benefits Uploading a Signed Certificate Unify certificate management Reduce overhead on real servers Uploading a Signed Certificate basic > certificate management Service is Configured to listen on HTTP port / SSL engine on 443 The Barracuda Load Balancer is able to perform decryption and encryption of SSL traffic to reduce the load on the Real Servers. It also keeps the SSL certificates associated with that traffic in one location for easier management. SSL offloading is not compatible with Direct Server Return. 9 9 9
Server Health Monitoring After a service has been configured this is by far the most important screen. It provides a view of how loaded or busy the servers are. It also allows you to take out a server out of the pools for maintenance purposes. While planning to remove a server from the server pool you can see what all services are being served by that server. In addition the Load Balancer allows you to put a server in maintenance mode before disabling it. When a server is put in maintenance mode the LB does not send any new connections to that server but the old connections are still there till their work gets done. Complete view of server status/load, and services managed Layer 3 and Layer 7 monitoring Different monitors for different types of servers 10
Intrusion Prevention An additional layer of security for load balanced servers Simple “On or Off” interface Automated updates from Barracuda Central The Barracuda Load Balancer has and integrated Intrusion Prevention System which gets updated regularly by the security team manning the Barracuda Central. The intrusion prevention can be enabled either for the entire system or on a per service basis. At this time – make a plug for WAF if they are interested in more Web application security. 11 11 11
Terminal Services Integration Natively integrates with Windows Terminal Services Supports Session Directory and Session Broker Windows Server 2003, Windows Server 2008 Performance capabilities Resumes users to disconnected sessions Queries Terminal Servers with SNMP or Session Directory/Broker Adaptive scheduling Load Balancer has custom integration with Windows Session Directory and Session Broker to support load balancing of Windows Terminal Services. 12 12
High Availability Minimize down time Active/passive clustering Complete configuration synchronization Model 340 and higher 13
GSLB for Data Center Redundancy Response Policies Geo IP Region only Priorities Data Center 1 Data Center 2 Cluster of Barracuda Load Balancer Data Center 3 #1. DNS Resolution www.example.com Server Client GSLB Component DNS resolved to best Site #2. IP Connection Connection from clients
HTTP Caching Accelerates Web server performance by offloading requests to the Barracuda Load Balancer Internet Web Server Cache Efficiency Cache Hits
Compression Efficiency HTTP Compression Accelerates application delivery by minimizing bandwidth on slow client connections Internet Web Server Compression Efficiency Compressed Responses
Hardware enhancements Scalability 4 Gbps throughput With model 640 Hardware enhancements 12 Ports Link bonding LACP Barracuda Networks Confidential
Deployment Options Route Path Bridge Path Direct Server Return Recommended for most applications Barracuda Load Balancer is default gateway for real servers Bridge Path Useful when real servers should keep same IP addresses Virtual IP’s must be on physically separate network from real servers Direct Server Return High bandwidth applications – real servers respond directly Requires installation of loopback adapters on real servers 18 18
New Solutions & Certifications Microsoft Office Communication Server (OCS) 2007 Certification and listing on Microsoft’s recommended hardware load balancers Microsoft Lync Barracuda Networks solution tested and available
New Solutions & Certifications Microsoft Exchange 2010 Likely high adoption in market and potential driver for load balancer sales Barracuda Networks solution tested and available Microsoft validated RDP Solution Guide Integration guide for Microsoft available on techlib
IPv6 ready IPv6 capable IPv4 IPv4 IPv6 IPv4 IPv4 IPv6 IPv6 IPv4 Address : 205.106.78.53 IPv4 address space is running out Organizations need larger IP space IPv6 Address : 2001:db8:85a3:8d3:1319:8a2e:370 Adopting this will be a gradual process Some organizations will like to keep their internal network as IPv4 All the deployments today IPv4 IPv4 Expose IPv4 apps on IPv6 IPv4 IPv6 Get ready for IPv6 IPv6 IPv4 All modes can be deployed on the same Load Balancer Fully IPv6 ready network IPv6
Load Balancing for SIP Traffic SIP Load Balancing – Call ID persistence Call id : 10 Better deployment for IP Telephony solutions even in NAT’ed environments
Model Comparison Up to 4 Gbps throughput Available Vx Available as a virtual appliance Advanced traffic management and optimizations 23 23
Customer Success: Liberty Tax Services Challenge 20% yearly growth in online tax preparation traffic. Planning to add 500 new branches offices in 2010 Needed a scalable solution for their online tax preparation, filing, refund application Solution 2x Barracuda Load Balancer 640s in active/passive HA pair Load balanced their 8 Web applications Saved $100k+ and numerous IT man-weeks
Customer: TechSmith Challenge Solution Snag-it, Camtasia Studio 5,000 credit card transactions per day Millions of downloads per month Failing Web server causing availability outages Needed a high availability configuration Solution Barracuda Load Balancer 440 Deployed in Direct Server Return mode High-bandwidth passive FTP file distribution Resulted in a high availability configuration with Web and FTP traffic distributed to a 4 servers with a “last resort” off-site proxy 25 25
Customer: Sun Microsystems Challenge Trusted name in enterprise networks, security, and performance servers Needed Direct Server Return for content streaming Simple to deploy Cost effective Solution Barracuda Load Balancer 440 Deployed 8 Barracuda Load Balancer 440s in 4 global locations Load balancing real media servers for customer and employee training Used Direct Server Return for their high bandwidth requirement 26 26
Customer: Iridium Satellite Challenge Global leader in satellite telephony Uses thick-client Windows based applications for internal processes and data management Has numerous remote offices with low-bandwidth NAT’ed connections Had and existing Terminal Services cluster, but no concept of load balancing with session persistence Solution Deployed multiple Barracuda Load Balancer 340s in a HA clusters Enabled Terminal Services (Windows Server 2008) Session Broker integration Resulted in a load balanced, fault tolerant, thin-client application delivery architecture with native user session resumption 27 27
Summary Enhances scalability and performance of existing applications Assures high availability for your critical business applications Works with existing Web, RDP, or any IP application Easy to deploy Economical 28 28
Thank you Please provide your inputs to anshuman@barracuda.com Barracuda Networks Confidential