Select Page

Sep 11, 2023

Introducing ADC Version 3.3 & 3.4: Elevated Performance and Enhanced Security

by

In the realm of modern networking, the Application Delivery Controller (ADC) plays a pivotal role in ensuring seamless, secure, and efficient delivery of applications. As enterprises work to address the challenges posed by an ever-changing digital environment, the importance of a robust ADC solution cannot be overstated. We’re thrilled to unveil the latest iteration of our ADC – Version 3.3 & 3.4. This release represents a significant milestone in our ongoing commitment to providing organizations with cutting-edge networking solutions.

Highlights of ADC V3.3 & 3.4

Elevated SSL/TLS Capabilities

We all know that SSL certificates play a crucial role in establishing secure connections between web browsers and servers. Since enterprises tend to deploy various security devices to counter security threats and protect application businesses, it is inevitable that the security devices repeatedly decrypt, process, and then re-encrypt the encrypted traffic passing through. ADC now supports SSL traffic orchestration, allowing the ADC device to decrypt the ciphertext traffic, and then forward the plaintext traffic to the respective security devices in the security service chain for security inspection, following the order of services in the chain. After successful inspection, the ADC device re-encrypts the traffic and forwards it to the backend application servers. It helps avoid redundant encryption and decryption and maximize device performance. Users can easily configure SSL traffic service chains that are tailored to the business and traffic requirements. Also, by facilitating the pooling of security devices, ADC effectively avoids single points of failure and allows for smooth scalability.

HTTPS is essentially SSL/TLS over HTTP. It is an application layer protocol that is more secure than HTTP. However, in practice, when you enter a URL in a browser without specifying a protocol, it typically defaults to accessing the website via HTTP. ADC now offers HSTS functionality. By enabling this feature, all connections to the website are transformed to go through HTTPS; otherwise, they are not allowed. It protects against attacks such as cookie hijacking, SSL stripping attacks, etc., and reduces the attack surface.

Comprehensive Monitoring

Visualizing is always a fundamental capability of security devices in contributing to security. The new releases provide application visualization that contains statistics based on five dimensions: URL, client IP, HTTP method, response code, and user agent. Admins can gain granular visibility into how different components of your application and user base are performing. The addition of server latency monitoring for HTTP and HTTPS virtual servers in the layer 7 server load balancing log offers cues to identify where the problems may lie when slow response times or errors are reported. The TOP 10 CPU utilization of specific virtual servers resolves the challenge that when the overall CPU utilization is high, users do not know specifically which virtual server is experiencing a high traffic load. The network map displays the invocation relationships and statuses of virtual servers, server pools, pool members, and real servers, so that users can centrally monitor their health and performance. All of these enable more comprehensive traffic and load balancing monitoring.

Moreover, ADC has introduced the much-anticipated reporting feature, which is frequently used by front-end users. It is used to create visual reports of the status of server load balancing, global load balancing, link load balancing, and devices. Adding to ultimate report files, we also provide templates and the capability to set the report task. This will significantly contribute to the auditing and compliance of the business.

To cater to the frequent usage patterns of our front-end users and generate visual reports that reflect the current state of the environment, we have incorporated the highly anticipated reporting feature into our ADC system, including the state of server load balancing, global load balancing, link load balancing, and devices. Notably, this feature not only facilitates the creation of comprehensive reports but also offers pre-designed templates and the flexibility to configure reporting tasks. It stands to greatly enhance regulatory compliance and streamline the auditing process.

Enhanced Load Balancing

For some small and medium-sized businesses, they might have a very limited number of application servers. Therefore, each application server for a client provides services for different application protocols simultaneously, such as Web, SMTP, FTP, etc. This means that the application traffic of various protocols shares the resources of the same server host. Previously, the granularity of registering real services in the Real Server could be done down to a specific service under a server host. Monitoring and controlling the total connection count was also on the service level rather than always at the level of the server host. That’s why it cannot set connection limits for each server host. However, by distinguishing between nodes, which represent server hosts, and members, which refer to the services under server hosts, and by specifying that only nodes can be registered at the level of the real server, while further segmentation into members can occur at the service pool level, ADC has the ability to monitor and control the connection count for individual server hosts. This ensures a balanced load by limiting the overall connection count for each server host.

WMI stands for “Windows Management Instrumentation.” It is a technology developed by Microsoft for managing and querying various aspects of Windows-based systems and applications. WMI provides a standardized way to access management information, configuration settings, system statistics, and event notifications on Windows operating systems. ADC supports examining the availability status of the WMI protocol along with the other 29 kinds of protocols, ensuring various different kinds of services are properly delivered.

For the vast majority of users, individually configuring network parameters for servers at the TCP protocol level is a cumbersome task. In order to enhance management efficiency and minimize human errors, ADC offers TCP profiles. Users can configure the TCP profiles according to their requirements and bind them to a virtual server. Once the configured TCP template is associated with a virtual server, TCP packets flowing through the mentioned virtual server will adhere to the restrictions set within the TCP template parameters. As such, the efficiency of configurations is greatly enhanced.

Smooth System Operation

During the use of the ADC, previously, after an administrator logs in, they can see all the configuration objects on the current device. If there are numerous configuration objects involving different business operations, it can lead to inconvenient searches and is prone to mistakes. Now, as administrators and server load balancing configuration objects can be bound to management partitions. This enables different administrators to manage distinct sets of objects, achieving the goal of partitioned management.

ADC is able to send server load balancing data to HSM. The data of the virtual server, server pool and real server could be sent from ADC in the format of XML via FTP to HSM. This implies that ADC can integrate more effectively with the security management platform and improve operations and maintenance efficiency.

ADC has optimized its failure determination of health checks by changing the original failure determination configuration to failure determination and failure recovery determination, and the failure determination type has been changed to the determination method, which is divided into time-based and count-based. This feature ensures that previously failed servers are brought back online as soon as they are operational again, thereby reducing downtime and maintaining continuous service.

For more information, contact your Hillstone representative or authorized reseller.