Cisco Application Velocity System User Guide (Software Version 5.0) - Deployment Options [Cisco AVS 3100 Series Application Velocity System]

Table Of Contents

Deployment Options

Deploying Clear-Text or SSL-Based Application Appliance

Deploying a Single Non-SSL Application Appliance

Deploying a Cluster of Non-SSL Application Appliances

Deploying a Single SSL-Terminating Application Appliance

Deploying a Cluster of SSL-Terminating Application Appliances

Deploying a Single SSL-Proxying Application Appliance

Deploying a Cluster of SSL-Proxying Application Appliances

Failover and Load Distribution

Deployment Options

Because network environments vary from site to site, several application appliance deployment options are available. The option you choose depends on several factors including your need for:

•application appliance scalability

•application appliance failover/redundancy

•optimization of SSL-based content

This appendix describes the following application appliance deployment topics:

•Deploying Clear-Text or SSL-Based Application Appliance

•Deploying a Single Non-SSL Application Appliance

•Deploying a Cluster of Non-SSL Application Appliances

•Deploying a Single SSL-Terminating Application Appliance

•Deploying a Cluster of SSL-Terminating Application Appliances

•Deploying a Single SSL-Proxying Application Appliance

•Deploying a Cluster of SSL-Proxying Application Appliances

•Failover and Load Distribution

Deploying Clear-Text or SSL-Based Application Appliance

Choosing to deploy the application appliance in a clear-text environment, as an SSL terminator, or as an SSL proxy is an important decision based on your business requirements and your application architecture.

In a clear-text environment, the application appliance operates as an application-layer proxy that communicates with end-user clients and the origin server within the data center via clear-text HTTP. This type of deployment is appropriate for any application that currently runs over HTTP.

As an SSL terminator, the application appliance operates as an application-layer proxy communicating with clients via HTTPS (SSL) and communicating with the origin server within the data center via HTTP (clear-text). Thus, SSL termination enables client-to-appliance security via SSL encryption, leaving appliance-to-server traffic in the clear via HTTP as indicated in Figure C-1.

Figure C-1 Application Appliance as SSL Terminator

Deploying the application appliance as an SSL terminator is appropriate in environments where SSL is used merely to enable privacy of application data that is neither extremely confidential nor otherwise sensitive. SSL termination is also a good choice in an environment where the application appliance is connected to the front-end web server via a single physical cable rather than via a potentially sniffable network connection.

As an SSL proxy, the application appliance operates as an application-layer proxy communicating with clients and with the origin server within the data center via HTTPS (SSL). Thus, SSL proxying enables end-to-end client-to-server security via SSL encryption as indicated in Figure C-2.

Figure C-2 Application Appliance as SSL Proxy

Because this mode enables true end-to-end SSL-based security, it is recommended as the most secure application appliance deployment configuration for SSL-based web applications. Deploying the application appliance as an SSL proxy is appropriate in environments where SSL is required because application data is extremely confidential and/or otherwise sensitive.

Deploying a Single Non-SSL Application Appliance

Let's begin with a simple single non-SSL application appliance deployment appropriate for a low-bandwidth, clear-text condensation environment. Refer to Figure C-3 for a sample deployment topology.

Figure C-3 Single Non-SSL Deployment Topology

In this scenario, a load balancer transparently redirects all requests for condensable content to the application appliance, and passes all non-condensable requests directly to the origin server. Here load balancer configuration tasks are kept to a minimum; only basic URL-level redirection policies need to be configured.

This scenario provides the simplest possible load balancer configuration, provides application appliance failover by automatically bypassing the application appliance if it becomes unavailable, and may be a good start for customers with low bandwidth utilization. The main drawbacks of this topology are the inability to continue delivering condensed responses in the case of application appliance failure, and limited scalability associated with a single hardware platform approach.

Deploying a Cluster of Non-SSL Application Appliances

This section describes a non-SSL clustered application appliance deployment appropriate for a high-bandwidth, clear-text condensation environment. Refer to Figure C-4 for a sample deployment topology.

Figure C-4 Clustered Non-SSL Deployment Topology

In this scenario, a load balancer transparently distributes all requests for condensable content across the application appliance cluster, and passes all non-condensable requests directly to the origin server. Failover is enabled by the load balancer's ability to automatically redirect requests away from an unavailable application appliance to an available one, and ultimately bypass the entire application appliance cluster if it becomes unavailable. The main advantages of this topology are the ability to continue delivering optimized responses in the case of application appliance failure, and low-cost incremental condensation scalability associated with a multiple hardware platform approach.

