The latest release of Ishlangu load balancer and application delivery controller is out now. It hasn't been very long since our previous instalment was released, but we couldn't hold back our excitement any longer.
XenServer and Hyper-V
Previously Ishlangu only came packaged as an ISO or OVF for VMWare vSphere. We now package Ishlangu for Citrix XenServer and Microsoft Hyper-V. This makes it even easier for you to install Ishlangu on your virtual infrastructure.
Under Support > Tools there is a new section called DNS Lookup. From here you can diagnose any DNS misconfiguration.
Web Content Optimization / Acceleration
For years Microsoft TMG and Microsoft's Unified Access Gateway (Which heavily relies on TMG for its application firewalling capabilities) gave organisations the ability to securely publish and load balance their enterprise web apps such as SharePoint, Exchange, Sage or Lync. However, as we've all come to understand, Microsoft has pulled the plug on their ForeFront Threat Management Gateway 2010 - Forefront Product Roadmaps Announcement. This leaves quite a few enterprises out in the cold.
One key feature of TMG, was that it offered customers a way to publish and protect workload servers such as Exchange Client Access Servers and Front-End Web Sharepoint Services; especially in Internet Facing deployments where a clean separation between critical infrastructure and the public internet is essential.
Figure 1 - Showing existing TMG deployment
How are organisations going to be able to achieve this without TMG? Shaka Technologies has the solution in their latest release of Ishlangu Application Delivery Controller. Introducing Ishlangu Application Access Plans With the latest release of Ishlangu, Shaka Technologies has introduced a new feature called Access Plans. Access Plans are user authorization and access controls you can assign to Ishlangu proxies. These plans authenticate user access to applications published with Ishlangu.
Figure 2 - Application deployments simplified with Ishlangu Access Plans
When an Access Plan is in use, a user will be presented with a customisable logon page. The user enters his/her credentials (for example, a logon name and password), which are then passed to the configured authentication service. In the event of a successful authentication, the client is allowed to access the application. However, if there was an authentication failure, the client will be blocked until valid credentials are provided.
Single Sign-on across Published Applications
Once a user has successfully authenticated, Ishlangu will then maintain that user's session, and if required provide single sign-onacross multiple sub-domains. Ishlangu single sign-on provides your users with seamless access to all your secure web applications (SharePoint, Exchange...) without having to login multiple times:
Video 1 - Ishlangu Access Plans and Single Sign-on in action!
uControl Script™ Integration with Access Plans
uControl Script™ is an easy-to-use tool that understands how web applications work, and provides real-time control of the traffic passing through Ishlangu. In fact, Ishlangu uControl Script™ is the most powerful way to manage applications. With uControl Script™ Access Plan integration, Ishlangu gives you the control to manage, monitor and log authenticated user sessions. For example you can log successful user access, clear user sessions that navigate away or request invalid URLs.
On top of all these great features, Ishlangu also provides Application Layer Firewalling, SSL Offloading, Load Balancing, Content Compression, Content Caching, Geo-IP Location Services, HTTP/TCP Multiplexing and High Availability to provide a highly scalable and secure web app publishing solution.
Large and small businesses are deploying vast numbers of internet facing applications to support ever expanding business requirements. This rapidly growing number of servers needs to be scalable and highly reliable. Above all, the access to these servers and services needs to be secure. With the new release of Ishlangu Application Delivery Controller, Shaka Technologies aims to deliver on customer security requirements for internet facing applications in a world without Forefront TMG. While continuing to address requirements for feature-rich and cost-effective application acceleration, scalability and high reliability.
If you haven't tried Ishlangu before, what is stopping you? Request a free trial now.
We are proud to announce the release of Ishlangu 1.3. The community provided us with some feature requests that we were more than happy to include in our latest instalment.
The Ishlangu administrative console now supports LDAP and Active Directory authentication. Administrators can now hook Ishlangu into the network's LDAP/AD service and login using accounts on those authentication servers.
Ishlangu now records events. A few examples of events include: Ishlangu license expiry, Health Monitor alerts, XSS injection attempts. These events, and more, will all be recorded in the event system. The latest events are reported to you on the Dashboard and all events can be viewed in the new 'Event Log' page.
Fine-Grained Access Control
You now have the power to control not only who has access to the Ishlangu admin console, but also what they have access to. If you want John to be able to create uControl Script rules, but not apply them to Proxies, you can! If you want Steve to view the reporting pages only, you can! With Ishlangu's Fine-Grained Access Control you can make sure users only see and do what they are supposed to.
This was a big one. The community wanted to know who did what (and when) to the system. Now, if John changes the connection timeout of a Proxy, Ishlangu will record when, who, where, and what was changed. A new proxy, you didn't know about, gets added to the system? You'll be able to find out who did it, and when. Ishlangu doesn't just tell you that something changed, it tells you what was changed. You'll be able to determine exactly what happened and who did it. Don't worry about having to scroll through pages of logs either. We have added a brand new section to the admin console that allows you to search the audit log for a specific user/group/ip to help you find out whats going on.
