Application Assurance Enables Mission Assurance

Application Assurance consists of the people, processes and technologies to ensure responsive, survivable and secure application services. Application Delivery Controllers (ADC) are used today to deliver Application Assurance.
Michael Bomba - Federal Solutions Architect - KEMP Technologies

KEMP Government Clients

 

Mission Assurance

Network Centric Warfare requires access to timely, trustworthy information during all phases of operations. The most common way information is accessed is thru applications. This white paper addresses the critical need to address Application Assurance to ensure survivable, secure and timely delivery of information to the operator.

Current State

We have spent millions in defending our networks, servers, PCs and mobile devices because we have recognized our mission (our business) depends on being able to access our applications reliably and securely.  Sometimes we forget the reason for these investments is to assured access to information and many of us have not addressed application security properly.

Security best practices define security measures that should be employed at the edge of every network enclave. These measures include network firewalls, network intrusion prevention services, and application-level firewalls. While network firewalls have advanced to include some application level checks, they are not purpose-built for application security and more importantly, they are run by network security personnel, not application security personnel. What this typically results in is network security personnel adversely impacting application performance and availability while trying to address application security concerns.

The Problem

The most informed resources you have on your applications are your application administrators. They know what the application needs to satisfy the consumer. They are responsible for fixing any application-level security issues; yet, they are often not in control of the technology needed to manage application security and overall risk. The technology they desperately need is currently embodied in Application Delivery Controllers (ADC).

In the past, ADCs were expensive, complicated and manpower intensive. This resulted in centralization of application delivery controllers and attempted management of these as shared resources for large numbers of applications. Setting these up for a large number of applications made it difficult to tailor them for each individual application. It also removed them from the people that need them, the application administrators.

The Solution

KEMP ADCs focus on application assurance, delivering application security, availability and performance, to ensure you can execute your business no matter where your applications are hosted, all in an affordable and easy-to-use platform.

Placing KEMP ADCs closer to applications and enabling application administrators access to these devices will allow them to establish fine-grained access controls as well as establish appropriate application-level firewall settings to defend the applications and associated information they are accountable for.

The Details

Specific security features KEMP provides include SSL Reverse Proxy, distributed denial of service (DDOS) mitigation, web application firewall (break-and-inspect-and-defeat), URL matching and rewrite, pre-authentication, multifactor authentication, access control lists, FIPS 140-2 grade encryption, Domain Name Service Security (DNSSEC), support for enhanced key management and storage (external high security module support), extensive auditing, and integration with third party security management tools.

Assured Security of Information

  • We encrypt information from the application to the consumer using federally certified encryption (FIPS 140-2).
  • We pre-authenticate users before allowing them to connect to the application servers.
  • We provide Common Access Card (CAC) / Personal Identity Verification (PIV) certificate-based authentication.
  • We provide Kerberos Constrained Delegation translating certificate authentication to Kerberos authentication.
  • We provide Security Assertion Markup Language (SAML) authentication brokering.
  • We provide reverse proxy services to ensure users must transit the ADC before connecting to the application.
  • We provide per application Web Application Firewall to protect against application-level attacks.
  • We provide per application access control list (ACL) to further restrict who can connect to the application.
  • We provide for authentication of DNS queries to protect against DNS spoofing attacks.

Assured Availability of Information

  • We provide global multisite load balancing to enable application survivability.
  • We know what application instances are working and which ones are degraded or unavailable.
  • We direct users to application instances that perform best to ensure optimal experience.
  • We provide mitigation for distributed denial of service (DDOS) attacks.
  • We report application degradation or unavailability to enterprise management tools.

Assured Performance of Information

  • Having applications available, but performing poorly, results in slow delivery of information.
  • We ensure users are connected to the best performing application instances.
  • We accelerate delivery of information by caching information as part of our reverse proxy service.
  • We accelerate delivery of information by compressing the information before transmitting to the user.
  • We accelerate delivery of information by multiplexing connection requests to application servers.
  • We accelerate delivery of information by providing a HTTP2 gateway service.

The Evolution of Application Delivery

Until recently, the entry point for server Load Balancing and advanced application delivery was often cost-prohibitive for Government agencies with strict budget constraints. There are many metrics related to total cost of ownership (TCO), and often manpower becomes the single most expensive portion of TCO. Next generation ADCs focus on ease of use and allow for the use of junior network technicians for the operations of ADCs, as well as eliminating the need for expensive consulting services agreements that were the norm for legacy ADC manufacturers.

Today, affordable yet advanced Application Delivery Controller solutions providing intelligent features are now available. KEMP Technologies is proud to have been a pioneer in making this a reality for the various Government Agencies that have become clients of the KEMP LoadMaster platform.

The Case for KEMP Technologies’ Application Delivery Controllers

KEMP Technologies is an industry leader in the Application Delivery space and works with Federal, State and local government clients across North America as well as with remote deployments of our Armed Forces to ensure the high availability and optimization of critical infrastructure and applications at a mere fraction of the cost of the competition. KEMP’s LoadMaster suite of Load Balancing and application delivery products simplify the management of networked application resources, while optimizing and accelerating user access to application services.

KEMP’s award-winning and field-tested LoadMaster Operating System (LMOS) are available as cloud appliances, virtual appliances, physical appliances and installable ISO. KEMP has solutions for Azure, Azure for Government, AWS, AWS GovCloud, VMware, Hyper-V, Virtual Box, KVM, XEN, and physical datacenters enabling Private, Public, Hybrid and traditional data center architectures.

Summary

Mission Assurance requires timely access to trustworthy information. Information must be available when applications fail inside a single data center and when entire data centers are unavailable. Application Assurance addresses the processes and technologies necessary to ensure Mission Assurance.

Application Assurance ensures the survivability, security and timely delivery of information to the operator. This is accomplished using commercially available application delivery controller technologies. Without ADCs, it is not possible to build information systems that guarantee availability of information, especially during degraded conditions.

KEMP builds to U.S. Federal standards. FIPS 140-2 certified encryption (we don't just claim we do encryption correctly, we have the federal labs test and the U.S. Government certify we do it properly) is included. Multifactor authentication (including Common Access Card certificate-based access) is included. Reverse proxy (ensuring no one can directly connect to your applications) is included. Web Application Firewall (to mitigate application level attacks) is included.

KEMP LoadMaster ADCs are listed on the DoDIN Approved Products List under the Cybersecurity Tools (CST) section.

KEMP Technologies’ application delivery controllers deliver easy to operate, cost effective solutions, to ensure critical applications will be delivered securely, reliably and without interruption. Learn more about KEMP Technologies at http://www.kemptechnologies.com

More KEMP Resources

Free Trial Download - Virtual Load Balancer

Video: KEMP Web Application Firewall

KEMP Solutions for US Government