Kemp Application Experience
Michael Conway
Director at Renaissance | Cyber Security | Encryption Devices | Business Continuity
Applications are the core of most IT-related activity. Ultimately at the end of each work process that generates or manipulates data, there will be people using applications. These applications can be web apps in a browser, mobile apps on smartphones or tablets, or traditional desktop or centralised database-backed business applications. Today these applications are frequently delivered over the Internet, often via thin-client wrappers in the case of conventional business applications. Due to Covid-19 forced remote working, the first half of 2020 has seen a marked increase in the number of people accessing applications of all types over the Internet. Indications from many articles in CIO and other C-level publications is that many businesses will not return to the previous way of working even when it is safe to do so. Remote working is here to stay.
All this means that it is crucial for IT teams to deliver the best application experience to staff and clients no matter where they are, or how they are accessing your IT systems and applications. Application experience (or AX as it is often shortened as) will be a vital part in the delivery of IT services going forward. With this in mind, Renaissance are delighted to add Kemp Technologies as a partner in the Ireland market.
Kemp, with its EMEA headquarters in Limerick and global HQ in New York, is an industry-leading application experience solution provider. To date, they have over 60,000 enterprise deployments of their market-leading LoadMaster load balancer, backed by a consulting team with decades of experience in optimising the delivery and security of applications on the Internet. Kemp Loadmaster provides industry-leading cost performance. When combined with Kemp 360 Vision and Central management and deployment tools (which work cross-platform with non-Kemp load balancers), plus their innovative Metered Licensing model, Kemp delivers the best solution on the market for delivering a robust application experience. Contact us today to find out more about Kemp’s innovative solutions. Read on for a high-level overview of what they offer.
LoadMaster Load Balancers
LoadMaster is the core Kemp solution. It is a fully featured, modern, and well-supported load balancer that can be deployed in multiple ways to suit any particular needs. LoadMaster deployment options include:
- Hardware Device: In various configurations based on need and network throughput required, Dell EMC ECS Applications optimised device available and Hardware-based TLS (SSL) processing included in specific models.
- Virtual Machine - Support for all major virtualisation platforms: VMware vSphere, Microsoft Hyper-V, Citrix XenApp, Oracle Virtual Box.
- Cloud - Support for public and private cloud providers: Microsoft Azure including Azure for Government, Amazon AWS, including AWS GovCloud, Nutanix Enterprise Cloud and more.
- Bare Metal - base install on existing industry-standard server hardware.
Irrespective of the deployment method, LoadMaster deployments have the following features (this is a subset - see the Kemp site for full details):
- Adaptive load balancing using multiple optimised algorithms to distribute client sessions across server pools.
- Includes support for session affinity to ensure broken connections reconnect appropriately.
- Host and application-level health checking to monitor and alert on load-balanced application instances.
- Layer 4 load balancing - traditional transport-layer load balancing. Packets are routed to servers based on IP Address, TCP or UDP port, using various types of DNS round-robin or least connection algorithms.
- Layer 7 load balancing - builds on layer 4 transport-layer load balancing by introducing packet inspection and routing based on the target applications and content of the network packets.
- Compression engine - data stored on and transmitted by a LoadMaster can be compressed to minimise bandwidth used.
- TLS (SSL) offload and acceleration - remove resource intensive TLS (SSL) processing tasks from web and application servers. Delivered via dedicated ASIC hardware in some LoadMaster device models, and in software on all other LoadMaster instances.
- Intrusion Protection Engine - LoadMaster includes an Intrusion Protection Engine (IPS).
- Edge Security Pack – an integrated solution for additional application security. See below.
- Web Application Firewall - LoadMaster can function as a Web Application Firewall (WAF) via a free add on enhancement pack. See below.
- High availability load balancing - provides for resilience within a LoadMaster deployment.
- Global server load balancing - ensures that network applications and content are served to clients from the sites nearest to them where appropriate, while at the same time providing global resilience and scalability. Works across private data centres and public cloud providers to deliver maximum flexibility.
- Powerful automation and programmable interfaces for workflows and DevOps integration.
? RESTFul API.
? PowerShell CommandLets library.
? Java API.
Configuring LoadMaster for specific applications is made easy by using the Kemp Templates that are optimised for common industry applications. See the full list on the Kemp Documentation Library page.
Security Enhancement Technologies
In addition to the core application experience features built into LoadMaster, there are also additional security features that can be added. These are not designed to replace traditional perimeter security provided by border firewalls and routers. They help deliver security in-depth as part of a broader security stack. The add-ons available are the Kemp Web Application Firewall (WAF) and the Kemp Edge Security Pack (ESP).
WAF gives additional application layer security to web applications that are being load balanced by LoadMaster. All incoming packets are inspected for known threats or suspicious activity before being delivered to the application servers. Any encrypted traffic can be opened via the TLS (SSL) offloading functionality in LoadMaster. WAF is built on the industry leading ModSecurity engine, and rule updates are available daily to subscribers. This helps protect against emerging threats that may not be on the radar of busy IT professionals within organisations. Having a WAF is a crucial component for meeting the requirements for GPDR, and also the guidelines for PCI DSS credit card processing.
Kemp ESP offers features that were a part of the now discontinued Microsoft ForeFront TMG. These features make LoadMaster with ESP (and WAF) an excellent replacement for TMG that is still being updated and supported. It provides:
? Endpoint authentication that allows pre-authorisation.
? Single Sign-On (SSO) across Virtual Services.
? LDAP authentication from the LoadMaster to Active Directory.
? SAML Authentication.
? Dual-Factor Authentication.
? RADIUS Support.
? Persistent Logging and Reporting for user logging.
? Group-based access & traffic steering.
Kemp 360 Vision & Central
Management of modern application delivery networks can be challenging. Kemp 360 Vision and Central products make it much easier. Kemp 360 Vision is a monitoring and alerting solution that uses in-depth knowledge to monitor the load balancers for potential and actual bottlenecks or unusual activity. It can then alert and suggest remedies. Vision works cross-platform. It is not LoadMaster specific but can provide a single console view of an organisations whole load balancer infrastructure, whether they are LoadMaster or from selected third parties.
Kemp 360 Central provides comprehensive Application Configuration Management capabilities via a powerful yet straightforward web console; it allows the automated deployment of LoadMaster configurations to the instances that need them without manual set up.
Flexible Licensing Options
Kemp makes licensing LoadMaster and Kemp 360 flexible and simple. Traditional per-instance licenses are available. Both for individual server instances if required, and via pooled license capacity that can be allocated to, and revoked from LoadMaster instances as needed.
Kemp’s innovative metered licensing model removes the need to plan and allocate licenses for specific load balancer instances. A monthly subscription based on a network throughput amount is used for billing. This means that each application can have its own highly optimised load balancer deployed without incurring additional licensing costs. The peak throughput of each load balancer instance during the month is used for metering. All these individual peaks are totalled to give the overall monthly usage for billing. A 95-percentile sampling model is used, and peaks above this are not included for usage and costing purposes. So unexpected outlier peaks won’t result in surprising costs.
Conclusion
Kemp LoadMaster and their other solutions provide everything needed to create the best application experience for users. Contact us today to find out more.