KEITH DALE, VP OPERATIONS AT GETTHERE.COM does his annual system capacity analysis every summer. Getthere is the engine on which most airlines offer their online ticketing facilities. Last year, over 7 million transactions passed through Getthere’s engines, and the company was expecting a similar—if not increased—traffic this year. In this scenario, Dale found from his examination that his systems were quite capable of handling the traffic for the next year and the technologies were good for at least three years. “But I wanted to make sure that we were really geared up to handle the healthy growth that was being forecast in the company,” recalls Dale. “Primarily, we wanted to do two things: move all the SSL terminations—which was mixed in the old environment, some being done at the network layer, and some being done at the patchy web server layer—to the network layer; and increase my capacity by an order of magnitude. The new box needed to handle more volume—from 400 connections per second to 4000 connections per second.” When Dale put out his requirements, Netscaler from Santa Clara, CA offered one of their products—the Secure Application Switch—which Dale “found very robust, full of good features, easily scalable, and most importantly, at half the price of the rest of the products that were being offered.”

“When MSN was launching their latest version last year, they were planning to set up 82 servers. We brought it down to 16,” says B V Jadadeesh, president and CEO, Netscaler. The Netscaler box sits in front of the servers and brings an intelligent traffic analysis and request filter on the server load. This reduces the load on the servers, and generates faster response at the user end. Think of it as a freeway. After a car passes on a lane from point A to point B, the lane doesn’t close down. It stays open for the next car. Similarly, when a TCP link is established between a user and the server, the link is kept open after the first user completes transaction, so that the next user could use the same link. This is in contrast, says Sunderrajan Prabhakar, CTO at Netscaler, to the normal transaction, where a new link is established every time a request is sent to the server. “It will simply punish the server,” comments Prabhakar.

At the core of the box lies Netscaler’s patented Request Switching Technology, which offloads the TCP processing—without any changes to the server—and takes the millions of requests and process them over a few “persistent” connections. Many current products take a more packet-centric approach to traffic management at this level, while still distributing at the connection level. However, handling content processing at the packet level still results in inefficient traffic management. Again, these traffic management systems make a single content-based decision for the entire group of requests on a connection based on the first object being requested. This means that one server will handle each connection, even though it may contain multiple content requests, often times for various types of content. Because of this, traffic jams occur when additional connections are systematically routed to servers already processing connections containing a large number of content requests. This results in poor server utilization and slower site response times. “The technology finds application for secure content traffic. In SSL traffic, the normal encryption fails due to modem compression at the user end. With a Netscaler leverage, we compress the transaction before encryption, which is possible only with our product,” says Jagadeesh. “NetScaler’s Request Switching technology handles web application traffic in the most efficient way possible—by analyzing and directing incoming traffic at the application request level—enabling fine-grain traffic direction, protection and control.”

After nearly two-and-a-half years of development and patenting, Netscaler is finding good traction for their product. “In using an Akamai service for faster server transaction, content has to conform to the Akamai. But with a Netscaler box, clients don’t have to go through this,” says Jagadeesh. “And remember, this is a one time cost, whereas the other plan has a monthly service fee.”

Also, the widespread adoption of SSL as the preferred means to ensure data security has elevated the need for point products such as SSL accelerators to handle the encryption/decryption process. Introducing one or more of these point products into a web infrastructure increases complexity, and possibly degrades application performance. In addition, other infrastructure optimization capabilities are nullified in the face of encrypted traffic. As a result, ensuring the fully secure delivery of business-critical applications sometimes result in leaving these applications and infrastructure vulnerable to attack or degrading end-user response.