InformationWeek - 6 Steps to Holiday-Proof Your Website

Demo Sizing Guide
Home / Reviews / InformationWeek - 6 Steps to Holiday-Proof Your Website

In an interview at Interop New York, Cisco's Justin Griffin shows how their wireless products can physically map radio sources by analyzing the spectrum. This allows you to detect rogue devices and sources of interference.
In reality, the holidays are just one scenario that might stress websites. You likely experience peaks and valleys in traffic and transactions throughout the year, depending on the particulars of your business. Promotional periods, a publicity boon, and new product lines could all influence traffic, as a few examples. Even big businesses aren't immune--witness's recent crash after it launched the Missoni for Target line.
To be clear, this problem--overwhelming demand--is relatively nice to have. It's certainly much better than malicious downtime from a denial-of-service attack or other website security issue. But strong customer demand isn't worth a dime if you can't support it.

I turned to Peter Melerud, VP of product management at Kemp Technologies, a load balancing and application delivery firm that specializes in SMBs. Here are the six steps he recommends for ensuring your website can stand the holiday frenzy--or any other spike in activity:

1. Plan for peaks, not averages. A fundamental step in steeling your website for activity surges is to get to know your traffic. Then you can make educated forecasts about future patterns. "SMBs, especially as we get closer to what could be a very profitable--and at the same time disastrous--time for them, should be looking at and predicting: How much traffic is my website going to get?" Melerud said.
Be sure to dig into the ratios and patterns of people browsing versus people converting--all traffic is not equal in terms of its impact on servers and systems, particularly as users move from unsecure browsing to an encrypted transaction. (More on that below.) Melerud emphasized the need to identify peak traffic patterns and plan for those high-water periods--not for business as usual. A common mistake, Melerud said, is to fully understand your site's traffic data but then use that knowledge to plan for averages rather than spikes.
"That's not the way to do it. Plan for peak usage," Melerud said. "[Whenever] online vendors experience their absolute peak usage, that's what they have to be prepared to support. Otherwise they can experience a crash and will have lost all of this business."

2. Bigger is not always better. A common misconception, according to Melerud, is to simply match expected traffic to server size. Don't just run out and buy a bigger server and assume it will do the job. While that might be suitable for some websites, Melerud said the strategy doesn't make sense for e-commerce and other transactional sites, which tend to be connection-intensive rather than processor-intensive as shoppers browse. Melerud advocates having a team of lower performing servers instead of one larger, high-performance machine.
"The idea is to be able to provide as many server instances as you can to allow for the concurrency in those connections," Melerud said.
This approach can produce a solid use-case for server virtualization, too: "It enables you to segment your physical server host into lots of virtual machines, or virtual private servers, so that you can get as much out of those resources as possible for that particular type of an application," Melerud said.

3. Achieve Balance. If you take the multiple server approach, you need to ensure usage is properly distributed across those machines. Load balancers and application delivery controllers (ADCs) were once big-ticket purchases, but a number of vendors (including Kemp) have driven costs down from tens of thousands of dollars to low four figures. There are both traditional hardware appliances as well as virtual ADCs.
"The load balancer is designed to be that traffic cop that manages all of these shoppers trying to come into your Web store," Melerud said. "It tries to figure out which of the servers can provide them with the best possible experience."

4. The security certificate problem. Security and consumer confidence are obviously as important as ever. Given that, Melerud noted a common, current issue: As many e-commerce sites upgrade to 2048-bit SSL encryption (from 1024-bit keys), they're not considering the increased demands on their infrastructure.
"Most administrators aren't realizing the huge impact that has on the performance of their servers," Melerud said, adding that it can bump up performance requirements on a server as much as sixfold. "They need to proactively plan for that, otherwise they can cause some serious problems."

5. Colocate. Colocating servers is still a good practice for SMBs that can afford to do so. "It makes sense to segment things out a bit," Melerud said. He added that virtualization, among other factors, has made the benefits of colocation more accessible for smaller companies. The main upside is that should one resource become overwhelmed or otherwise experience a critical problem, the proper setup can enable a company to dynamically move all affected users to a different, healthy resource without disrupting business.
"It's not as expensive as it used to be," Melerud said. "In fact, it can be quite affordable if you look at the virtual private server market."

6. Have a backup plan. Even SMBs with strong backup and recovery plans can overlook a version of Murphy's Law: "They forget that these failures happen at the worst possible time," Melerud said. "Any downtime, even if you've got everything backed up, is not optimal."
In fact, "backup plan" here means something more like "preemptive plan." Whether it's the holiday rush, a huge promotion or publicity stunt, or another factor, administrators need to be able to anticipate extreme situations and know what they'll do if their systems become deluged. Think the aforementioned Target example on a SMB scale. One possible plan: Being ready and able to flex out to Amazon Web Services or another cloud platform.
"The moral of the story is: Just doing a backup isn't the answer," Melerud said. "You've got to plan for more traffic than you can handle."

Start Powering Your Always-on Application Experience Today

30-Day Free Trial Contact Sales