Published: 22 May 2024
Contributors: Chrystal R. China, Michael Goodwin
An application delivery controller (ADC) is a networking device used to optimize the delivery of applications over the internet, typically as part of an application delivery network (ADN).
An ADC can be a hardware appliance or software program and is generally placed in the demilitarized zone (DMZ) of an enterprise network, between the firewall and one or more application servers. ADCs serve as reverse proxies that receive, decrypt, validate and route client requests before sending encrypted responses back to the user.
ADCs help businesses modernize network applications, accelerate connections between client machines and web servers, streamline global server load balancing (GSLB) and increase overall app availability for end users.
See how GSLB solutions help load-balancing teams achieve greater functionality at a lower cost.
The evolution of application delivery controllers is closely linked to the development of web applications, data centers and the broader field of network management.
In the late 1990s and early 2000s, as the internet commercialized and web traffic increased in kind, businesses needed a way to ensure that websites and apps could handle high-volume application traffic efficiently. The primary challenge was finding a way to distribute incoming requests across multiple servers to guarantee high availability and network resilience.
The first generation of devices to address the challenge were called load balancers. Initially, they were simple and operated at the transport layer. Load balancers focused on distributing incoming traffic across several servers to balance loads and prevent them from overwhelming any single server.
However, as apps and websites became more complex, legacy load balancers fell out of favor for their inability to read and make decisions based on the content of user requests (not just IP addresses and ports). This led developers to upgrade to layer 7 load balancing solutions, which could inspect message content at the application layer.
Advanced load balancers could route traffic based on factors like HTTP headers, cookies or even specific page requests, facilitating more sophisticated traffic management strategies, like session persistence (or “stickiness”) and content-based routing. Over time, as developers continued to add functionalities, these load balancers would become the intelligent controllers we now call ADCs.
Subscribe to the IBM newsletter
Modern application delivery controllers are vital components of resilient, highly available IT infrastructures, particularly network data centers. They manage app traffic by using a series of complex processes and features that ensure efficient, secure data flow between client devices and backend servers. Those features include:
One of the primary functions of an ADC is to distribute incoming traffic across multiple servers (load balancing) based on algorithms like least connections, round-robin and server response time. If one server is overloaded or goes offline, the ADC redirects traffic to other servers to prevent the unhealthy server from becoming a bottleneck, leaving network performance and the user experience unaffected (or minimally affected).
Load balancers also maintain session persistence, ensuring that a user's session data is cached and remains on the same server throughout their interaction.
With global server load balancing (GSLB), often called load balancing for load balancers, ADCs can distribute requests across multiple servers located in different geographical locations so that users are automatically directed to the nearest or best-performing data center.
Transport layer security (TLS) and secure sockets layer (SSL) processing can sometimes put a strain on a web server’s resources. With SSL offloading, ADCs replace backend servers and function as SSL or TLS endpoints to manage encryption and decryption, freeing up CPU resources for app data processing and improving server performance.
ADCs optimize network connections by using TCP multiplexing processes, which consolidate numerous client-side TCP connections (by pooling or reusing them) into a smaller number of server-side connections. Using a set of persistent server connections, the ADC can dynamically multiplex client requests over these connections to reduce server overhead.
ADCs can cache frequently requested content (such as images, videos and websites) closer to the user, eliminating the need to repeatedly generate or fetch it from the web servers. These caching policies can significantly reduce the processing load on origin servers and improve server response times for end users.
ADCs compress web content (HTML, CSS and JavaScript, for instance) before it's sent to the client, reducing bandwidth demand and accelerating content delivery, especially for users with slower internet connections.
ADCs often include DNS application firewalls and web application firewalls (WAFs) that protect against common security vulnerabilities such as SQL injection, cookie poisoning, cross-site scripting (XSS) and other application-layer attacks by inspecting incoming traffic for malicious patterns and blocking potentially harmful requests.
ADCs can also help protect apps against distributed denial-of-service (DDoS) attacks by filtering out malicious traffic before it overwhelms the application infrastructure. With app-specific access controls, rate-limiting protocols and bot management features, ADCs are instrumental in creating zero-trust architectures and preventing network abuse and attacks.
ADCs prioritize traffic to ensure that critical applications get the bandwidth they need even during peak traffic times so that time-sensitive and mission-critical data get through the network faster. Using quality-of-service (QoS) policies, ADCs can also help manage bandwidth and prevent network congestion.
ADCs can interact with directory services (like an on-premises active directory) to control user app access and provide central authentication points for client authentication and authorization verification. They also support newer protocols like multifactor authentication (MFA) and single sign-on (SSO) for enhanced network security.
The shift toward cloud-native applications has demanded that application delivery controllers evolve to support containerized environments and microservices architectures. Though hardware- and software-based ADCs are still effective in many ways, traditional ADCs were designed for monolithic apps and often struggle to keep up with the dynamic nature of today’s cloud-native applications.
