1. Field of the Invention
The present invention relates to a network appliance for managing a variety of software and network services, such as access method and load balancing services. Various aspects of the present invention are particularly applicable to a network appliance that cooperates with other network appliances to provide multiple software and network services with high reliability.
2. Description of Related Art
In the last decade, the use of electronic computer networks has exploded. Electronic computer networks may be found in businesses, schools, hospitals, and even residences. With these networks, two or more computing devices communicate together to exchange packets of data according to one or more standard protocols, such as the TCP/IP protocols. Usually, one computer, often referred to as a “client,” requests that a second computer perform a service. In response, the second computer, often referred to as a “server,” performs the service and communicates the resulting data back to the first computer. Some computer networks may also include one or more switches, for providing connectivity between one or more clients and one or more servers.
Larger networks may include additional components to manage communications between clients and servers. For example, a large network having multiple servers may include one or more load balancers, to route client communications among the server computers. A load balancer may direct a client communication to a server based upon the workload of other servers in the network, or to ensure that a communication carrying data affiliated with a specific server is properly directed to that server. If a network performs a vital purpose, the network may duplicate one or more components for redundancy, in the event that a component fails.
FIG. 1 illustrates one example of a conventional communication network 101. More particularly, the network 101 may be employed to provide a client computer with secure access through a public network 103, such as the Internet, to a private network or “Intranet” 105. As seen in this Figure, the communication network 101 includes a first group of switches 107, a group of load balancers 109, a second group of switches 111, a group of access servers 113, and a third group of switches 115. As will be appreciated by those of ordinary skill in the art, the networks 101, 103 and 105 also will include one or more routers (not shown) for routing communications between the networks to a specified network address.
To use the communication network 101, a client computer transmits a communication through the Internet 103 to a switch 107. The illustrated network 101 includes two switches 107, but other implementations of the network 101 may include only a single switch 107 or three or more switches 107 as desired, depending upon the amount of redundancy desired in the network. The switch 107 receiving the communication delivers it to a load balancer 109. As will be appreciated by those of ordinary skill in the art, the load balancer 109 is a computing device that directs incoming communications to an access server 113 through a switch 111. For example, if a communication is new, the load balancer 109 may route the communication to the access server 113 that is currently handling the fewest communications. Alternately, the load balancer 109 may employ a “round robin” process to assign each new communication to the next access server 113 in an ordered list. If, however, the communication includes data that is affiliated with a particular access server 113, as will be explained in more detail below, then the load balancer 109 may route the communication to that particular access server 113.
The access server 113 provides one or more platform services, including at least one access method service for securely accessing the Intranet 105. For example, the access server 113A may provide an extranet Web service (EW), which allows a client computer to securely access the Intranet 105 through a browser using an encryption technique such as, for example, the Secure Sockets Layer (SSL) encryption technique. The access server 113A may also provide a node management (NM) service and a repository service for storing information, such as local authentication information like user names, passwords, and digital certificates. The repository service may also be used to store user personal profile information, such as user names, single sign-on credentials for intranet servers, bookmarks and the like. The repository service may be, e.g., a directory employing the Lightweight Directory Access Protocol (LDAP).
The access server 113A may also provide a distributed cache service which shares and replicates useful data among multiple access servers 113. The access server 113B may then alternately provide a virtual private network (VPN) service, which allows a client computer to act as a node of the Intranet 105 using an encryption technique such as, for example, the SSL encryption technique. The access server 113B may additionally provide a node management service and a repository service like the access server 113A.
Once a communication from a client computer has been decrypted and processed by an access server 113, it is then routed back through a switch 111 to a load balancer 109. The load balancer 109 directs the communication through a switch 115 to the Intranet 105. When a computer in the Intranet 105 responds to the communication from a client, the process is reversed to encrypt the outgoing response and transmit it to the client computer back through the Internet 103.
