Top application delivery controllers offer range of options
The leading vendors in the application delivery controller market offer a broad range of physical and virtual appliances, with varying throughput levels and diverse function sets. Which product is right for you?
Although application delivery controllers have similar functionality, choosing the best ADC for your needs will depend on your organization's requirements and the amount of traffic that needs to be managed. Just to recap, an ADC makes a pool of back-end application servers look like a single application server to users. Network ADC devices can block attacks, intercept and inspect encrypted traffic, and prevent unauthorized access to applications.
The following brief descriptions can help you differentiate between the various products.
A10 Networks
Target markets: SMBs, enterprises and service providers
Form factors: Physical appliance, virtual appliance, cloud and bare metal
Published pricing: No
Free trial: Yes, virtual ADC
A10 Networks offers two product lines, which are aptly named Thunder and Lightning. Thunder ADC is available as a physical appliance, a virtual appliance or Bare metal. The vendor also provides a hybrid option, which is a virtual appliance with virtual machine (VM) hypervisor assist to support high-performance requirements.
The Lightning product line is available only as a virtual appliance, either deployed in a local virtualized environment or in the cloud.
A10 application delivery controllers offer a full range of functionality, including application acceleration features, Secure Sockets Layer (SSL) offload, protection from distributed denial-of-service (DDoS) attacks and a full, integrated web application firewall (WAF).
A10 Networks made a significant upgrade to its analytics in late 2017, enabling developers to determine whether software attached to open source load balancers is reporting errors, latency or other problems. The company's FlexPool licensing approach lets users customize deployments without paying a licensing penalty. A10 Networks also offers a subscription alternative to traditional licensing.
Editor's note
Using extensive research into the application delivery controller market, TechTarget editors focused on those companies that offer the broadest selection of ADC features -- both through appliances and through software only. Our research included data from TechTarget surveys, interviews and reports from other respected research firms, including Gartner.
Amazon Web Services
Target markets: SMBs and enterprises
Form factors: Cloud
Published pricing: Yes
Free trial: Yes
Amazon's Elastic Load Balancing (ELB) provides both Layer 4 and Layer 7 functionality, which is divided into two different products. The Application Load Balancer handles Layer 7 work, and the Network Load Balancer handles Layer 4 work. Both operate only in the AWS cloud environment and are task-oriented. Although the ELB provides load balancing, it doesn't offer application acceleration, WAF or DDoS protection. However, AWS does offer a separate WAF that can be used in conjunction with ELB. And for older, legacy applications built in the Elastic Compute Cloud-classic network, AWS offers the Classic Load Balancer.
The Amazon Application Load Balancer provides SSL offloading by relying on SSL session termination. But don't confuse this with the SSL offload feature of most application delivery controllers, where the offload is really hardware acceleration of the cryptographic functions.
Array Networks
Target market: Enterprises
Form factors: Physical appliance, virtual appliance and cloud
Published pricing: Via reseller
Free trial: Yes
Array Networks offers a variety of both physical and virtual ADC appliances. Its clear focus is performance -- both raw ADC performance and SSL offload performance. Maximum throughput ranges from 3.5 Gbps to 140 Gbps across the six different hardware appliance models. SSL transaction per second (TPS) throughput ranges from 2,000 TPS to 110,000 TPS. The company also claims elliptic curve cryptography (ECC) throughput up to 76,000 TPS.
The base AppVelocity feature set offers full Layer 4 through Layer 7 functionality, as well as application acceleration, DDoS protection and the vendor's WebWall application security suite. Appliance users can opt for specialized hardware to enhance performance for either SSL or ECC transactions.
Avi Networks
Target market: Enterprises
Form factors: Virtual appliance, cloud and containers
Published pricing: No
Free trial: No
Avi Networks is a recent entrant into the ADC devices space. The company doesn't offer a physical hardware option. It's a pure software play -- your site or in the cloud. The company's primary marketing claim is as an F5 or Citrix replacement, as well as a replacement for the discontinued Cisco Application Control Engine product line.
The Avi Vantage Platform provides elastic load balancing and web application security on a per-application basis. The company's ADCs also offer Layer 4 through Layer 7 services to containerized applications running in cloud environments.
Barracuda Networks
Target market: SMBs
Form factors: Physical appliance, virtual appliance and cloud
Published pricing: Yes
Free trial: Yes and evaluation appliances
The Barracuda Networks Load Balancer ADC product line provides a full range of Layer 4 through Layer 7 functionality. Features include application acceleration through caching and compression. The company offers 10 different hardware appliance models, with throughput specifications from 100 Mbps to 15 Gbps. SSL throughput ranges from 250 Mbps on the entry-level 340 model to 4.2 Gbps on the highest-rated 842 model. While focused on the SMB market, Barracuda Networks provides a feature set that's comparable to many enterprise-focused products.
Barracuda's Direct Server Return feature optimizes traffic flow by allowing server traffic to bypass the ADC on its return trip out of the network.
Barracuda offers data loss prevention through outbound inspection of data to detect whether sensitive corporate data is being exfiltrated through the network. The company also provides protection against DDoS attacks and the top 10 attacks as determined by the Open Web Application Security Project.