To address this, service providers like Citrix, VMWare, Amazon Web Services (AWS), Microsoft Azure and IBM, among others, have developed cloud-native ADCs (in the form of IaaS, PaaS and SaaS) that offer advanced agility, scalability and automation capabilities. Modern ADCs are designed to integrate seamlessly with cloud provider APIs and container orchestration tools (like Kubernetes) to deliver superior service discovery, autoscaling and traffic management capabilities.
Despite their origin as basic load balancers, application delivery controllers have consistently adapted to meet the dynamic needs of IT infrastructures and application delivery solutions. Today’s ADCs are multifaceted app delivery platforms that offer application performance, security and delivery optimization across complex, multicloud environments.
Any enterprise operating a large-scale, complex or distributed content delivery network (CDN) can use ADCs to ensure that network applications are consistently available and perform well.
ADCs can help businesses with:
ADCs can redirect network traffic to server clusters in data centers across the network. Specifically, they can collaborate with other ADCs to optimize the path that traffic takes through the internet, allowing each ADC to route requests to the data center closest to the client and minimize latency and round-trip time.
ADCs handle fast and slow clients by adjusting timeouts and buffer sizes accordingly. Controllers can also terminate connections to free up unneeded resources and multiplex connections for greater network efficiency.
ADCs continuously monitor the real-time health of app servers to ensure that traffic is only routed to responsive and available servers. They can ping web servers, attempt to establish TCP connections and make app-level requests to verify that a server is functioning optimally.
If a server fails or starts to function suboptimally, the ADC can redirect traffic to other servers and even initiate server restarts and other recovery actions (assuming they’re configured to do so).
Multitenancy designs allow different groups within an organization (DevOps, marketing and sales or specific application teams like customer service, inventory and payments) to share the same application infrastructure. Consolidating more services onto fewer devices—whether virtual or physical—helps organizations increase network agility and reduce costs related to administration, acquisition and ongoing support.
Edge computing involves processing data near the source (at the edge of the network), instead of relying solely on a central data center. ADCs deployed at the network edge can optimize local traffic, manage local security and compliance policies and ensure that apps work efficiently, even in distributed environments. This is particularly useful for IoT applications and services that require real-time processing capabilities.
ADCs have evolved to be more programmable and more easily integrated with SDN architectures, which separate the network's control layer from the data layer for more centralized, flexible resource management. Now, ADCs can be dynamically configured and managed with software controllers, enabling more agile responses to network traffic fluctuations and app demands.
Artificial intelligence (AI) and ML technologies can help ADCs predict traffic patterns, detect potential security threats and automate network management tasks, improving efficiency and reducing the need for human interaction with the network.
Application delivery controllers help businesses optimize traffic routing and maximize network availability, especially for enterprises that handle high-volume web traffic, host mission-critical applications or require high levels of data security.
ADCs offer businesses:
ADCs gather data on a wide range of metrics (such as traffic volume, server health and security events), which can help businesses gain insights into network functionality.
ADCs use a myriad of techniques, such as content switching, to compress, recycle and cache data to accelerate network apps and websites.
ADCs can automatically expand available application services to ensure high-performance traffic routing, especially for high-latency networks and mobile networks.
ADCs provide failover capabilities to make sure a business can continue operating and users experience minimal delays when a server fails. ADCs duplicate and sync user sessions across servers so that if a server goes offline, execution responsibilities can pass to a session duplicate.
ADCs provide the first line of defense against malicious attacks by using WAFs and intrusion detection and prevention features to protect network data.
Optimize end-user experience and improve network resilience at a lower cost with IBM® NS1 Connect® GSLB, a new approach powered by DNS and real-time device performance data.
IBM NS1 Connect Managed DNS service delivers resilient, fast, authoritative DNS connections to prevent network outages and keep your business online all the time.
Bridge full-stack observability with automated application resource management to address performance issues before they impact customer experience.
Empower your teams to rapidly modernize existing applications and deliver new cloud-native applications.
APM software helps an organization ensure that critical applications meet established expectations for performance, availability and customer or user experience.
Learn how having a “load balancer for load balancers” keeps your traffic distributed in an efficient way and ensures the performance that your customers expect from an internet-enabled application.
Network optimization refers to a suite of strategies, tools, techniques and best practices to monitor, manage and improve network performance and reliability.
Cybersecurity refers to any technology, measure or practice for preventing cyberattacks on individuals’ and organizations’ systems, applications, computing devices, sensitive data and financial assets or for mitigating their impact.
Observability is the ability to understand a complex system's internal state or condition based only on knowledge of its external outputs.
Server hosting is an IT service typically offered by a cloud service provider that provides remote access to off-premises virtual or physical servers and associated resources for a monthly subscription or usage-based price.