• Jump to navigation

ZXTM - Zeus Extensible Traffic Manager

A high performance Traffic Manager

Free Trial Downloads:

Run the Desktop Evaluator license on any Windows or Linux system and learn how to configure and manage a versatile application traffic manager. Includes example exercises and training materials. Click the Desktop Evaluator button to download.

Already know about ZXTM? Click the Full Evaluation button. Includes full technical assistance

Application Traffic ManagementZXTM (Zeus Extensible Traffic Manager) manages your application traffic, inspecting, transforming and routing requests as it load-balances them across the application infrastructure. The powerful TrafficScript engine lets you implement whatever traffic management policies are most appropriate for your enterprise, drawing on the whole range of capabilities of ZXTM.

ZXTM is available as software, as hardware appliances and as a Virtual Appliance (for VMware Virtual Infrastructure 3 and Windows Virtual Server 2005 R2).

Capabilities and Benefits:

Application Acceleration

By placing ZXTM in front of your networked and web-enabled applications, you can boost the number of transactions your infrastructure can handle, and dramatically increase the speed and responsiveness that your users experience.

ZXTM offloads compute-intensive tasks, and the integrated Content Caching reduces the load on your infrastructure. TCP offload, Traffic buffering, and HTTP optimizations produce the optimum environment for your applications to run at peak performance and capacity.

Through its unique software architecture and high-performance process model, Zeus Extensible Traffic Manager (ZXTM) accelerates the performance of your existing application infrastructure by:

• Acting as a data buffer between the application server and slow, unreliable Internet connections, ensuring that the application only sees quick requests over a reliable LAN connection, and so keeps system resource allocated for the shortest duration possible;
• Preventing excessive load on any one application server through effective cluster management and server selection;
• Offloading CPU-intensive tasks such as SSL and XSLT processing from the application server onto ZXTM itself, which has been optimized for those tasks.

In each case, the application goes faster because it has less work to do. It uses the processing power freed up to handle more transactions and is therefore more productive.

Both hardware appliances and software solutions, through performance tuning and / or additional processing power, can act as application accelerators. However, the significant additional cost of having a number of dedicated accelerator units often outweighs the benefits they yield. The trend is now for multi-capability units which, along with advanced load balancing and traffic management capabilities, provide application acceleration to the cluster of servers they manage. ZXTM saves you the additional cost of buying and racking separate application acceleration appliances by combining both application-aware traffic management and acceleration into a single unit.

ZXTM can be used to perform SSL decryption on behalf of your network services. Because ZXTM uses Zeus Technology's own SSL implementation in combination with US Government-approved RSA cryptographic libraries, the price / performance ratio offered is unequalled by any other SSL solution, as testified by Zeus' dominance of the industry-standard SPECweb99_SSL benchmarks.

A new area in which ZXTM can accelerate your applications is when one application needs to share data with another, requiring the translation of one dialect of XML into another via the open standard mechanism called Extensible Stylesheet Language Transformations (XSLT). ZXTM can perform the XSLT translation of data from one dialect of XML to another on behalf of applications communicating with each other either over a corporate Local Area Network, or between separate companies over the wider Internet.

As with other products in Zeus Technology's product portfolio, the unique and highly-efficient process architecture of ZXTM allows it to buffer data between the application server and slow, unreliable Internet connections. This ensures that the application only sees quick requests over a reliable LAN connection, and so the application keeps system resource allocated for the shortest duration possible. This acceleration effect is most noticable in process- or thread-based application servers, for instance Apache web server.

A single ZXTM running on standard dual AMD Opteron hardware can achieve:

• over 87,000 requests per second
• over 20,000 content compression operations per second
• over 2.5 Gbit/s throughput
• over 4,500 SSL transactions per second

Dual-core processors deliver twice the SSL and content processing power. This performance compares favorably with competing products nearly three times the cost, making ZXTM the most cost-effective option. Capacity can be grown linearly by scaling out the number of units. ZXTM allows you to cluster as many front-end traffic managers as you require in fully-active or mixed active / standby clusters to ensure that your traffic management layer is not a performance bottleneck. Unique TrafficClusterâ„¢ scalability technology in ZXTM allows you to do this in a fault-tolerant setup without the constraint of having to pair units. ZXTM is easily configured from any unit (redundant administrative interface) and incoming traffic can be distributed intelligently across all the front-ends with only a single traffic IP address.

