The critical role of load balancing [Q&A]

When the internet first emerged, the need for load balancers was mainly to optimize the growing use of PC servers and to support the surge in Web traffic. Their basic functionality was designed to pool server resources to meet this demand.

Load balancers have come a long way since, becoming broadly accepted as essential for evolving IT infrastructure and the exponential growth of apps.

However, aside from their pivotal role in enhancing system performance, load balancers also offer some lesser-known but valuable benefits for cybersecurity protection. It’s now vital that SecOps-adjacent teams like NetOps and DevOps consider load balancers as integral to protecting their organizations. We spoke to Larry Goldman, director product marketing at Progress, to learn more

BN: What is the role of a load balancer in optimizing the load balancing experience?

LG: A load balancer -- also referred to as an Application Delivery Controller, or ADC -- can be deployed as software or hardware to a device that distributes connections from clients between a set of servers. Its purpose is to optimise the load balancing so that application users experience a smooth and seamless experience. Load balancing solutions are typically used for internal and customer-facing applications, including corporate email, unified communications, ERP/CRM and other workflow applications, Web content and ecommerce systems.

Since an application can scale beyond the capacity of a single server, load balancers can be used to provide availability and scalability to this application. The load balancer steers traffic to a pool of available servers through various load balancing algorithms. If more resources are needed, additional servers can be added, and these can be globally distributed.

Since it is positioned between the client and application server, a load balancer can also perform other critical functions, most notably content-based security like web application firewalls (WAF), and authentication enhancements such as two-factor authentication (2FA).

BN: How have load balancing applications evolved?

LG: The technological sophistication of load balancers has evolved to keep up with the changes in the IT infrastructure landscape with the emergence and increasing importance of cloud and hybrid applications. Nowadays, software-based load balancing solutions are commonly used in software-based environments of DevOps and/or CI/CD processes.

The most sophisticated type -- Elastic Load Balancer (ELB) solutions -- offers cloud-computing operators scalable capacity based on traffic requirements at any one time. This enables incoming application traffic to be distributed across multiple instances, or scale them as necessary, increasing the fault tolerance of applications.

With hybrid cloud driving most of today’s load balancing and ADC strategies, organizations concerned with security should adopt a simpler, unified approach to load balancers across their data centres and public cloud environments.

Beyond CISOs, it's also important for adjacent teams like NetOps and DevOps to adapt to the cloud era and consider load balancers as integral to protecting their organizations against cyberattacks.

BN: What are some of the key influences on load balancing strategies?

LG: As load balancers become more popular within the tech ecosystem to deploy, manage and publish applications, it's worth looking at some of the key factors that influence load balancer choices and strategies today.

• Management and observability options: The days of managing each individual component that assists in publishing applications are over. Most enterprises now choose to manage their load balancers via a centralized management platform, which simplifies observability and provides real-time health alerting and security notifications to ensure a standardized SLA can be achieved.
• Ease of implementation is another major priority, especially ease of configuration of the new load balancers and whether the team will need training in proprietary scripts. The speed with which teams can scale their fleet configuration complexity not only affects deploying applications and services but can also require a significant investment in upskilling technical staff.
• The rising cybersecurity risks are making security a priority feature requirement for load balancing among existing and new deployments – perhaps even more important than application acceleration and observability. The EMA research of enterprises who have already adopted load balancers showed that security risks and incidents are the top driver of change in a load balancing strategy.
• Repatriation: In this context, repatriation is the notion that IT teams are moving apps from public cloud environments back home to their original on-premise environments. Perhaps an IT team has published newly deployed apps into public cloud but the cost for some of those apps have proven to be beyond budgets or expectations, prompting them to return to on-prem. This is likely to be a continuing trend for 2024 as high-scale workloads which exhibit stable performance can be optimized to run more efficiently in private cloud environments.
• Kubernetes is mainstream: Gartner predicts that by 2027, "more than 90 percent of global organizations will be running containerized applications in production, which is a significant increase from fewer than 40 percent in 2021". The majority use a Kubernetes controller deployed as a container while others deploy a controller external to the Kubernetes environment which works well with a load balancer and offers the advantage of being applicable for both containerized and non-containerized applications..

BN: What are the advantages of bolstering security with load balancers?

LG: Despite CIOs seeking security capabilities in any platform that their organization adopts -- from routers to network monitoring tools -- engineers typically think of load balancers more in terms of a networking solution than performing a security role.

Yet the load balancer sits in an ideal position in the application publishing service chain. This can be considered the hub for all access into an application environment. If the right features are applied, this authenticates valid users into those environments. For example, if a SQL injection attack is sent through an encrypted communication towards the app environment, the load balancer with an available web application firewall should block that attack.

Particularly in the event of DDoS attacks, load balancers offer an extra layer of protection by rerouting traffic between servers, should a particular server become vulnerable. They can help remove single points of failure, minimize the attack surface and make it more difficult to exhaust resources. They are also typically cheaper and easier to maintain than hardware defenses, which require regular and extensive upkeep.

BN: How can organizations best future-proof with load balancing?

LG: Organizations should also consider future proofing their load balancer investment. Working with consumers or their data, it's a requirement to have a trusted product that delivers rapid ROI whilst also being affordable. It must be easy to configure and manage, with point-and-click provisioning embedded into the solution to greatly simplify deploying new web apps and ensuring that managing those web apps isn't going to be a cumbersome experience.

Teams may, for instance, want to know granular details on their object storage application, with authentication management, application delivery issue management, usability and experience insight all unified in one interface. Tech leaders should look for solutions that offer a centralized dashboard which offers per app views, can inform of what protocols are used and their availability in a time series of days. Highly embedded network telemetry is also essential for solving issues easily and within a timely manner.

BN: Why should load-balancers be valued organization-wide?

LG: The clear takeaway is that with an organization's app delivery journey being business-critical, load balancers are a strategic investment for modern tech architectures. They can play a vital role in optimizing business continuity, mitigating risk and supporting new and future architectures. Most importantly, load balancers must now be considered a critical part of overall enterprise security architecture.

Tech leaders must therefore unify NetOps and DevOps teams as part of their security approach to ensure that load balancers are valued and embraced by these teams that collaborate on multi-cloud architecture.

Image credit: NiroDesign/depositphotos.com