Radware (Nasdaq: RDWR), a leading provider of Internet Traffic Management (ITM) solutions enabling continuous access to Web sites, IP applications and content, today announced the release of version 6.1 of the company's award-winning Web Server Director (WSD) product. The strategic positioning of Radware's WSD between the Internet and a group of servers allows it to monitor all user requests and intelligently distribute load between available application resources to provide fault tolerance, redundancy, optimization and scalability. The new version of the WSD is designed to recognize even more failures in network application threads at multiple levels and provide customers even greater overall availability.
"Radware's goal is to help customers improve application availability, performance and reliability by validating application threads," said Mike Long, VP of marketing and technology for Radware Inc. "Radware is taking load balancing technology to the next level by testing applications and content to ensure that responses to user requests contain valid information."
Typical Internet sites consist of multiple tiers that include front-end Web servers, application servers and content rich back-end devices. ITM devices must be able to check application availability in each stage of the content retrieval process to validate what is returned to the user. In order to achieve such high levels of application checking Radware has enhanced the WSD with several new features that include:
Secondary Server Checking
In a traditional multi-tiered Web site design, load balancing is performed for front-end servers (first tier). Success of a client transaction, however, may depend on the availability and functionality of back-end application servers and databases (second and third tier devices respectively). Radware defines first tier servers as "primary servers" and second and third tier devices as "secondary servers." Version 6.1 allows network administrators to create logical bindings between primary servers and their associated secondary servers. If a secondary server or an application on that server fails, the WSD marks all the associated primary servers down, preventing users from being sent to a server that cannot retrieve valid information. This prevents the primary server, which is the direct interface to the client, from trying to fulfill a request that it cannot process.
Dynamic Content Verification
For Web server health monitoring it is often not enough just to test the ability of the Web server to serve pages. Since the content of a page can be created dynamically, often through a back-end process, the validity of this content is an important piece to monitor. If a failure in the back-end process occurs, the Web server may deliver a valid page that contains invalid content. Dynamic Content Checking allows the WSD to check for the presence or absence of a user-defined string in pages returned by the server. A mismatch indicates that the server is returning invalid content and the WSD no longer directs users toward this server.
Cookie Based Session Persistence
HTTP cookies are strings of text sent to a browser by a Web server and then stored by the browser. On subsequent visits to the Web site the browser returns the cookie to the server, giving the server means to identify the user. The addition of cookie recognition allows the WSD to direct HTTP requests to the servers according to the cookie's values contained within these requests. The general mechanism provides consistent client persistence during state sensitive sessions, such as virtual shopping carts, and assures that the client stays connected to the same server during the entire transaction. When clients approach a Web site through a network of mega-proxies, such as AOL, a single client may appear as multiple IP addresses. In such cases, since the IP address is not a unique client identifier, cookies are used to distinguish one real client from another because their values stay consistent throughout the entire client transaction.
Denial of Service Attack Prevention
The WSD has always included features that allow it to filter IP packets as they traverse through the network. Version 6.1 builds upon the current security mechanisms and introduces protection against "SYN-attacks." This type of malicious attack involves fictitious clients attempting to open TCP sessions with a Web site. The server under attack opens the TCP session under the impression that the session is from a real client; however, since no final acknowledgment is received from the client indicating that the session is fully open, server resources are quickly consumed, making it unable to service legitimate client requests. Since the WSD is directly in the path of all user sessions, legitimate or not, it can quickly identify these attacks. Version 6.1 gives the WSD specific provisions for detecting these half-open sessions and for taking the necessary steps to remedy the situation. First, the WSD can protect its own session table by quickly removing the invalid sessions. Second, if a server's operating system is not capable of protecting itself, the WSD can quickly terminate the half-open sessions on the server, freeing server resources.
About Radware
Radware develops, manufacturers and markets products that manage and direct Internet traffic among network resources to enable continuous access to Web sites and services, applications and content based on the Internet protocol. Radware offers a broad range of Internet traffic management solutions to service providers, e-commerce businesses and corporate enterprises that require uninterrupted availability and optimal performance of IP-based applications that are critical to their business. Radware's Internet traffic management solutions enable its customers to manage their network infrastructure to bypass system failures and to scale their network infrastructure to accommodat