Single Sign On (SSO)
SSO is another community based feature request. Ishlangu can now automatically sign a user into one or more backend servers. Here is a quick example:
You have three sharepoint sites. Without an SSO solution, your users would have to log into each one of those sharepoint sites individually.
Put those three sites behind an Ishlangu unit and Ishlangu can handle the login on behalf of the user. When a unauthenticated user tries to access one of your sites, Ishlangu presents a login page to the user. Once the user successfully logs in, that user will be able to access content from any of those three sites without having to login again.
As far as we are aware, we are the only ADC that offers these features (especially the SSO) as standard.
We hope you enjoy the new features in this latest release of Ishlangu. If you haven't tried Ishlangu before, what is stopping you? Request a free trial now.
We have just released version 1.2. It has new features as well as important improvements and bug-fixes. Faster Cache
We've improved the performance of our HTTP cache. It now responds faster to requests meaning page load times are faster than ever.
Active Health Monitoring
Active Health Monitoring has been added in this release. Now you can monitor your back-end servers health by sending a PING or HTTP(s) request and inspecting the response. If the health check fails, the server will not receive any more requests. Once the health check succeeds, the server will become active again and Ishlangu will start forwarding requests to it.
New notifications have been added. Ishlangu now monitors the SSL certificates and license details. If an SSL certificate has expired, or is about to, Ishlangu will send out a notification to administrators so they can take appropriate action.
AV-Engine / Security Signatures
The AV-Engine and Security Signatures have been updated, giving you and your company peace of mind. Updating to the new release is so simple. Just navigate to the Updates page on your Ishlangu admin-console, click the download button, then click the install button. Pretty easy isn't it? Enjoy the new features... more are just around the corner!
There is no denying the correlation between site response times and business revenue. In such a ferociously competitive market, website performance is a factor too important to ignore for e-commerce organizations.
Factors of Speed
In most cases, poorly designed applications and websites are the major factor in site performance. More often than not, design of a website or front-end application is dictated by marketing and style. Users demand and interactive experience, with flashy animated pages with heavy graphics and videos. This may all look great once everything has loaded, but in reality what happens when it comes time to deliver and render all that content over the web? What is the true impact to the user experience and ultimately to your business revenue?
The truth is that, when it comes to delivering a positive online user experience, speed outweighs style: "The speed of website responses is a key factor affecting usability. Raw speed is one of the key attributes that can determine the quality of the user experience. In addition, Google's search engine uses website performance to determine the position of a Web page on search results pages. Therefore, investing in performance improvements will increase the benefits for website owners.” - Ray Valdes, Gartner, Q&A: Website Performance and User Experience. Other factors in website performance are latency, poor network connections and traffic spikes. On an average day, an online application or website may load in a reasonable amount time, but what about on days with extreme traffic loads? I am thinking about the run up to Christmas, Black Friday, major sporting events and Valentines Day. "57.3million Americans visited online retail sites on Black Friday, representing an increase of 18 percent versus a year ago."-Zach Epstein, BGR, Black Friday Sales Top $1 Billion, Cyber Monday Expected to Set Record As the rapid adoption of smartphones, tablets and e-readers continues to drive demand for digital books, audio, video and other online content; demand for fast and available online services is going to increase.
So What is the Solution?
In an ideal world, web applications would be designed for speed and load efficiency and all users would have 10Gbps network connections. However this is not realistic solution, so what is the alternative?
SPDY is a new protocol developed by Google in it's initiative to "make the web faster". It's protocol specification has officially been adopted for the HTTP/2 draft spec. SPDY achieves reduced page load latency using several techniques:
Full communication compression: SPDY compresses HTTP headers as well as the HTTP content.
Communication Multiplexing: Unlike HTTP which handles one request at a time in a single connection with response to requests made consecutively, SPDY handles multiple requests and responses concurrently using one connection.
Traffic Prioritization: SPDY allows for prioritization of traffic streams, data of higher priority can jump into the process of transportation of data of lower priority and can be transported earlier.
SPDY is already supported by Chrome/Chromium, Firefox and Opera browsers as well as all Android devices and the Kindle Fire.
Adopting a new protocol in your application environment is no simple task. Historically organizations needed to update their web server infrastructure to take advantage of SPDY's performance improvements, adding cost and complexity to their systems. With Ishlangu's SPDY Offloading capabilities, companies can take advantage of these performance improvements without updating their web application server infrastructure. Ishlangu delivers this capability by translating SPDY requests into HTTP on the back end.
Ishlangu Application Delivery Controller can significantly reduce web application latency and improve its availability by offloading CPU intensive tasks such as SSL processing, HTTP content compression, caching and network connection management. Allowing services to both run and scale efficiently, without the need to increase servers, bandwidth or network infrastructure.
