Tool of reverse proxy and application balancer to Enterprise environments

03-09-2020 | 3 min to read

What are the most common operations for putting an application into production and delivering WEB services in an Enterprise infrastructure with security systems and high reliability?

Oplon ADC is the platform for Application Delivery Control born to work in modern environments virtualized using the enormous computing power available today, and enable the use natively.

In an infrastructure designed for the provision of Enterprise services, applications are encapsulated in protected environments to make them as safe and reliable as possible.

The safety systems spans not by managing digital certificates, for encrypted connections, the components of network security (firewall), to the WAF functionality (Web Application Firewall). By high reliability , on the other hand, we mean services that start from balancing with verification of availability, to arrive at business continuity and disaster recovery functions.

Oplon ADC: Reverse Proxy (Proxy Pass) and balancing functionality

In this article we will go into two themes, among the many that we will address in the next articles, and specifically the Reverse Proxy functions (Proxy Pass) and the balancing functions with verification of the availability and reachability of the service of the Oplon ADC component.

These two issues, together with managing digital certificates , are among the major stress points to operate a serve your uncle in structured environments Enterprise.

The problem to be solved is the decrease of the cost the of introduction and start-up of heterogeneous applications that must coexist with each other in a unique environment. All must align well with search mode users, accustomed to type the same thing to get the service, and coniugar you with usability. Simplifying, we could speak of a “perceived browsing experience” which must be as close as possible to the user’s expectations.

Often, what we want to make the user appear as they type is not how the application was designed . The elements most vil ance modified are the name of the domain of the service and the UR L of calling a function which should be appropriate to the technical necessity of sharing resources and humanly made easier and more intuitive.

The example below summarizes two of the most common: the marketing believes that the domain name should be intuitive and dedicated to offering ongoing and that the application function (URL path) should appear to the user as “/bestOffer ” to increase the perception of the goodness of the proposition.

The application, on the other hand, requires a different domain and the application function concerned was called “/01” during development but it is too anonymous for marketing!

image1

In this case the application must “translate” the name of the domain that you type as you would expect marketing and in the same way transform the ‘ URL of the application function /01 with a more usable and closer to customer expectations that will have to use.

With Oplon ADC this functionality natively with no need to write rules but simply set up, the affected resources, the like must be transformed. All through the browser and with a few mouse clicks.

The functionality is completely transparent and it is simply possible to modify the behaviors also for the IP ports and the changes are also propagated to the cookies and to all the parameters used for routing, both in requests and in responses.

Balancing to make services reliable is not enough, you have to constantly check if the service is available and responds

Oplon ADC includes a sophisticated application balancing system with different routing policies and availability check of serve your uncle.

Normally verification systems can be classified into systems “passive” and “active” with further subdivision in systems with agents and no system agents (agent-less ).

Oplon ADC natively adopts both “passive” systems, by default, and the possibility of verifying the activity of the service in an “active” way. In both cases without the use of any agent installed on the application servers, therefore in agent- less mode.

The “passive” form does not need any parameters, it is sufficient that an application service does not respond because this is automatically put “out of service” and all requests are directional on other services “twins”.

At the same time a probe is activated which constantly checks whether the service is no longer operational and, in this case, restores its functionality. As soon as the service becomes available again, the system detects it and promptly returns it to the pool of reachable and usable services.

image2

To use the active, simply set the interface WEB mode of which systems you want verificar and vitality (health check) and then associate them with a name to the service or group of services.