The BIG-IP WebAccelerator joins ranks with the Local Traffic Manager and the Global Traffic Manager as modules that received some major upgrades with version 10.  Not familiar with the WebAccelerator?  Affectionately called WA in these parts, the WebAccelerator is "an advanced Web application delivery solution that provides a series of intelligent technologies that overcome performance issues involving browsers, Web application platforms, and WAN latency."  That's straight from the glossy, I couldn't say it any better than that.  The DevCentral team has been filming a documentary series (Real IT, check it out!) on speeding up the site for our users in China that banks on the success of the WA, and successful it is.  In this week's episode, we had the "Go Live" moment and the benefits of our WA deployment were immediately noticeable.  Sixteen - Twenty second page loads dropped to sub-three second loads.  Pretty impressive.  But enough about how cool WA is, let's move on to the major enhancements to the module.

 

Signed Acceleration Policies

This feature allows you or any third-party consultant, vendor, friend, foe, etc, to create and encrypt WA policies.  DRM Signed policies can't be viewed, trimmed, or expanded, enabling the policy creator to protect their intellectual property while distributing for use, either through their generosity or for a cost.  Policies are also keyed to a specific system so they cannot be shared.  Signing  internal to an organization makes sense as well as it can be validated as authentic before use, and hide the details from curious technicians who might otherwise attempt changes.  These signed policies can only be used on version 10 systems.  Note that importing a signed policy in an earlier version of WA will work, and you will even be able to assign it, but it will not contain any rules, so don't do it!   The process is simple.  First, the recipient and the publisher exchange certificates.  Second, the publisher exports the policy, keying it to the specific WA system.  And finally, the recipient imports the policy.

 signed_cert

Integration with Application Security Manager / Protocol Security Manager

Prior to version 10, WA could not co-exist on the same platform with ASM/PSM.  The Protocol Security Module, which provides security for HTTP, SMTP, & FTP, or its much bigger brother Application Security Module, an award-winning web application firewall, can now be deployed together with WA on the 6900/8900 hardware platforms.  Some shy away from the whole "Network in a Box" architecture, but for those who appreciate the approach, it's now possible.  WA effectively sits in front of the ASM (see below), caching only content the ASM has deemed valid.  For details on the configuration process, reference chapter 29 in the LTM Implementations Guide

 wam_asm_integration

Fully Integrated into TMOS as a plugin

In version 9, WA was integrated into TMOS as a vip-sandwich, resting in between proxy instances, but that changes with version 10 as it is now a fully integrated TMOS plugin.  Not only is this an obvious performance gain, but it also allows for the integration with other modules, something that was not possible previously.  The architecture migration is depicted in the graphic below.

 

 wam_arch

 

Follow me on Twitter Follow me on LinkedIn Follow me on Facebook Add to Technorati Favorites