In the network 101, both the extranet Web service of the access server 113A and the virtual private network service of the access server 113B will generate an encryption “session” for related communications from a client computer. An encryption session, such as an SSL session, allows each client communication and reply associated with the session to be processed using encryption key information. A client computer could be required to authenticate itself for each domain, software service or network device it needs to access. Using authentication management software, a client computer may also authenticate itself only once per encryption session, i.e., during the initial communication, and the network access system may cache the authentication information for the session. The client computer can then include an identifier for the session in subsequent communications, rather than having to repeatedly submit its authentication information.
The network 101 may also employ the session identifier to accurately route a communication to the access server hosting the associated encryption session. More particularly, a communication from a client computer may include a virtual Internet protocol address or “VIP” address. This type of address is not associated with a particular computing device, but may instead be translated by a network address translation (NAT) process into one or more actual Internet protocol addresses for particular computing devices. When a load balancer 109 receives a communication, it checks the communication for a session identifier. If the communication includes a session identifier, then the load balancer 109 uses a lookup table to associate that session identifier with the actual Internet protocol address for the access server 113 hosting the corresponding encryption session. The load balancer 109 can then execute a network address translation that translates the virtual Internet protocol address into the actual Internet protocol address for the access server 113 hosting the session. If the communication does not include a session identifier, then the load balancer 109 will route the communication to any appropriate access server 113 based upon its load balancing algorithm.
While two load balancers 109 are illustrated in the communication network 101, only one load balancer 109 typically will operate at any time. More particularly, incoming communications may also employ a virtual media control access (MAC) address to access the network 101. As will be appreciated by those of ordinary skill in the art, the routers in the networks 101 and 105 will map an Internet protocol address to a media access control address associated with the hardware of a particular device using the address resolution protocol (ARP). The switches 107 and 115 will then passively map a media access control address to a switch port. Accordingly, the load balancer 109 which is acting as the primary load balancer 109 will associate itself with both the virtual Internet protocol address and the virtual media access control address. If the primary load balancer 109 fails, then the secondary load balancer 109 will associate itself with the virtual Internet protocol address and the virtual media access control address, ensuring that subsequent communications are routed to it and thereby taking over the load balancing responsibilities from the primary load balancer 109.
Because the primary load balancer 109 is responsible for directing incoming communications to the access servers 113, the primary load balancer 109 monitors the status of other components in the network 101. For example, the primary load balancer 109 may employ an interface monitoring service, which determines when a network pathway, such as an interface or switch port, fails. Thus, if the interface monitoring service determines that a network pathway to an access server 113 has failed, then the load balancer 109 will not direct client communications to that access server 113. The primary load balancer 109 may also employ a service monitoring service that determines when a service provided by the access servers 113 fails. If the service monitoring service determines that a particular service provided by an access server 113 has failed (e.g., a VPN service), then the load balancer 109 will avoid directing any communications requiring the failed service to that access server 113. The load balancer 109 may, however, still route other types of communications to that access server 113 if its other services (e.g., the repository service) have not failed.
While this arrangement has been successfully employed in a variety of networks, it has a number of disadvantages. For example, each component and each interface and connection between the different components the network 101 represents a point in the network 101 that can really fail. Thus, a single load balancer 109 has five points at which it functionality can fail. First, the load balancer 109 can itself fail. Second, the interface or connection of the load balancer with a switch 111 can fail. Third, a switch 111 can fail. Fourth, the interface or connection of the load balancer with a switch 115 can fail, and fifth, a switch 115 can fail.
In addition to the high number of failure points, the network 101 requires a great deal of effort from a network administrator or other person responsible for maintaining it. Each separate component must be installed, set up, assigned a network address, and maintained. Still further, the network 101 is very expensive.
For example, a single load balancer may cost several thousands of dollars. Having only a primary and a secondary (or backup) load balancer 109 can significantly add to the price of the network 101, and having additional backup load balancers 109 will further increase the price of the network 101.