An even easier way to enable load balancing and high availability is to use the built-in Availability Manager feature of the application appliance. This technique makes a separate load balancer unnecessary, since the appliance provides this function. For more details, see the "Failover and Load Distribution" section.

Deploying a Single SSL-Terminating Application Appliance

This section describes a single SSL-terminating application appliance deployment appropriate for a low-traffic application environment. Figure C-5 shows a sample deployment topology.

Figure C-5 Single SSL Terminator Deployment Topology

Here a standard load-balancer is used to transparently redirect all SSL-enabled requests to the application appliance. Here the application appliance fulfills two roles simultaneously: one as a transparent SSL terminator, and another as an application accelerator. The digital certificates normally installed on the web servers are installed on the appliance-based SSL terminator and can optionally remain on the web servers themselves to enable SSL failover.

In this scenario, the application appliance uses the following steps to accelerate SSL-enabled communications:

1. The client initiates an SSL request to the origin server via the SSL Handshake Protocol.

2. The load balancer transparently redirects the SSL Handshake message to the application appliance.

3. The application appliance completes the SSL Handshake negotiation with the client and establishes an SSL connection with the client.

4. The client issues encrypted web requests to the application appliance within the secure SSL connection via the load balancer.

5. The application appliance decrypts the web requests from the client and transparently proxies them to the origin server through the load balancer via clear-text HTTP.

6. The origin server delivers content responses to the application appliance via clear-text HTTP.

7. The application appliance optimizes and encrypts the responses from the server and delivers them via the load balancer to the client within the secure SSL connection.

To enable application appliance failover, the load balancer can be configured to forward requests directly to the web servers if the application appliance becomes unavailable (hence the option of retaining the digital certificates on the web servers themselves).

Optimal application appliance failover and scalability is enabled when multiple application appliances are deployed in a clustered configuration, as described in the following section. In a clustered environment, the load balancer simply redirects requests away from an unavailable application appliance to an available application appliance. Should all application appliances become unavailable, the load balancer forwards such requests directly to the web servers, bypassing the application appliances. In this scenario, unoptimized content is delivered directly from the origin servers to the client. Also see the "Failover and Load Distribution" section.

Deploying a Cluster of SSL-Terminating Application Appliances

This section describes an SSL-terminating clustered application appliance deployment appropriate for a high-bandwidth environment. Figure C-6 shows a sample deployment topology.

Figure C-6 Clustered SSL Terminator Deployment Topology

Again, a standard load-balancer is used to transparently redirect all SSL-enabled requests to the application appliances. The load balancer also enables transparent failover across the application appliance cluster.

Each application appliance takes on the roles of both an SSL terminator and an application accelerator. The digital certificates typically installed on the origin servers are again installed on the appliance-based SSL terminators and can optionally remain on the web servers themselves to enable SSL failover.

In this scenario, the application appliance cluster uses the following steps to accelerate SSL-enabled communications:

1. The client initiates an SSL request to the origin server via the SSL Handshake Protocol.

2. Based on the configured load-balancing algorithm, the load balancer transparently redirects the SSL Handshake message to the optimal appliance-based SSL terminator.

3. The appliance-based SSL terminator completes the SSL Handshake negotiation with the client and establishes an SSL connection.

4. The client issues encrypted web requests to the appliance-based SSL terminator within the secure SSL connection through the load balancer.

5. The application appliance decrypts the web requests from the client and, using the load-balancing rule configured for the origin servers, transparently proxies the decrypted client requests through the load balancer to the origin server via clear-text HTTP.

6. The origin server delivers page responses to the application appliance through the load balancer via clear-text HTTP.

7. The application appliance optimizes and encrypts the responses from the server and delivers them via the load balancer to the client within the secure SSL connection.

Another way to enable load balancing and high availability is to use the built-in Availability Manager feature of the application appliance. This technique makes a separate load balancer unnecessary, since the appliance provides this function. For more details, see the "Failover and Load Distribution" section.

Deploying a Single SSL-Proxying Application Appliance

This section describes a single SSL-proxying application appliance deployment appropriate for a secure low-traffic application environment. Figure C-7 shows a sample deployment topology, which is the same as that shown in Figure C-5.

Figure C-7 Single SSL Proxy Deployment Topology

Here a standard load balancer is used to transparently redirect all SSL-enabled requests to the application appliance. Here the application appliance fulfills two roles simultaneously: one as a transparent SSL proxy, and another as an application accelerator. The digital certificates normally installed on the web servers are installed on the appliance-based SSL proxy. Additional digital certificates are installed on the web servers to enable secure SSL-based connectivity between the application appliance and the web servers.

In this SSL proxy scenario, the application appliance uses the following steps to accelerate SSL-enabled communications:

1. The client initiates an SSL request to the origin server via the SSL Handshake Protocol.

2. The load balancer transparently redirects the SSL Handshake message to the application appliance.

3. The application appliance completes the SSL Handshake negotiation with the client and establishes an SSL connection with the client.

4. The client issues encrypted web requests to the application appliance within the secure SSL connection through the load balancer.

5. The application appliance decrypts the SSL-based web requests from the client to inspect the query, re-encrypts the web requests, and transparently proxies them via SSL to the origin server through the load balancer.

6. The origin server delivers content responses to the application appliance via SSL through the load balancer.

7. The application appliance receives SSL-encrypted responses from the origin server and decrypts it.

8. The application appliance optimizes and re-encrypts the responses and delivers them to the client via the load balancer within the secure SSL connection.

In this example, end-to-end SSL-based security is maintained because all traffic between client and origin server is encrypted via SSL.

Deploying a Cluster of SSL-Proxying Application Appliances

This section describes an SSL-proxying clustered application appliance deployment appropriate for a high-bandwidth environment. Figure C-8 shows a sample deployment topology, which is the same as that shown in Figure C-6.

Figure C-8 Clustered SSL Proxy Deployment Topology

Again a standard load balancer is used to transparently redirect all SSL-enabled requests to the application appliances. The load balancer also enables transparent failover across the application appliance cluster. Here each application appliance takes on two roles as both an SSL proxy and as an application accelerator. The digital certificates typically installed on the origin servers are again installed on the appliance-based SSL proxies. Additional digital certificates are installed on the web servers to enable secure SSL-based connectivity between the application appliance and the web servers.

In this clustered scenario, the application appliances use the following steps to accelerate SSL-enabled communications:

1. The client initiates an SSL request to the origin server via the SSL Handshake Protocol.

2. Based on the configured algorithm, the load balancer transparently redirects the SSL Handshake message to the optimal application appliance.

3. The application appliance completes the SSL Handshake negotiation and establishes an SSL connection with the client.

4. The client issues SSL-encrypted web requests to the application appliance within the secure SSL connection through the load balancer.

5. The application appliance decrypts the SSL-based web requests from the client to inspect the query, re-encrypts the web requests, and transparently proxies them via SSL to the origin server through the load balancer.

6. The origin server delivers SSL-based content responses to the application appliance via the load balancer.

7. The application appliance receives SSL-encrypted responses from the origin server and decrypts them.

8. The application appliance optimizes and re-encrypts the responses and delivers them to the client via the load balancer within the secure SSL connection.

Again note that end-to-end SSL-based security is maintained because all traffic between client and origin server is encrypted via SSL.

Another way to enable load balancing and high availability is to use the built-in Availability Manager feature of the application appliance. This technique makes a separate load balancer unnecessary, since the appliance provides this function. For more details, see the "Failover and Load Distribution" section next.

Failover and Load Distribution

Optimal application appliance failover and scalability is enabled when multiple appliances are deployed in a clustered configuration. To enable appliance failover, you can use one of the following strategies:

•Enable the built-in Availability Manager, which provides a built-in high availability and load balancing capability for a cluster of application appliances. Figure C-9 shows a cluster of application appliances directly handling web requests from clients. No load balancer is needed because the appliances are configured in a high availability, load-balanced cluster by using the Availability Manager feature. Refer to "Availability Manager Clustering" for more information on using this feature.

•Use a load balancer to direct traffic to both the application appliances and the origin web servers. Figure C-10 shows a cluster of application appliance handling web requests from clients behind a load balancer. In a clustered environment, the load balancer simply redirects requests away from an unavailable application appliance to an available application appliance. Should all application appliances become unavailable, the load balancer forwards such requests directly to the origin servers, bypassing the application appliances. In that case, pages are delivered as-is, directly from the origin servers to the client.

Figure C-9 Appliance Cluster Using Built-in Availability Manager

Figure C-10 Appliance Cluster Behind Load Balancer

	Cisco Application Velocity System User Guide (Software Version 5.0)
	Deployment Options
Cisco Application Velocity System User Guide (Software Version 5.0) Preface Product Overview AVS Description Appliance Administration Command Line Interface Configuration Reference AppScreen Configuration Management Console Reporting NMS Integration Availability Manager Clustering Database Maintenance Logs SNMP MIB Deployment Options Frequently Asked Questions and Troubleshooting Anonymous Base File Statistical Model Regular Expressions AppScreen Rules DTD Glossary Index	Download this chapter Deployment Options Download the complete book Cisco AVS User Guide (Software Version 5.0) Book-Length PDF (PDF - 7 MB) Table Of Contents Deployment Options Deploying Clear-Text or SSL-Based Application Appliance Deploying a Single Non-SSL Application Appliance Deploying a Cluster of Non-SSL Application Appliances Deploying a Single SSL-Terminating Application Appliance Deploying a Cluster of SSL-Terminating Application Appliances Deploying a Single SSL-Proxying Application Appliance Deploying a Cluster of SSL-Proxying Application Appliances Failover and Load Distribution Deployment Options Because network environments vary from site to site, several application appliance deployment options are available. The option you choose depends on several factors including your need for: •application appliance scalability •application appliance failover/redundancy •optimization of SSL-based content This appendix describes the following application appliance deployment topics: •Deploying Clear-Text or SSL-Based Application Appliance •Deploying a Single Non-SSL Application Appliance •Deploying a Cluster of Non-SSL Application Appliances •Deploying a Single SSL-Terminating Application Appliance •Deploying a Cluster of SSL-Terminating Application Appliances •Deploying a Single SSL-Proxying Application Appliance •Deploying a Cluster of SSL-Proxying Application Appliances •Failover and Load Distribution Deploying Clear-Text or SSL-Based Application Appliance Choosing to deploy the application appliance in a clear-text environment, as an SSL terminator, or as an SSL proxy is an important decision based on your business requirements and your application architecture. In a clear-text environment, the application appliance operates as an application-layer proxy that communicates with end-user clients and the origin server within the data center via clear-text HTTP. This type of deployment is appropriate for any application that currently runs over HTTP. As an SSL terminator, the application appliance operates as an application-layer proxy communicating with clients via HTTPS (SSL) and communicating with the origin server within the data center via HTTP (clear-text). Thus, SSL termination enables client-to-appliance security via SSL encryption, leaving appliance-to-server traffic in the clear via HTTP as indicated in Figure C-1. Figure C-1 Application Appliance as SSL Terminator Deploying the application appliance as an SSL terminator is appropriate in environments where SSL is used merely to enable privacy of application data that is neither extremely confidential nor otherwise sensitive. SSL termination is also a good choice in an environment where the application appliance is connected to the front-end web server via a single physical cable rather than via a potentially sniffable network connection. As an SSL proxy, the application appliance operates as an application-layer proxy communicating with clients and with the origin server within the data center via HTTPS (SSL). Thus, SSL proxying enables end-to-end client-to-server security via SSL encryption as indicated in Figure C-2. Figure C-2 Application Appliance as SSL Proxy Because this mode enables true end-to-end SSL-based security, it is recommended as the most secure application appliance deployment configuration for SSL-based web applications. Deploying the application appliance as an SSL proxy is appropriate in environments where SSL is required because application data is extremely confidential and/or otherwise sensitive. Deploying a Single Non-SSL Application Appliance Let's begin with a simple single non-SSL application appliance deployment appropriate for a low-bandwidth, clear-text condensation environment. Refer to Figure C-3 for a sample deployment topology. Figure C-3 Single Non-SSL Deployment Topology In this scenario, a load balancer transparently redirects all requests for condensable content to the application appliance, and passes all non-condensable requests directly to the origin server. Here load balancer configuration tasks are kept to a minimum; only basic URL-level redirection policies need to be configured. This scenario provides the simplest possible load balancer configuration, provides application appliance failover by automatically bypassing the application appliance if it becomes unavailable, and may be a good start for customers with low bandwidth utilization. The main drawbacks of this topology are the inability to continue delivering condensed responses in the case of application appliance failure, and limited scalability associated with a single hardware platform approach. Deploying a Cluster of Non-SSL Application Appliances This section describes a non-SSL clustered application appliance deployment appropriate for a high-bandwidth, clear-text condensation environment. Refer to Figure C-4 for a sample deployment topology. Figure C-4 Clustered Non-SSL Deployment Topology In this scenario, a load balancer transparently distributes all requests for condensable content across the application appliance cluster, and passes all non-condensable requests directly to the origin server. Failover is enabled by the load balancer's ability to automatically redirect requests away from an unavailable application appliance to an available one, and ultimately bypass the entire application appliance cluster if it becomes unavailable. The main advantages of this topology are the ability to continue delivering optimized responses in the case of application appliance failure, and low-cost incremental condensation scalability associated with a multiple hardware platform approach. An even easier way to enable load balancing and high availability is to use the built-in Availability Manager feature of the application appliance. This technique makes a separate load balancer unnecessary, since the appliance provides this function. For more details, see the "Failover and Load Distribution" section. Deploying a Single SSL-Terminating Application Appliance This section describes a single SSL-terminating application appliance deployment appropriate for a low-traffic application environment. Figure C-5 shows a sample deployment topology. Figure C-5 Single SSL Terminator Deployment Topology Here a standard load-balancer is used to transparently redirect all SSL-enabled requests to the application appliance. Here the application appliance fulfills two roles simultaneously: one as a transparent SSL terminator, and another as an application accelerator. The digital certificates normally installed on the web servers are installed on the appliance-based SSL terminator and can optionally remain on the web servers themselves to enable SSL failover. In this scenario, the application appliance uses the following steps to accelerate SSL-enabled communications: 1. The client initiates an SSL request to the origin server via the SSL Handshake Protocol. 2. The load balancer transparently redirects the SSL Handshake message to the application appliance. 3. The application appliance completes the SSL Handshake negotiation with the client and establishes an SSL connection with the client. 4. The client issues encrypted web requests to the application appliance within the secure SSL connection via the load balancer. 5. The application appliance decrypts the web requests from the client and transparently proxies them to the origin server through the load balancer via clear-text HTTP. 6. The origin server delivers content responses to the application appliance via clear-text HTTP. 7. The application appliance optimizes and encrypts the responses from the server and delivers them via the load balancer to the client within the secure SSL connection. To enable application appliance failover, the load balancer can be configured to forward requests directly to the web servers if the application appliance becomes unavailable (hence the option of retaining the digital certificates on the web servers themselves). Optimal application appliance failover and scalability is enabled when multiple application appliances are deployed in a clustered configuration, as described in the following section. In a clustered environment, the load balancer simply redirects requests away from an unavailable application appliance to an available application appliance. Should all application appliances become unavailable, the load balancer forwards such requests directly to the web servers, bypassing the application appliances. In this scenario, unoptimized content is delivered directly from the origin servers to the client. Also see the "Failover and Load Distribution" section. Deploying a Cluster of SSL-Terminating Application Appliances This section describes an SSL-terminating clustered application appliance deployment appropriate for a high-bandwidth environment. Figure C-6 shows a sample deployment topology. Figure C-6 Clustered SSL Terminator Deployment Topology Again, a standard load-balancer is used to transparently redirect all SSL-enabled requests to the application appliances. The load balancer also enables transparent failover across the application appliance cluster. Each application appliance takes on the roles of both an SSL terminator and an application accelerator. The digital certificates typically installed on the origin servers are again installed on the appliance-based SSL terminators and can optionally remain on the web servers themselves to enable SSL failover. In this scenario, the application appliance cluster uses the following steps to accelerate SSL-enabled communications: 1. The client initiates an SSL request to the origin server via the SSL Handshake Protocol. 2. Based on the configured load-balancing algorithm, the load balancer transparently redirects the SSL Handshake message to the optimal appliance-based SSL terminator. 3. The appliance-based SSL terminator completes the SSL Handshake negotiation with the client and establishes an SSL connection. 4. The client issues encrypted web requests to the appliance-based SSL terminator within the secure SSL connection through the load balancer. 5. The application appliance decrypts the web requests from the client and, using the load-balancing rule configured for the origin servers, transparently proxies the decrypted client requests through the load balancer to the origin server via clear-text HTTP. 6. The origin server delivers page responses to the application appliance through the load balancer via clear-text HTTP. 7. The application appliance optimizes and encrypts the responses from the server and delivers them via the load balancer to the client within the secure SSL connection. Another way to enable load balancing and high availability is to use the built-in Availability Manager feature of the application appliance. This technique makes a separate load balancer unnecessary, since the appliance provides this function. For more details, see the "Failover and Load Distribution" section. Deploying a Single SSL-Proxying Application Appliance This section describes a single SSL-proxying application appliance deployment appropriate for a secure low-traffic application environment. Figure C-7 shows a sample deployment topology, which is the same as that shown in Figure C-5. Figure C-7 Single SSL Proxy Deployment Topology Here a standard load balancer is used to transparently redirect all SSL-enabled requests to the application appliance. Here the application appliance fulfills two roles simultaneously: one as a transparent SSL proxy, and another as an application accelerator. The digital certificates normally installed on the web servers are installed on the appliance-based SSL proxy. Additional digital certificates are installed on the web servers to enable secure SSL-based connectivity between the application appliance and the web servers. In this SSL proxy scenario, the application appliance uses the following steps to accelerate SSL-enabled communications: 1. The client initiates an SSL request to the origin server via the SSL Handshake Protocol. 2. The load balancer transparently redirects the SSL Handshake message to the application appliance. 3. The application appliance completes the SSL Handshake negotiation with the client and establishes an SSL connection with the client. 4. The client issues encrypted web requests to the application appliance within the secure SSL connection through the load balancer. 5. The application appliance decrypts the SSL-based web requests from the client to inspect the query, re-encrypts the web requests, and transparently proxies them via SSL to the origin server through the load balancer. 6. The origin server delivers content responses to the application appliance via SSL through the load balancer. 7. The application appliance receives SSL-encrypted responses from the origin server and decrypts it. 8. The application appliance optimizes and re-encrypts the responses and delivers them to the client via the load balancer within the secure SSL connection. In this example, end-to-end SSL-based security is maintained because all traffic between client and origin server is encrypted via SSL. Deploying a Cluster of SSL-Proxying Application Appliances This section describes an SSL-proxying clustered application appliance deployment appropriate for a high-bandwidth environment. Figure C-8 shows a sample deployment topology, which is the same as that shown in Figure C-6. Figure C-8 Clustered SSL Proxy Deployment Topology Again a standard load balancer is used to transparently redirect all SSL-enabled requests to the application appliances. The load balancer also enables transparent failover across the application appliance cluster. Here each application appliance takes on two roles as both an SSL proxy and as an application accelerator. The digital certificates typically installed on the origin servers are again installed on the appliance-based SSL proxies. Additional digital certificates are installed on the web servers to enable secure SSL-based connectivity between the application appliance and the web servers. In this clustered scenario, the application appliances use the following steps to accelerate SSL-enabled communications: 1. The client initiates an SSL request to the origin server via the SSL Handshake Protocol. 2. Based on the configured algorithm, the load balancer transparently redirects the SSL Handshake message to the optimal application appliance. 3. The application appliance completes the SSL Handshake negotiation and establishes an SSL connection with the client. 4. The client issues SSL-encrypted web requests to the application appliance within the secure SSL connection through the load balancer. 5. The application appliance decrypts the SSL-based web requests from the client to inspect the query, re-encrypts the web requests, and transparently proxies them via SSL to the origin server through the load balancer. 6. The origin server delivers SSL-based content responses to the application appliance via the load balancer. 7. The application appliance receives SSL-encrypted responses from the origin server and decrypts them. 8. The application appliance optimizes and re-encrypts the responses and delivers them to the client via the load balancer within the secure SSL connection. Again note that end-to-end SSL-based security is maintained because all traffic between client and origin server is encrypted via SSL. Another way to enable load balancing and high availability is to use the built-in Availability Manager feature of the application appliance. This technique makes a separate load balancer unnecessary, since the appliance provides this function. For more details, see the "Failover and Load Distribution" section next. Failover and Load Distribution Optimal application appliance failover and scalability is enabled when multiple appliances are deployed in a clustered configuration. To enable appliance failover, you can use one of the following strategies: •Enable the built-in Availability Manager, which provides a built-in high availability and load balancing capability for a cluster of application appliances. Figure C-9 shows a cluster of application appliances directly handling web requests from clients. No load balancer is needed because the appliances are configured in a high availability, load-balanced cluster by using the Availability Manager feature. Refer to "Availability Manager Clustering" for more information on using this feature. •Use a load balancer to direct traffic to both the application appliances and the origin web servers. Figure C-10 shows a cluster of application appliance handling web requests from clients behind a load balancer. In a clustered environment, the load balancer simply redirects requests away from an unavailable application appliance to an available application appliance. Should all application appliances become unavailable, the load balancer forwards such requests directly to the origin servers, bypassing the application appliances. In that case, pages are delivered as-is, directly from the origin servers to the client. Figure C-9 Appliance Cluster Using Built-in Availability Manager Figure C-10 Appliance Cluster Behind Load Balancer
	© 1992-2008 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.