Content Delivery Networks (CDNs) and Application Delivery Controllers (ADCs) have many similarities and many differences. We are often asked about various CDNs and how they work with or compete with Snapt’s ADCs. Below we discuss the primary differences between a CDN like Cloudflare and an ADC like Snapt Aria or Snapt Nova.
CDNs provide security in a distributed fashion and traffic optimization at the edge closer to clients. ADCs provide security, advanced visibility, monitoring, and load balancing capabilities in your data center infrastructure.
|ADCs are located within your infrastructure and as close as possible to your servers.||CDNs are located outside your infrastructure and as close as possible to the end-user.|
|Fully featured and provides monitoring, full Layer 7, and support.||Basic load balancing functions located outside your data center; is great for co-location load balancing.|
|Rewrites, optimize, and caches page content.||Rewrites and optimizes page content, and caches content much closer to the end-user.|
|Provides SSL and WAF. Will protect during a DoS attack.||Provides full protection against DDoS attacks.|
|In-depth and live monitoring of performance, stats, and metrics.||Much less accurate due to Internet latency between CDN infrastructure and your data center.|
|Provides redundancy in your data center infrastructure.||None: CDNs cannot assist here as they are located outside your data center.|
Location and Purpose
Location, location, location: the first and most critical difference between CDNs and ADCs is their location. A CDN needs to sit as close as possible to the end-user (the client), while an ADC needs to sit as close as possible to your servers (the host). This is because of a fundamental difference in design: CDNs move content to the edge, while ADCs protect, optimize, and accelerate the actual servers.
This difference is a key reason why they work so well together.
As a result of their different locations and core functionalities, an ADC will have far more advanced and detailed load balancing, metrics, monitoring, and acceleration, while a CDN can use those optimized objects and correct headers to cache the content at the edge. This is a complementary relationship and a reason why many applications benefit from both an ADC and a CDN together.
Load Balancing and High Availability
Usually, a CDN provider will include a basic load balancer that exists outside your data center. This is one of the reasons why they are great for co-location load balancing. However, if you maintain your own data center or use a public cloud, then a CDN’s basic load balancer is likely to be insufficient or will not apply to your use case.
An ADC deployed in your application environment (in your data center or cloud) can usually provide full redundancy and Layer 7 monitoring, ensuring fast response times, and providing detailed visibility of server health.
Web Content Acceleration
Most of the time, both the ADC and CDN will offer web acceleration (rewriting and optimizing the content of your page). However, due to their different designs and locations, there are certain components that an ADC can fulfill and certain components a CDN can fulfill.
An ADC is able to optimize web content more aggressively and allows for additional customization and tweaking.
The CDN fulfills the crucial role of ensuring the content stays optimized and close to the end-user. For example, a CDN will serve European users from Europe, regardless of where your server is.
However, you would normally want an ADC and a CDN to work together to accelerate web applications, combining the benefits of both.
Security and DoS Protection
Location is again an important factor in the type of security ADCs and CDNs can provide.
No ADC can truly prevent a DDoS attack. This is because ADCs are located within your infrastructure, and if a DDoS attack reaches your infrastructure it can be extremely difficult to mitigate it effectively. For example, if you have a 10Gbe link and you get 100Gbe of traffic from a DDoS attack, your pipeline would be full (and unable to serve requests from legitimate traffic) even if your ADC mitigated the attack.
You need a powerful CDN standing between your infrastructure and the multiple attack vectors. This is where a CDN shines. It provides a strong defense against DDoS attacks because it is separated from your infrastructure, and DDoS protection is usually free with most CDN providers.
What an ADC offers is SSL and Web Application Firewall (WAF) security within your own infrastructure, as well as application-specific DoS attack prevention. ADCs provide protection against more focused attacks on your website (eg. Slowloris or port exhaustion).
You would normally want to combine the focused protection of an ADC in your infrastructure with the powerful defense of a CDN outside your infrastructure.
When it comes to visibility and alerts, an ADC provides detailed, in-depth, and live monitoring of performance, stats, and metrics.
For example, after a system update, the Snapt Aria ADC notifies you via a Slack channel that one of your web servers was responding 500ms slower than the rest on average. You can then log in and view live traffic, response codes, which URLs are slow and much more.
This is something that CDNs cannot provide. For visibility into your network and applications, you need an ADC.
ADCs vs CDNs: in summary
ADCs and CDNs are complementary services - not competing ones.
If you want your application to benefit from focused load balancing, high availability, security, and visibility, then you need an ADC.
If you want your application to benefit from content caching close to the end-user and DDoS protection that's removed from your own infrastructure, then you need a CDN.
In most cases, an application will benefit from both, so you should look for an ADC and CDN that work well together.
Want to find out how ADCs and CDNs can work for you? Book some time with the team.