An application delivery controller (ADC) is like an advanced server load balancer. An ADC routes traffic to available destination servers based on health checks and load-balancing algorithms. ADCs improve application availability and performance, which directly improves user experience.

The physical distance between clients and the servers in your backend server farm has a significant impact on server response times. Besides physical distance, the most important factors contributing to server performance are:

The purpose of an ADC is to give you multiple methods for optimizing server response times and server capacity.

After you have deployed an ADC, traffic is routed to the ADC virtual server instead of the destination real servers. Figure 21 shows an example of a typical load balancing deployment. The FortiADC appliance is deployed in front of a server farm, and the network interfaces are connected to three subnets: a subnet for management traffic; a subnet that hosts real servers A, B, and C; and a different subnet that hosts real servers D, E, and F. The FortiADC system performs health checks on the real servers and distributes traffic to them based on system logic and user-defined settings.

Optionally, you can further improve application performance by offloading system processes from the server and having them handled transparently by the ADC. Server tasks that can be handled by the FortiADC appliance include SSL encryption/decryption, Gzip compression, and routing processes, such as NAT.

Figure 22 shows the order in which the FortiADC features process traffic that the appliance receives in the client to server direction. If SNI or SSL decryption is applicable, the system acts on those exchanges before processing the load balancing rules. If a caching rule is applicable, the FortiADC cache serves the content and the request is not forwarded to a backend server. If the system selects a server based on a persistence rule or content route, the load balancing rules are not applied. After selecting a server, the system performs any rewriting and re-encryption actions that are applicable, and then forwards the packets to the selected server.

 

Figure 23 shows the order in which the system modules process traffic that the appliance receives in the server to client direction.