Sizing your ZXTM cluster appropriately for your current and future needs is best achieved by evaluation within your own network. This is because a wide range of variables will affect performance, such as:

• number of simultaneous connections;
• number of requests per second;
• duration of requests;
• amount of bandwidth to be managed;
• number of TrafficScript rules to be applied to traffic;
• whether SSL decryption / re-encrpytion is performed;
• whether XML parsing / XSLT translation is performance.

When in use, ZXTM itself can provide you with detailed real-time and historical traffic data which you can use to determine whether you will need additional traffic management units to increase your overall capacity.

Offloading SSL to ZXTM - ZXTM can be used to perform SSL decryption on behalf of your network services. Offloading CPU intensive processing such as SSL and XML frees up application servers such as BEA WebLogicâ„¢ and IBM Websphere to do their own specialist tasks, greatly enhancing their performance and return on investment. Because ZXTM uses Zeus Technology's own SSL implementation in combination with US Government-approved RSA cryptographic libraries, the price / performance ratio offered is unequalled by any other SSL solution, as testified by Zeus' dominance of the industry-standard SPECweb99_SSL benchmarks.

Ensuring the security of Internet traffic using SSL connections can quickly cripple a server's performance because of math-intensive encryption and decryption calculations. Servers that can handle hundreds or thousands of ordinary connections per second slow to a crawl when serving SSL connections. Having bursts or peaks in Internet usage can compound the problem exponentially. ZXTM will alleviate these difficulties by taking over the SSL processing with its efficient and cost-effective process architecture.

Certain hardware has been optimized specifically to provide an extra boost to performance when dealing with the complex computations associated with SSL transactions. ZXTM takes full advantage of these SSL optimizations and is available in 64-bit as well as 32-bit editions.

Web Content Caching - Content caching greatly reduces the number of requests that must be forwarded on to web or application servers, reducing back-end application load, data transit times and bandwidth usage. ZXTM is able to store local copies of frequently-viewed web pages, images and other content, ensuring you get more value out of your existing web or application server cluster.

Offloading XSLT Processing to ZXTM - XSLT (Extensible Stylesheet Language Transformations) processing by ZXTM is another example of offloading specific tasks to an application specifically optimized for the job. Even if you don't use XML to exchange data between applications today, it is inevitable that you will, given the reliance application vendors have on XML already. The problem is that each application will speak its own dialect of XML; each are compatible, but require translation.

Through XSLT, TrafficScript acts as the translator between applications speaking different dialects of XML. This means that you only have to translate in one place, not many. ZXTM is XML-ready. When you start using XML-enabled applications, you will be able to increase their ROI immediately by offloading XSLT processing to ZXTM.

Service Reliability

Detect and work around application and hardware failures, ensuring your services have the best possible availability, whatever the circumstances.

Active and Passive Health monitors and continual network performance monitoring ensures that client requests are load-balanced across the fastest servers in your infrastructure, ZXTM's TrafficCluster scalability protects against compound failures at all levels.

Many of the Traffic Management capabilities of ZXTM enhance the securityand reliabity of your application infrastructure:

• Request Rate Shaping and Bandwidth Shaping prevent your infrastructure from being overwhelmed by requests and limit the resources that can be saturated by greedy or malicious users.
• Application Traffic Inspection using TrafficScript lets you inspect and filter requests and responses, preventing known attacks and preventing information leakage.
• ZXTM's Traffic Valuation and Prioritization (pdf) capabilities ensure that valuable application traffic is given priority, and other traffic is managed to minimise its impact on critical services.

Resilient Server Load Balancing - ZXTM allows you to create a fully fault-tolerant cluster of server machines by protecting against failures of back-end server nodes and front-end traffic manager units. Providing that sufficient balancer and server machines are functioning, the cluster will continue to operate without failure.

