Responding to Coronavirus: Six Ways to Improve App Availability and Performance for Your End Users

Responding to Coronavirus: Six Ways to Improve App Availability and Performance for Your End Users

Posted by HSSL Systems Integrators on Apr 4th 2020

The impact of coronavirus (COVID-19) on organizations around the world has been significant, altering day-to-day life for millions of people. Each one of us is grappling with challenging personal issues, all the while trying to do the right thing for our businesses, our coworkers, and our customers. If you’re an IT professional, you are also likely on the front lines of a host of new business continuity challenges. You need to respond quickly to unprecedented changes in work schedules, remote access to applications, and spikes in networking and data demands. Any of these can result in sluggish application health and performance due to over-taxed resources—affecting your ability to serve customers as they adapt to COVID-19.

Apart from scaling your remote access, F5 has several recommendations that can help with flagging application availability and performance. The following are six optimizations you can implement now using F5 BIG-IP solutions to improve your end users’ experiences, along with additional resources to help you to learn more.

1. Use SSL Offload for BIG-IP LTM

Most Internet traffic is now encrypted. While this may not have been an issue before COVID-19, the anticipated higher traffic load may put strain on your back-end servers due to the additional processing. With BIG-IP Local Traffic Manager (LTM) in front of your web applications, you can use available SSL offload capabilities. So, if your security posture allows it, we recommend that you transfer the SSL load to your BIG-IP LTM and relieve your back-end servers. This should help improve app availability and user experience.

For more information, start here. 

2. Turn on BIG-IP LTM Optimizations

Several optimizations that are standard BIG-IP LTM capabilities can be made to more efficiently use resources. These include the following:

OneConnect is a feature that relieves the overhead of TCP connection setup to the servers by taking TCP connections from many clients, while establishing only one connection to the back-end servers. Some servers may use the incoming IP address to perform functions like targeted advertising. This information, in a OneConnect model, can be preserved in the HTTP headers, utilizing a property called X-Forwarded-For. See how this works here.

Compression can be enabled to speed up the client experience from BIG-IP LTM to the client. Because compression reduces the data downloaded by clients, adding compression profiles on your BIG-IP devices can help improve performance. Read about this here.

Caching is another way of relieving server load, by only requesting content which is known to change, while caching and delivering the rest to the client upon request from a BIG-IP appliance. This feature is highly configurable. Learn about it here.

HTTP/2 can be used to improve performance by using fewer TCP connections similar to OneConnect. This may be an opportune time to look to implement HTTP/2. HTTP/2 is supported both client-side and server-side. Review this article for information on support for different releases.

3. Right-Size Your Performance Bandwidth for Existing BIG-IP VE Instances

To manage the increased bandwidth to your apps, we recommend validating that you have the right BIG-IP Virtual Edition (VE) performance option in place (as BIG-IP VE instances can range from 25M to over 100G in throughput). Confirm that the VE license you have, whether running in a public or private cloud environment, allows for the traffic you are now observing.

The steps to upgrade your license—say from a BIG-IP LTM 25M to 200M, or 200M to 1G—are simple.

First: Obtain a throughput upgrade add-on registration key or a new base registration key from your F5 account manager.

Second: Input that information into the BIG-IP GUI.

Be aware that traffic processing is briefly interrupted while the BIG-IP system reloads the configuration. Make sure that the compute instance size and adapter you’re using meets your needs. BIG-IP LTM can be scaled to 100G and more, but it will need appropriate compute resources to do so.

Read more here.

4. Finetune Your BIG-IP DNS Rules to Optimize Traffic Load Across Global Sites

The COVID-19 pandemic is impacting locations around the world in different ways and at different times, so it’s understandable that localized traffic patterns are uneven. There may be breaking news in certain “hot spots” that causes ripple effects with websites getting overloaded. But if you have multiple hosting locations, you can consider changing the GSLB rules to favor a site in a further away location to someplace with less stressed servers. This may yield better results more quickly and easily than expanding capacity in one location. 

Since VPN traffic is typically routed through centralized IT resources, customers can have a fine-grained control over where to send their clients with BIG-IP DNS as well as most integrated monitoring solution. In addition, BIG-IP DNS can be set up to reroute traffic dynamically to a public cloud environment such as AWS with elastic resources based on capacity or pool member health thresholds. You can redirect traffic loads and set up autoscaling for additional capacity before customers or users start to see performance problems.

For more information, start here with a GSLB introduction and more details on public cloud implementations.

5. Add Visibility and Analytics to your Existing Environment to Understand Performance Bottlenecks

If you start to get calls about “slow applications,” you will need to be able to respond and pinpoint application vs. network latency issues. Having deep visibility and analytics will help you get answers faster. So you may want to familiarize yourself with BIG-IQ Centralized Management, which allows you to assess and manage the performance and health of your BIG-IP estate and supported applications wherever deployed. From a single unified GUI—accessible from anywhere—users can troubleshoot issues, investigate security incidents, and control remote access policies and permissions. With exponential increase in new remote workers, having greater visibility into application security will save you time in assessing how your defenses are holding up.

If you need to, start your free trial and get up to speed with the free Getting Started online course.

6. Make Sure Your ISP Speeds Meet Your Needs

This may seem obvious, but make sure your ISP speeds meet your needs. Remember that if you host remote access or your web servers on premises and you are using your main Internet connection for both Internet access and hosting, ISP speeds can be asymmetric. You may now require higher inbound speeds.

In addition, you should validate whether you have enough upstream and downstream bandwidth to cope with a higher number of concurrent VPN users. Often an organization’s security policies mandate that when remote users are on the corporate VPN, all traffic, including Internet traffic (such as Zoom or Netflix video streaming), goes through the organization’s IT resources for policy enforcement. So again, contact your ISP or consider adapting your VPN security policy in the short-term.