Application delivery controllers are a corner stone of application delivery and acceleration. Garnter comments on the important role Application Delivery Controllers plays in optimizing application performance and availability:
"The application delivery controller has evolved into a key component of the data center architecture, and enterprises should evaluate ADCs based on how they integrate with this architecture and support more-advanced features, such as user and traffic control and monitoring." - Neil Rickard, Gartner, Magic Quadrant for Application Delivery Controllers
Ishlangu Application Delivery Controller can accelerate the delivery of your online applications and sites by deploying performance enhancing features such as SSL Offloading, HTTP Content Compression and Caching, SPDY Protocol Support, Content Re-Writing and Connection Management. This will ultimately lead to:
Improved end-user experience
Higher transaction and conversion rates
Increased brand loyalty and return visits
Reduced bandwidth consumption
Increased online visibility
Increased browse time on the site
More information about Ishlangu Application Delivery Controller can be found here.
Today, we are proud to announce the release of Ishlangu 1.1 This release comes just over a month since the first release back in November of this year. This will be the trend for Ishlangu releases. Ishlangu has a rapid release cycle, so you can expect amazing new features in a short span of time. The major new features of Ishlangu 1.1 are:
SPDY (pronounced "Speedy") protocol support
Geo-IP Location API for uControl Script
SPDY is a protocol that sits between SSL and HTTP to speed up requests and responses. SPDY was designed by Google to reduce latency and improve page load times. It is shown to improve page speed by up to 50%. If you have an SSL enabled proxy using any of the TLS versions, you will be able to enable SPDY support with just a single click. If a client doesn't support SPDY that's okay too! The client will just use SSL and HTTP to communicate with your proxy. Clients that support SPDY are Chrome, Firefox, and Opera, as well as any Android mobile device.
The Geo-IP Location API is a great tool for businesses. It can help you target your audience. If a client from Spain requests www.mysite.com you can redirect the client to your Spanish domain on www.mysite.es. You could even inform your back-end application of the client's country, city, or region based information, by adding headers to the request to be sent to the back-end server.
Remember upgrading to Ishlangu 1.1 is absolutely free. You get these great new features at no extra cost! Just go to the Updates section of the Ishlangu admin-console, download the update, and click the install button; then get ready to enjoy these brand new features.
Ishlangu includes GeoLite data created by MaxMind, available from http://www.maxmind.com
Cyber crime syndicates are always looking for ways to increase the opportunity to infect more machines with their malware. One way is to increase the lifetime of injections on websites. Usually the life span of injected code on a vulnerable website, depends on how fast the website administrator notices malicious content added to their web pages.
Image 1: The red arrow below shows the difference between the life span of typical malicious injected code and code injected by a rogue Apache module
One tactic used to increase the life span of injected code is to install rogue modules on compromised web servers. These modules hide themselves and the presence of injected code from website administrators. We are seeing an increase in the number and sale of web server rootkit tools which are used to inject and hide malicious code on compromised web servers. Web server administrators are mentioning on forums and blog articles of mysterious iframes with malicious payloads, magically appearing on different websites and constantly changing the injected URL.
According to underground forums this type of web server rootkit called “DarkLeach” is an Apache 2 module selling for $1,000. Features of this module include: iFrame injection of php/html/js files, allowing access to module from specific IP addresses, periodic updates of injected URLs.
Apart from injecting iFrames, this module ensures a long life span with it’s stealth mode features, including logging the IP addresses of server administrators, going quiet when the admin logs into the server or when someone connects to the server with the logged IPs, disabling the module when a system scanner such as rkhunter or tcpdump are used.
The author of the module goes on to show the statistics of how successful this module is when used with exploit kits:
Image 2: Stats from exploit kits showing successful exploits with the help of the Web server Apache rogue module
As you can see this type of attack is widely used and can have a detrimental effect on a companies’ reputation. For instance TradingForex.com was recently affected by a similar attack. FOREX trading website was injected with a malicious Java applet, which could install malware on the affected systems of the site's users. FOREX is the foreign exchange market where international currencies are traded, and nowadays, it's used by millions of people around the world. TradingForex.com provides tools for forex trading online, which users trusted was secure. However after this recent attack, users will think twice about using their services due to the lack of security and the possibility of their system’s being compromised.
Ishlangu gives web server administrators piece of mind, by surrounding their websites and web applications with a fortified security perimeter. This provides robust defenses against exploits aimed at vulnerable application frameworks such as Joomla and WordPress which cyber criminals use to compromise web servers and install malicious modules such as DarkLeach.
Ishlangu’s Application Firewall establishes a secure session identifier, proactively secures cookies, URLs, Form Fields and thoroughly inspects all data sent and received by the application; ensuring malicious users do not exploit the stateless nature of HTTP transactions.
Protect your websites, your users and most importantly your reputation from attack. Download a free trial of Ishlangu and see for yourself.