Moving away from "load balancing" to application delivery

Question

&nbsp;At my company, we purchased our LTMs to simply do load balancing. But since I took the F5 class, and reading here, it's obvious that we are barely using the features that these LTMs come up. The problem I have now, is in convincing our application team that we need to change our approach.&nbsp;
&nbsp;Currently, I'm being told that users aren't complaining about performance, and therefore we probably don't need to change anything. Can someone please point me to an article or help explain why it's important to start doing stuff at Layer 7 (even though "users aren't complaining)?&nbsp;
&nbsp;Thanks so much!&nbsp;

chris_miller · Answer

Are you at the very least using SSL offload? 
&nbsp;  
&nbsp; Is TCP-Multiplexing feasible for your environment? Application Delivery isn't just about improving user experience. Often, it's about making more efficient use of resources.

vic_13197 · Answer

&nbsp;Sounds like it's not an uncommon scenario... I'm one person against many who are already comfortable with the status quo. Currently we do no SSL offloading, and I'm working on trying to get that changed. All the TCP and other settings are essentially "default". Default TCP profile, Simple persistence...etc.&nbsp;
&nbsp;Trying to figure out how to make the case so that they get excited about changing their ways.&nbsp;

russell_moore_8 · Answer

Vic,&nbsp;
&nbsp;I sometimes wish I had your problem.  Here are the selling points and vectors.&nbsp;
&nbsp;Know your customers!  The app teams are usually the drivers and if you show them how much you can do for/with them they will likely see the light.&nbsp;
&nbsp;Single threat surface that can be managed universally with updates and policies that can be quickly defined and tuned to fix or avoid costly security issues.
&nbsp;How many times have they had an SSL cert expire without knowing ahead of time.
&nbsp;Easy to do with LTM and braid dead easy with LTM and EM.
&nbsp;Don't forget centralized authentication to all applications and the best thing is the end-user can't even reach the server until they are authorized so you again are more secure.&nbsp;
&nbsp;Almost every outage that happens or delay in service I can show where it would have worked better or not even have happened with the proper LTM configuration in front of the application.&nbsp;
&nbsp;Good health monitors that actually detect the application's worthiness to handle traffic are fundamental.  With these and the LTM SNMP system you have a very close to real time picture of what's happened/or going to. &nbsp;
&nbsp;Again, grass roots your passion and knowledge into the groups/people that can really see the benefits.  Have more casual conversations with them and tease out their worst problems.  Come back later and mention you have a solution or part of the solution with the technology you manage.&nbsp;
&nbsp;Good luck. &nbsp;&nbsp;

jrahm · Answer

Ditto what Matt said.  I also am a former customer, and came to F5 for many of the same reasons.  The switch from 1024-&gt;2048 will almost surely cost organizations $$$ who don't offload ssl.  This is a good starting point for discussion with your management and server sys admins, find out where their plans are leading them to handle the additional processing.

Forum Discussion

Moving away from "load balancing" to application delivery

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Enhance your Application Security using Client-side signals

AS3 referencing objects across applications

BIGIP OAUTH : Transmit "Application id" to backend server after a successful atuthentication

Deploy an App into Kubernetes Using Advanced Application Services

Application Services 3 not working - getting 404

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS