SECURE APPLICATION SWITCH: NetScaler RS-9400 Secure Application Switch 

The NetScaler RS-9400 secure application switch is meant to protect and optimize the delivery of applications over the Internet and private networks. These are done by providing application-level security, application-delivery optimization and layer 4-7 switching. The main features of this product, which can be divided in the above mentioned three groups are TCP offloading and optimization, SSL offloading, content compression, content caching, load balancing, content switching, cache redirection, global server load balancing, SSL VPN, HTTP Dos protection. The device sits in front of your servers (Web servers, application servers, etc) and manages traffic for all communication between the clients and the servers, providing security and performance. It can be integrated with your existing load balancers, servers, caches and firewalls and requires no

additional client or server-side software.

Let's take a look at some of its main features and their benefits. SSL can place a heavy burden on a Web servers' resources, especially the CPU. Using NetScaler SSL encryption/decryption can be offloaded to it, freeing the Web server resources to service content requests. This way your applications can utilize the benefits of SSL, while they themselves serve normal Web content. The other good feature of NetScaler is SSLVPN, which can be used to provide access to all authorized applications and files from a Web browser over the Internet. It uses SSL as the underlying protocol and not the conventional VPN protocols, that's why the name SSLVPN. It does not require any client software or changes at the servers. However, it does download and install a small plugin the first time you access the SSLVPN from the client browser. For authentication it can use any LDAP or radius server, apart from having its own user list. Content filtering can protect attacks on Web servers at the layer 7 level. It can screen Web-server requests based on the content and match it against user-configured rules to allow, deny, drop and resetting the connection. Surge protection prevents the traffic surge to hit the servers by caching incoming requests after the server has reached its capacity. This way the sever does not get choked by receiving more requests than it can handle optimally. Priority queuing lets more important data to flow across when the available resources becomes short.

 The priorities can be set on the bases of URLs, cookies, etc. Integrated caching, content compression, server load balancing, DoS attack defense, etc are also useful features to deliver applications securely and efficiently.

The unit we received was based on an P III 1.26 GHz with 1 GB RAM and works on BSD, which is primarily only used for booting and the rest of the functionality is provided by their own kernel. The device can be accessed via telnet, SSH, serial console and a Web interface. The front LCD screen also shows real-time statistics about the device. The Web interface is Java based and makes it easy to configure the device. Although online help documents are provided, no context sensitive help is available. The Web-based statistical utility is good for knowing the status of the device, like the total data transmitted and received, number of current TCP connections and TCP-Syn attacks.

Overall, this is a useful device for organizations having huge traffic on their websites, offers good features like the SSLVPN and is easy to operate. But, it is not a buy and use product; you will have to analyze your setup carefully and deploy it appropriately. You may also not use all of the features together that the device offers.