Integrated appliances are the way to go

Rajiv Sinha, vice president of Engineering, NetScaler describes how the company’s appliances help the likes of ShopNBC and Google, why functions flow towards integration and why SSL VPN makes sense, in a chat with Prashant L Rao

* NetScaler’s Web acceleration and caching appliances are used by the likes of ShopNBC.com. To what extent do appliances help companies scale up their online presence and react to spikes in demand?

ShopNBC was looking for compression to reduce bandwidth usage. Our equipment stood up to heavy traffic and deploying it decreased page latency by a factor of 3 (30% to 3x) and they were able to offload and accelerate SSL traffic. You don’t need to have SSL certificates on the server at the backend which brings down the number of certificates required.

Web logging is normally done by having each Web server provide its own logs where you have to pay for multiple Webtrends licenses. Our solution lets you reduce the number of licenses required by generating a consolidated log. You can dedicate one or two servers to collect the logs—primary and backup.

For optimising content delivery we have request switching. Protocol optimisation takes place at the TCP level. TCP has a lot of optimisation for large file transfers as early applications such as FTP needed that. The Web uses HTTP, which is an elegant architecture but doesn’t address the lower level. The HTTP protocol started out with heavy use of TCP connections, three to four streams per connection. This was improved by maintaining persistent connections with the backend [our boxes make HTTP more efficient]. We have requested a switching patent for this technology.

* Are the days of standalone specialised single function boxes (caching appliances, SSL acceleration blades etc.) gone?

We are on the consolidation track. When something is new, you see it emerge as a single function device, for instance an SSL accelerator. Later, it gets integrated with another function, say, load balancing. When load balancing and SSL were done in separate devices, the load balancer is blinded as the packets are encrypted. From our perspective it was necessary to integrate SSL into the appliance. Interaction between SSL and compression is difficult to handle in two different devices. How do you compress SSL encrypted traffic? It makes more sense for several functions to be combined. SSL VPN started off in special function devices, now it is a feature.

* How does SSL VPN compare with traditional VPN when it comes to cost per user, performance and scalability?

The cost per user is one of the drivers for SSL VPN adoption. There’s no client required, you just use a Web browser. The two technologies are roughly comparable in terms of bandwidth used. IPSEC uses less bandwidth. Two factors driving this technology are its reduced administration cost and ubiquity. Beyond that, in contrast to IPSEC VPN where you are connected to the WAN and can do whatever you want to, SSL VPN lets you do fine-grained authorisation at the application level. SSL VPN started as a niche in terms of remote access for partners or mobile users. It’s going mainstream.