Citrix
Target markets: Enterprises and service providers
Form factors: Physical appliance, virtual appliance and cloud
Published pricing: No
Free trial: Yes
The Citrix NetScaler product line is generally considered a high-end ADC. While designed with enterprises and service providers in mind, Citrix now offers a virtualized version, which should make the product more attractive to smaller enterprises and SMBs. Citrix NetScaler delivers a full range of Layer 4 through Layer 7 functionality, plus application acceleration features and SSL offload.
Citrix provides expected performance guidelines for its hardware appliances. Performance for the MPX appliance line ranges from 500 Mbps to 200 Gbps of throughput. The SDX appliance is designed for multi-tenant deployments and can house up to 115 independently managed NetScaler ADC instances, with performance claims of up to 200 Gbps.
NetScaler offers a pooled license model, so all NetScaler devices can share licenses across geographic locations.
F5 Networks
Target markets: Enterprises and service providers
Form factors: Physical appliance, virtual appliance and cloud
Published pricing: No
Free trial: Yes
F5 Networks' BIG-IP line is considered to be a high-end ADC. The company has added virtualized offerings to its platform options.
BIG-IP is an umbrella brand that covers not only application delivery controllers, but related functions, such as domain name system, firewall and security. In fact, there are nine different products in the BIG-IP product line. But to get functions such as security, you will need to bundle those additional products with your ADC. Its Local Traffic Manager ADC offers the full range of Layer 4 through 7 functionality, application acceleration and security functions.
Kemp Technologies
Target markets: Enterprises and service providers
Form factors: Physical appliance, virtual appliance, cloud and bare metal
Published pricing: Yes
Free trial: Yes and evaluation appliances
Initially a hardware appliance ADC, Kemp now offers virtualized ADC devices. The company offers eight different appliance models that provide between four Gigabit Ethernet ports and eight 10 GbE ports. As with other vendors, the fundamental difference across models is the throughput.
The entry-level appliance claims 1.7 Gbps to 30 Gbps of throughput. With respect to SSL, the entry-level unit offers up to 1,000 TPS using 2,048-bit keys, with the high-end appliance claiming 30,000 TPS.
The feature set is rich, and it appears to be only missing TCP optimization and traffic shaping. Overall, Kemp's basic marketing claim is its ADC software can run on off-the-shelf hardware and is less expensive than ADCs from F5 Networks and Citrix from a throughput vs. cost standpoint.
The company offers metered licensing, and these licenses can be used across physical and cloud instances.
Kemp offers a free version of its virtual ADC for unlimited use, but it restricts Layer 7 throughput to 20 Mbps and SSL throughput to 50 TPS.
Microsoft Azure Load Balancer
Target markets: SMBs and enterprises
Form factors: Cloud
Published pricing: Yes
Free trial: N/A
Microsoft Azure Load balancer closely compares to the AWS offering, specifically the AWS ELB Network Load Balancer. Like that AWS offering, the Azure Load Balancer only handles Layer 4 traffic. But Microsoft offers a different product, called Application Gateway, for handling Layer 7 traffic. For the Layer 4 product, Microsoft offers a basic and standard edition. Currently, Microsoft is offering a free preview of the higher-end Load Balancer Standard.
The Load Balancer Basic offering lives up to its name through its support of basic Layer 4 traffic balancing. It doesn't offer features such as application acceleration, DDoS prevention or WAF.
The Standard edition supports enterprise-scale requirements and can handle up to 1,000 back-end VM instances. This edition provides high-availability ports, as well as additional diagnostics.
While the Azure Basic Load Balancer is free, the VM that it runs on is not free. The Standard Load Balancer remains free during its preview period, but will be offered at a price to be determined after the preview ends.
NGINX
Target markets: SMBs and enterprises
Form factors: Virtual appliance, cloud and bare metal
Published pricing: Yes
Free trial: Yes
NGINX is unique among the load balancers in this roundup in that it's the only product that's built on and offered as an open source Layer 4 through Layer 7 platform. The commercial version, NGINX Plus, offers additional functionality, the most important of which is session persistence. This would be required for e-commerce use. For basic load balancing, the open source version should be sufficient for many customers.
Commercial support for NGINX and NGINX Plus is priced per instance, with an unlimited number of incidents and three levels of support.
Radware
Target market: Enterprises
Form factors: Physical appliance, virtual and cloud
Published pricing: No
Free trial: Yes, Alteon VA
The Radware product line dates back to one of the earliest load balancing pioneers -- Alteon Networks. The Alteon NG product line features appliance-based and virtualized offerings that provide rich Layer 4 through Layer 7 functionality. Radware offers additional functionality that encompasses what it calls web performance optimization, its AppWall WAF, and other security and monitoring functions.
The company offers a broad range of physical and virtual appliances, including Alteon VA, with varying throughput levels and virtual ADC density. The main platforms are the Alteon D-line, NG and ADC platforms. There are more than 45 platforms and throughput-level combinations.
Radware's Global Elastic License allows a single throughput or capacity license to be shared across physical and virtual application delivery controllers, on premises and in the cloud, regardless of location or type.