You can install it using one leg implementation with NAT, or something called local triangulation. You also can use two or more legs for installation. You can install it as gateway for your servers or at level two by the OSI, as cross between two VLANs. Every installation has it con and pros. Take a look at the table in order to understand cons and pros of each installation.
|One Leg - NAT||simple, fast.||Server can’t see users IP addresses.|
|One Leg - Local triangulation||simple, doesn’t use resources of the AppDirector.||You can't use Acceleration, Caching, TCP multiplexing, SSL Offloading. Need to install virtual IP adapter on servers.|
|Inline - level 2 by the OSI||No need to change IP routes||Can’t use multiple VLANs, No proper DOT1Q support. Need to change cabling.|
|Inline - level 3 by the OSI||Secure.||Need to reconfigure routing. Need to change cabling. Need to configure access to servers for management.|
It also has many good features, that you can use like traffic acceleration, TCP multiplexing, caching and SSL offloading with or without using special hardware card.
- Acceleration - modifies TCP slow start and makes it faster.
- TCP multiplexing - uses only few TCP connection to servers to serve many TCP connections from the AppDirector to users.
- Caching - caches objects that repeat and send them to users directly without taking these objects from servers.
- SSL offloading - users open SSL to the AppDirector. You can configure SSL between the AppDirector and servers using less bits for encryption. This taking less resources from servers.
- AppDirector is the only product that I know of that have HTTP probes with authentication.
- Easy configuration and installation.
- Great and fast failover. The standby machine holds table of users to servers sessions. If the Active machine fails, the backup machine immediately takes control. Users don’t have to refresh their browsers or reload their applications.
But there few things in the AppDirector that not only makes it far from perfect, but these few things also make me frustrated.
- Security. I would like the application and system people to have read only access to the AppDirector. But I cannot do it using Radius. Anyone , doesn't matter to what group in Radius he or she related, can receive only RW or RO privileges. AGHHHH!!! You have to use local SNMPv3 users.
- SNMPv3 only get local users. No active directory or Radius connectivity for SNMP.
- You can control the AppDirecor using web (browser) access or using InSite program created in Java. Some features easier to create using the web access others using the InSite program. Why not just create simple management with both of them ?
- You can create probes for your servers from the Farm Server window. But you can also create probes in other menu called Health Monitoring. In the Health Monitoring window you assign probes to specific server and not to farms. Why? Seriously, why not just assign probes to server farms, and why should I define probes in different windows ?
- The InSite program. Sometimes it executes this code : Do Nothing; Loop; and it gets stuck.
- When you synchronize configuration from your Active to Standby machine, the Standby machine have the need to reboot. Annoying.
In general I like the AppDirector. I hope Radware will fix all the cons in time, and the cons should not prevent from anyone to use AppDirectors as Load Balancers or as the new generation of load balancers called : Application Delivery Controllers.