Managing risk with advanced server load balancing

Since the beginning of the finance industry, risk has always been a primary concern. Whether preventing bandits from robbing the stagecoach or preventing cyber thieves from breaching computer systems, preventing risk is always a charter for banking executives and employees. Today, the biggest risk for the finance market is not being able to provide customers banking services such as transaction processing or information delivery.

There is a myth that financial institutions are so conservative or risk averse that they still use adding machines to balance accounts daily. On the contrary, the financial industry will take risks on state of the art technology if it will provide them a way to better sell their financial products. There is a constant challenge for managers to push the technology envelope without increasing risk.

In today’s financial services market, networking technologies such as advanced server load balancers can now provide IT managers with an array of capabilities and significantly reduce risk. These capabilities can greatly enhance financial organizations’ ability to provide more services, faster services deployment and greater performance for service applications. Let’s take a look at several examples of how advanced server load balancers help financial institutions.

Advanced server load balancing
Advanced server load balancing in its basic form allows multiple servers to act as a single group to deliver content to users. It also provides reliability features such as health checks, which provide the ability to check each server and make sure they are functional. Traditional server load balancing only allows rudimentary heath checks that assess the physical health of the server (i.e. power, active interface, etc.).

Advanced server load balancing now has the ability to check beyond the physical operation of the server. It can check the health of various services and secondary systems such as data bases and application servers, as well as the availability of content. Another advanced server load balancer function is to increase performance for user access such as HTTP (Web traffic) and SSL (which is used to secure Web traffic). This increase in performance allows many more users to access the servers to obtain content. It also allows Web designers to offer more advanced Web content for financial, multimedia and voice applications.

Global server load balancing
Data centers are required by law to have a disaster recovery plan, which in general requires them to have multiple data centers. Typically traffic is directed to one data center, and in the event of a failure traffic is switched to the back-up data center. The problem is there are a significant amount of resources that remain dormant until there is a failure.

To address this very problem for financial markets, networking companies developed server load balancers with Global Server Load Balancing (GSLB) capabilities. A10 Networks’ AX Series Advanced Traffic Manager has GSLB features that provide site redundancy and on-demand access to backup resources. This is performed by a dynamic set of policies, which are designed to automatically redirect connection requests to the backup datacenter. These policies are based on server health, number of connections, capacity, response time and user metrics that administrators can define.

For example, if an online banking institution is supported by several data centers distributed across the US, and sends a request to access one of the data centers, a DNS (Domain Name Service) sends the bank one designated IP address. Before the response is sent, the AX Series’ GSLB feature determines which site will service the request based on the criteria that is set. That is to say, if data center 1 exceeds a threshold such as number of connections or response time, new connections are now automatically directed to data center 2. This prevents the risk of having clients experience disruption and slow application response times and provides resources on demand.

Providing more online services with less delay
The ability to provide more services faster with less delay has always been on the minds of IT designers. Latency is different than throughput but for the most part they do go hand in hand. This is to say when you have a device that provides higher throughput, there is generally less latency. The AX Series, which uses a purpose-built, multi-core CPU design, has achieved the highest level of throughput on the order of 540,000 connections per second and a bulk throughput of approximately 9G in a single 2-unit appliance. This allows financial institutions to provide more online services with less delay for the customer.

The FIX protocol for financial applications
The Financial Information eXchange (FIX) protocol was originally defined for use in supporting US domestic equity trading with message traffic flowing directly between principals. The protocol is defined at two levels: session and application. The session level is concerned with the delivery of data while the application level defines business related data content. Typically a FIX client is designated to an individual server and during any failure this process requires a manual intervention to redirect traffic to another server. With FIX load balancing from A10, the advanced load balancing features utilized for other services are also offered for FIX servers. These features include advanced health checks, which constantly check the health of FIX servers. In the event of a failure, traffic is automatically assigned to another server. Also, since the AX provides the highest level of performance with over 525,000 connections per second, this in itself allows institutions who are using FIX to provide the highest level of access and performance to their clients.

Network threats and attacks for online banking sites
A common attack for online banking sites is a distributed denial-of-service (DDoS) attack. It comes in several forms:

Frag – Attacks hosts by sending fragmented packets, which confuses the servers and causes client disruption.
Land-attack – Duplicate packets are sent containing the same IP address, which can be used to launch an "IP land attack."
Ping-of-death - Attacker sends packets larger than the valid maximum size, known as "ping of death" packets.

The AX Series is equipped with hardware-based IP anomaly filters. The IP anomaly filters prevent common DDoS attacks as mentioned above, as well as other common attacks.

No matter what risks your organization has identified as a primary concern (such as loss of business due to network failure, poor application performance or outside threats), advanced server load balancers can play an integral part in reducing and eliminating these risks.

Reliability for advanced server load balancers
With the inception of appliances that transcend traditional routers and switches, financial clients have identified these devices (i.e. server load balancers, firewalls, caching devices, SSL offload devices) as high risk since they are an integral part of the network. A10 Networks has made significant advancements in design for reliability and serviceability of the hardware. Typically in any appliance, the components that fail the most are the ones that generate heat or have moving parts (i.e. power supplies, hard drives, and fans). All of these components are hot swappable on A10’s AX Series, once again eliminating another level of risk to the financial organization and/or user.

About Steve Sacchi
Senior Systems Engineer for A10 Networks
Steve has more than 20 years of experience in networking technology, designing some of the largest networks for global financial institutions.

About A10 Networks
A10 Networks was founded in 2004 with a mission to provide innovative networking and security solutions. A10 Networks makes high-performance products that help organizations accelerate, optimize and secure their applications. A10 Networks is headquartered in Silicon Valley with offices in the United States, Japan, China, Korea and Taiwan. For more information, visit http://www.a10networks.com.