Top 6 Pitfalls to Avoid when Selecting a Load Balancer

Load balancers, also known as Application Delivery Controllers (ADCs), are often being deployed with today’s enterprise and web applications. What should you look for in an ADC?  What factors must you consider?  What benefits should you make sure an ADC has to offer?  In this post, I break down the top six pitfalls to avoid when selecting a load balancer to help guide your ADC purchasing process.

Pitfall #1: An ADC that Cannot Connect to Next-Generation Switches

When it comes to network switches, there’s an increasing adoption of next-generation connectivity in the form of 10GE, and even 40GE, ports. It is important that your ADC is able to connect to these switches without requiring migration to a new ADC device. With built-in high-speed ports, your ADC will be able to connect to both today’s and tomorrow’s core switching – allowing your applications to benefit from 10GE connectivity. In addition, make sure that your ADC has high port density. This enables connectivity to a greater number of applications and physical networks without adding more intermediate switches.

Pitfall #2: Not Leveraging the Benefits of ADC Virtualization

If you’re in charge of an application, line of business or the entire IT infrastructure – you’re probably responsible for managing the application lifecycle. Until now, rolling out a new application required deploying a new dedicated ADC, which meant high CAPEX and OPEX. Using one of your existing ADCs to serve several applications is not recommended because the applications will compete for the same resources, which impacts the end-user quality of experience at times of cyber attacks, flash crowds and shopping peaks. The solution? Make sure to select an ADC that provides ADC virtualization. This will enable you to employ a separate virtual ADC (vADC) instance per application – providing the addition of a new ADC service without the need for more ADC hardware units.

The benefits of this approach are countless. Rolling out an application is fast and easy without the need to add a new ADC unit, as well as rack it, connect it to the network and reconfigure switches. Application SLA is guaranteed thanks to the complete isolation between vADC instances at the fault, management and network levels. Ongoing maintenance is simplified as each vADC is configured separately without interfering with neighboring instances. In addition, the combination of high vADC density together with the fact that each vADC instance can run a different vADC supports more and more applications and/or services over time in a risk-free fashion.

Pitfall #3: Buying an ADC with a Fixed Capacity

Given the benefits of ADC virtualization, I would recommend selecting an ADC solution that provides the flexibility to add more vADCs on the same box – starting at entry-level requirements. As more applications require load balancing, the overall network throughput, SSL traffic and compression capacity might all grow. What then? Would you replace your ADC every time that happens? Pay more money for new hardware and spend time on configuration, staff training and new spare units? As these imply high expenditures, the answer is no. 

Therefore, it’s important to select an ADC that delivers high performance in terms of all layer 4-7 metrics. Combined with a “pay-as-you-grow” approach based on a simple license update, this flexible ADC solution will be able to address unfolding business and network needs in a cost effective manner. Particularly, it is vital to be able to scale on demand out of the box, using resources from the cloud or from a different site. Such an approach helps reduce expenditures and offers the best investment protection by eliminating forklift upgrades and application downtime.

Pitfall #4: Not Asking Which Response Time Acceleration the ADC Can Offer

Everyone realizes that application delivery is not only about availability and reliability but also about better performance and faster response times. In this respect, all of today’s ADCs claim to deliver response time acceleration. But the truth is that most of today’s ADCs only deliver a set of commoditized application acceleration capabilities including SSL offloading, web compression, caching, HTTP multiplexing and more. Though these can offload server processing and shorten response times, they are not enough. Other ADCs claim to offer Web Performance Optimization (WPO) features that provide more modern web optimization techniques. I recommend checking the specific WPO features the ADC you’re considering delivers. Specifically, it’s important to verify that the WPO capabilities optimize response time for any browser as well as all end-user devices (including mobile devices), anywhere. Even better – ask for a performance test for your specific application in order to see the performance optimization outcome for yourself.

Pitfall #5: Choosing An ADC That is Not Application-Aware or Non-Customizable

If you run or deploy off-the-shelf business applications (such as applications from Microsoft, IBM, SAP, Oracle, etc.) you obviously require your application delivery configuration policies to be optimized for them. With this priority in mind, ensure the ADC you select has pre-defined configuration templates for these applications. This not only ensures optimization but also streamlines the process of configuring your policies, saving you precious time. On a wider scope, make sure that your ADC can be managed from an application perspective, including configuration templates, automatic application configuration synchronization, reporting, logging, compliance and more. The business value includes fast application rollout and operational simplicity. 

Pitfall #6: Ignoring Your Application SLA

Are you 100% aware of the actual quality of experience that your end-users are experiencing? Probably not. Would you like to be? Definitely. Whenever your end-users experience issues – whether they are network or application related – you want to be the first to know about it, before you receive those angry calls. Otherwise, your users will be less satisfied and your business reputation will suffer, leading to a potential reduction in revenue. Leveraging your ADC’s built-in central reporting and application performance monitoring (APM) capabilities is the simplest way to get end-to-end visibility of application/ADC performance issues because it doesn’t require server integration or synthetic transaction scripting. Make sure that the APM module allows you to drill-down to geo-location, transaction and server farm level for complete visibility into the application delivery infrastructure.

Armed with these six potential pitfalls as a guide, your ADC purchasing process should be a much smoother experience. Is your organization currently looking for an ADC? If so, we would love to hear more about the features you find most important in an ADC solution.

Nir Ilani

Nir Ilani owns the global product strategy and practices of Radware’s Cloud Security services including Cloud DDoS Protection, Cloud WAF and Cloud Acceleration. He has over two decades of diverse engineering and product management experience including managing the design, development and release of industry-leading, high-scale solutions. Nir is an expert in Cloud Computing, Cyber Security, Big Data and Networking technologies, and a frequent speaker in technology events. Nir holds a Bachelor in Computer Science and Business Administration as well as MBA, both from Tel-Aviv University. Nir writes about trends, technological evolution and economic impact related to Cloud, Security and everything in between.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center