If a server goes down, you need to know that your web sites will keep running. ZXTM can seamlessly handle server failure, redirecting traffic to a different, healthy machine without your customer ever knowing. What's more, because ZXTM can be deployed in a horizontally-scalable TrafficCluster, if a traffic manager unit is unavailable, another unit will automatically handle the traffic until the problem is fixed.

ZXTM is a pure software application. It is built on top of the same high-performance core architecture as the award-winning Zeus Web Server and Zeus Extensible Traffic Manager.

As a result of its application awareness, ZXTM is best deployed close to the servers it is managing. If you need to make sophisticated traffic management decisions, and need to closely monitor the health of the services you are hosting, ZXTM is optimally suited for this environment.

ZXTM offers far more than a traditional load balancing solution. Its traffic management capabilities bring much more flexibility and fine-grained application layer control than is possible with most pure- hardware load balancing solutions. Because ZXTM supports a range of platforms and operating systems and runs on commodity hardware, its performance can easily and cost-effectively be grown as required.

Application Security

Mitigate flash floods, filter invalid or malicious requests, apply access controls - all to be confident that your applications are hardened and your user data is safe.

Total server isolation, request and response scrubbing, request validation and request rate shaping all protect your application infrastructure from directattacks, invalid or malformed requests and malicious or incidental flash floodsthat would otherwise impair the level of service you provide.

ZXTM is a key component of your security solution. It is secure out-of-the-box, hardened against intrusion and Denial-of-Service (DoS) attacks, and is designed from the outset with security in mind. Our outstanding security track record and the incorporation of the latest and strongest encryption technologies in our products ensure peace of mind for both you and your customers.

Secure By Default - Of the potential ways an intruder may gain access to sensitive data, using default passwords or 'sniffing' unencrypted passwords are often effective against network components which are not secure by default. ZXTM makes use of a variety of techniques to ensure that from the moment it starts up, it is a secure and no-risk enhancement to your network:

• Access to ZXTM's web-based user interface is permitted only over an encrypted connection, so eavesdropping on the connection is prevented. Where passwords are stored within ZXTM, they are always stored securely as encrypted hashes.
• All network communication between ZXTM instances is over an encrypted channel to ensure that no sensitive configuration data is betrayed to unintended third parties sniffing the network. This means that your configuration information is secure all the way from your web browser to each of the ZXTM units.
• ZXTM has been rigorously tested prior to release to ensure that it does not introduce any vulnerabilities on to your network. In addition, ZXTM can be used to protect more vulnerable services on your network in a number of ways, for instance by acting as a SSL proxy to unencrypted application servers, by performing request filtering to discard malicious requests or by mitigating against distributed Denial-of-Service attacks.

ZXTM provides support for SSL decryption, as well as more advanced features such as SSL client certificates, CRLs and TLS. End-to-end security of your managed Internet services is assured using our native SSL decryption and re-encryption. While not necessary to take advantage of this functionality, hardware cryptographic accelerators cards can also be used with ZXTM.

FIPS-certified SSL and Key Management - The Federal Information Processing Standard (FIPS) 140-2 is the US National Institute for Standards and Technology's (NIST) latest security standard for cryptographic modules.

It has also been adopted by the Canadian Security Establishment (CSE), and while not mandatory, has also been adopted by many financial institutions worldwide. FIPS 140-2 level 3 means that the SSL cryptography and key management is performed within tamper-proofhardware.

ZXTM currently supports the following nCipher products:

• NetHSM - This is a FIPS 140-2 Level 3 compliant network attached Hardware Security Module (HSM) that provides a shareable cryptographic resource for multiple servers. It can be used to securely manage and store the SSL private keys used by ZXTM for SSL offload. NetHSM is supported by ZXTM and ZXTM-LB software and appliances.
• nForce - The nForce is a FIPS 140-2 (Levels 1 and 3) compliant PCI card, providing tamperproof key management and hardware SSL acceleration for individual servers. The nForce is supported by the software version of ZXTM and ZXTM LB only.

