Review: Incapsula's Cloudified Layer 7 Load Balancing and Failover
Incapsula's cloud service brings real-time load balancing and failover to distributed enterprises.
As more and more enterprises move to the cloud, traditional onsite hardware for optimizing network traffic and providing failover services is coming up short. The problem is that the cloud offers a distributed methodology of application access, meaning that applications may be hosted and replicated across multiple sites, impacting latency, performance and availability. In response, third party vendors now offer load balancing and failover services directly from the cloud, where they can optimize traffic flow and calculate the best routes to applications while providing redundancy in the form of automated fail over services. That bodes well for enterprise network administrators looking to further leverage the cloud and build distributed application networks.
Redwood Shores, CA-based Incapsula has fortified their cloud services with the addition of Layer 7 load balancing and failover capabilities ideal for helping enterprises leverage distributed networks without the fear of downtime. Offered as an add-on to the Incapsula Enterprise Plan hosted suite of cloud-based ADC services, Incapsula's Layer 7 Load Balancing & Failover service enables organizations to replace costly appliances with an enterprise-grade cloud solution. The service supports both in-datacenter and cross-datacenter high availability scenarios, which demand the utmost in reliability and performance.
A closer look at Incapsula’s cloud-based Layer 7 Load Balancing & Failover service
Incapsula’s latest service is feature-rich, offering:
- In-datacenter and cross-datacenter solutions
- Instant propagation with Layer 7 routing
- Non-DNS global server load balancing
- Variety of distribution algorithms
- Robust health monitoring options
- Real-time control and visibility
- CDN, web application firewall and DDoS protection
- 24/7 support
All of these are critical to failover and load balancing in today’s cloud-reliant, distributed environments. Of special note is the service's ability to leverage Layer 7 activity and provide instant propagation. Here, the service is able to monitor activity at the application layer and use specific information within the application request to balance traffic across the servers and send the request to the appropriate destination. Layer 7 load balancing proves much more accurate than traditional layer 4 load balancing, since Layer 4 load balancing is unaware of application traffic and cannot leverage that additional information to make more intelligent choices.
Layer 7 load balancing, on the other hand, looks into the content of the request and uses that information to derive the best path to the data, so each individual request can be load balanced, not just complete sessions, as in Layer 4 routing. And deploying Layer 7 load balancing and failover using Incapsula is ridiculously simple. Just activate the service and make some simple changes to the DNS setup used by the websites/applications to be included.
The service works using Incapsula’s global CDN (Content Delivery Network), which then handles routing all traffic through Incapsula’s web application firewall for security while intelligently profiling traffic in real time to provide the best response. What’s more, outgoing traffic is accelerated and optimized using caching techniques to improve the overall end user experience.
Incapsula’s style of load balancing and failover services offers numerous advantages. The most obvious is enhanced security. The latest threats, such as DDoS, injection, scrapping, and XSS attacks, are stopped at the application firewall level before ever touching the network or application servers. Cost and time savings, meanwhile, come from eliminating multiple appliances and their management consoles. Simply put, Incapsula is centrally managed, regardless of how distributed the network is. That eliminates the need for site-specific management tools and their associated load balancing and failover appliances. Other advantages offered are more robust routing algorithms, constantly updated security checks, and centralized, 24/7 technical support.
Once set up, the service can operate relatively hands-off, but that would entail not taking advantage of some of the service's most beneficial tools, such as advanced monitoring and configuration. The service sports several centralized management dashboards that offer a plethora of information to administrators seeking continuous awareness of what's occurring across the network.
Incapsula’s dashboards provide critical information, including top application usage and visit statistics, using a graphical interface that charts activity. That makes it relatively easy to determine where enhancements and improvements may be needed on the network or to identify where potential threats originate. What’s more, administrators can quickly determine backbone utilization and bandwidth consumption to judge which ISPs/servers are being underutilized and perhaps save some money by switching to lower-utilization service plans.
The management dashboards offer views into accumulated, real-time, and site/application-specific traffic usage, creating an environment where administrators can look at the big traffic picture and then drill down into the applications and services elements to locate problems or validate configurations.
A nifty capability on the traffic analysis dashboard is the ability to detect whether traffic is being generated by an actual user or by a bot, which attempts to simulate a user. That level of analysis gives better insight into how applications and services are being used and how the information being consumed is digested.
Those charged with maintaining compliance will find the security dashboard a welcome ally in the battle against threats and data breaches. The service’s PCI-certified Web Application Firewall (WAF) detects, blocks and reports on all types of application attacks. The information gathered by the WAF proves to be a good source for traffic auditing and security validation and can provide the core information needed to modify applications for more resilience against attacks. The WAF is policy-driven and offers numerous options for blocking and reporting on attacks. What’s more, the WAF also breaks down attacks by origin and identifies which are automated attacks. That enables administrators to track down and block many attacks right at the origin point.
A performance-centric dashboard delivers additional information that identifies trends, as well as details on how performance has been enhanced by the service. That information is critical for fine-tuning application delivery performance. Using the information provided, over time, administrators can change settings to garner greater performance improvements by modifying application priority, route selection, and so on.
For sites that experience relatively inconsistent traffic, such as seasonal businesses or retail operations, Incapsula includes a real-time analysis dashboard that supports rapid response to security events and provides the basis to make data-driven decisions based on load and traffic flow. The real-time dashboard provides graphical representations of response time, requests per second, bits per second, and so on, so that administrators can observe a direct correlation between traffic flow and performance and refine the response to increased and decreased traffic demand.
All events across the load balancing and failover service are logged and stored, creating a repository that administrators can mine for additional information, such as long-term traffic trends, traffic latency, attacks, efficiency, and other events. For example, the log can be used to identify a series of bot-based attacks taking place over a specific period of time. That information can be used to script a policy that blocks the origination addresses/countries.
The final word on Incapsula Layer 7 Load Balancing & Failover
Incapsula has accomplished something unique, at least when it comes to Layer 7 load balancing and failover. The company has successfully made those services secure, easy to implement, and easy to use, all while eliminating the need for expensive hardware and software, which in the past had to be deployed onsite. What’s more, administrators will find the service offers a treasure trove of information that can be used to continually improve services, identify threats and meet compliance requirements.
Header photo courtesy of Shutterstock.
Frank is an award-winning technology journalist, professional speaker and IT business consultant with over 25 years of experience in the technology arena. He has written for several leading technology publications, including ComputerWorld, TechTarget, PCWorld, ExtremeTech, Tom's Hardware and business publications, including Entrepreneur, Forbes and BNET. Ohlhorst was also the Executive Technology Editor for Ziff Davis Enterprise's eWeek and formerly the director of the CRN Test Center.