Many of the Traffic Management capabilities of ZXTM enhance the security and reliabity of your application infrastructure:

• Request Rate Shaping and Bandwidth Shaping prevent your infrastructure from being overwhelmed by requests and limit the resources that can be saturated by greedy or malicious users.
• Application Traffic Inspection using TrafficScript lets you inspect and filter requests and responses, preventing known attacks and preventing information leakage.
• ZXTM's Traffic Valuation and Prioritization capabilities ensure that valuable application traffic is given priority, and other traffic is managed to minimise its impact on critical services.

• TrafficScript - Powerful and Intuitive Application Management - TrafficScript is the customization language in ZXTM. It makes it easy to create powerful Traffic Management rules that define how ZXTM manages your application traffic.
• Ease and speed of installation - Ease of using Traffic Management Software; Goal-Oriented User Interface; broad protocol support.
• Session Persistence - ZXTM can read and understand requests, and then direct appropriately, maintaining application sessions where required.
• Bandwidth Shaping and Control
• Request Rate Shaping - allows you to specify limits on a wide range of events, with very finegrained control over how events are identified.
• Forward Proxy Mode
• SOAP Based Control API
• Service Level Management & Enforcement
• Keeping Track with the Catalog - By its nature, ZXTM will be expected to deal with many back-end nodes, services, TrafficScriptâ„¢ rules and SSL certificates. ZXTM makes your life easy by keeping everything in the Catalog, an ordered collection of all the things that it manages.
• Web Services - XML Management - The extensibility of XML is well-suited to application-to-application communication methods such as the Simple Object Access Protocol (SOAP) employed in Web Services such as J2EE,.NET and Mono. As business logic is often embedded within the XML language, ZXTM allows you to parse the XML payload of requests using the XPath query language and make informed routing decisions on a basis of that business logic.

Protocol and Application Support

• Application servers: WebLogic, IBM WebSphere, Oracle, JBoss, SAP, PeopleSoft, Siebel, Apache TomCat, Caucho Resin, Sun Java System Application Server, GlassFish, etc.
• Web Servers: Apache, Zeus Web Server, IIS, SunONE, iPlanet, etc.
• Web Applications: Exchange, Sharepoint, Outlook Web Access, etc.
• Media Delivery: Windows Media Services, other HTTP-based media delivery
• Next-generation protocols, including on-the-fly acceleration, inspection and modification of SOA/XML and Web2.0/AJAX traffic
• Detailed inspection and modification of long-lived protocols such as SMTP, POP3, IMAP and database sessions
• FTP, DNS, almost any TCP or UDP-based protocol

ZXTM's TrafficScript Rules Language can inspect, modify and route any TCP or UDP protocol.

• Home
• Solutions
• Products
  • Alcatel-Lucent
  • Allot Communications
  • Avocent / Cyclades
  • Barracuda Networks
  • Blue Coat
  • Bluecat Networks
  • Bluesocket
  • ConSentry Networks
  • Juniper Networks
  • Zeus Technologies
• Services
• Case Studies
• Positioning Papers
• News
• Contact

1-3 Merietts Court
Long Ashton Business Park
Long Ashton, Bristol
England, UK
BS41 9LW

T: +44 (0) 1275 393382
T: +44 (0) 870 0434705
F: +44 (0) 1275 395119

E: info@ip-performance.co.uk

Site Map

Technologies

Select a technology to examine Select a technology Anti-VirusAppliance VirtualisationApplication OptimisationBandwidth ManagementDNS & DHCP ManagementIP Address Management (IPAM)IP Routing & SwitchingIP SecurityRemote & OOB ManagementServer Load BalancingTraffic ManagementUnified CommunicationsWeb FilteringWireless Networking

Vendors

Select a vendor to examine Select a vendor Alcatel-LucentAllot CommunicationsAvocent / CycladesBarracuda NetworksBlue CoatBluecat NetworksBluesocketConSentry NetworksJuniper NetworksZeus Technologies