Content Delivery Infrastructure Updates #5


Nginx Plus vs. F5 Big IP and Citrix Net Scaler

Nginx has posted two cost-benefit analyses of its Nginx Plus versus other hardware application delivery controllers (ADC), namely F5 Big IP and Citrix Net Scaler. Unsurprisingly, it found that Nginx Plus provided significant performance gains while cutting costs.

When compared with the functioning of F5 Big IP appliances on commodity hardware, Nginx Plus was found to meet or exceed performance while providing up to 85% savings in terms of cost. The three performance metrics it utilized in its analysis were HTTP requests per second, SSL/TLS transactions per second, and HTTP throughput.

Specifically, Nginx compared F5’s entry level, mid-range, and high-end ADP’s to comparable Nginx Plus use cases. In each comparison, Nginx was found to provide 75%-85% in cost savings while performing roughly equally to or better than F5 on performance metrics.

The key to its success? Nginx attributes it to the fact that it doesn’t bundle hardware with software and impose artificial performance caps to its software, allowing customers to select hardware provisions according to their needs.

Nginx ran through the same performance-cost analysis with Citrix Net Scaler and found that clients could save up to 89% in costs without sacrificing performance. This translates to potentially tens of thousands of dollars in savings when using Nginx Plus for roughly the same performance as a comparable edition of Citrix Net Scaler.

Nginx Plus, however, also has the added bonus of undeniably superior HTTP throughput performance, providing 20-30 Gbps, compared to the relatively moribund 0.5-6 Gbps range that Citrix provides. In summary, Nginx Plus provides better price-performance numbers and equivalent, if not superior, performance than comparable ADCs.

Imperva – Top 4 Flaws in HTTP/2

Imperva’s latest Hacker Intelligence Initiative Report outlines four high-profile flaws in the HTTP/2 World Wide Web next generation protocol. In particular HTTP/2 introduces new innovations and mechanisms that increase the attack surface and exposure of business critical web infrastructure.

In its analysis, Imperva was able to locate exploitable vulnerabilities in every major underlying mechanism of various HTTP/2 server implementations. It surmises that other similar HTTP/2 implementations will suffer from such vulnerabilities.

The findings are troubling and worth considering given the exponential rate at which HTTP/2 protocol is being adopted, currently accounting for nearly 9% of all websites.

“The general web performance improvements and specific enhancements for mobile applications introduced in HTTP/2 are a potential boon for internet users,” said Amichai Shulman, co-founder and CTO of Imperva. “However, releasing a large amount of new code into the wild in a short time creates an excellent opportunity for attackers. While it is disturbing to see known HTTP 1.x threats introduced in HTTP/2, it’s hardly surprising. As with all new technology, it is important for businesses to perform due diligence and implement safeguards to harden the extended attack surface and protect critical business and consumer data from ever-evolving cyber threats.”

In particular, there were four high-profile vulnerabilities that the Imperva report highlighted that were found in HTTP/2 server implementations from popular web ser Nginx, Apache, IIS, Jetty, and nghttp2.

  1. Slow Read- The Imperva Defense center identified various iterations of the slow read vulnerability, which calls on malicious clients to read responses very slowly, in many popular web servers.
  2. HPACK Bomb- An attacker sends seemingly innocuous and compact messages to a victim server. Upon entry the messages convert into gigabytes of data, eating up server memory.
  3. Dependency Cycle Attack – This attack preys on a new flow control mechanism that HTTP/2 introduces. The exploit uses requests that induce an infinite dependency cycle, crippling the server as it struggles to process these dependencies..
  4. Stream Multiplexing Abuse – A malicious client takes advantage of flaws in stream multiplexing functionality, crashing the server and denying service to legitimate users.

Nginx wrote up a blog post in which it hastened to add that it performed well relative to its peers. Its HTTP/2 server implementation was found to immune to 3 of the 4 flaws outlined above, only suffering from slow read vulnerability which allowed denial of service attacks to succeed. Once the fault was reported, Nginx implemented fixes and has reported that none of its current versions have slow read vulnerabilities. That being said, Nginx recommends that clients using older HTTP/2 implementations upgrade to newer versions.

Open-source Video Platform Kaltura Raises $50MM from Goldman Sachs and Plans to Go Public

Kaltura is a New York-based video platform that allows clients to manage, analyze, and monetize online video offerings. To this end, it also offers a suite of API’s that allow for transcoding, distribution, etc. according to Venture Beat. In anticipation of plans to go public and IPO, Kaltura has raised $50 million in capital from Goldman Sachs’s Private Capital Investment Group, which it calls pre-IPO funding. Prior to this infusion, Kaltura reported that it had raised approximately $115 million in funding rounds.

It serves video streaming software to a diversified range of prominent clients from various industries, including HBO, Time Warner, Viacom, Intel, SAP, and Oracle, which was one of the reasons Goldman Sachs cited in explaining its decision to directly invest in Kaltura.

In a press release, Kaltura CEO Ron Yekutiel commented that “Video is booming — it is the favorite data type for communication, collaboration, teaching & learning, marketing, and entertainment. Kaltura is in a unique position to capitalize on this huge market opportunity since it provides the broadest set of video products and capabilities to customers across all industries.”

While the company has yet to confirm a date for its upcoming IPO, it has announced that it will spend the investment on expanding its presence globally.

CenturyLink Selling Its Data Centers

CenturyLink is planning on selling off its data center assets by the end of this fiscal year, its CEO has confirmed, according to an article in Fierce Telecom. It is currently discussing and negotiating the finer points of the sale with a group of contenders, according to CEO Glen Post, and is nearing a final deal in which it would completely sell off its data center business.

While it is conjectured that the extra liquidity from the asset sale could free up funds to invest in network virtualization and broadband, Post has yet to confirm how the proceeds would be used.

Post also floated a couple of other possibilities including paying down debt: “We’ll obviously consider a number of alternatives, stock buybacks, debt reduction, investment and strategic services, and other possible areas…we’re waiting until we get a little closer to the close to really decide how to best spend those funds. Our primary goal will be to utilize the cash in the very most effective way we can to drive long-term shareholder value.”

If negotiations fall through, Post suggested in an earnings call with investors that the company would seek partnerships to jointly run the data centers in order to drive down costs. Colocation revenues have been stagnating recently so that may prove to be a difficult proposition. The move may presage similar moves from telcos that are involved in the data center business, such as Verizon.

Rackspace Going the Private Equity Route

Rackspace is nearing a the completion of a deal to be acquired by Apollo Global Management for as much as $3.5 billion. Rackspace Hosting Inc. is a U.S. cloud services provider and manager whose acquisition would help Apollo deepen its holdings and investment in the technology sector.

Rackspace had struggled to compete in the past as its prices are being undercut by larger cloud providers such as Amazon Web Services, Google, and Microsoft. SDX Central reports that in response to the situation, Rackspace moved to partner instead with the likes of Microsoft and AWS and revamp its cloud offerings so that corporate clients could seamlessly set up OpenStack clouds. Rackspace’s adjusted EBITDA in 2015 amounted to $678 million. The company’s shares spiked 11% following news of the deal.

Google Moves Into Cloud Billing and Selling By Acquiring Orbitera

Orbitera is the latest company to be absorbed into the ever-growing colossus that is Google. According to a report by Recode, Google’s Enterprise cloud and apps unit has been the most rapacious and acquisitive. Orbitera, which automates billing and selling process in the cloud, will diversify Google’s cloud offerings, expanding its client base and allowing it to compete more effectively with AWS.

According to Google’s announcement, “Orbitera provides a commerce platform that makes buying and selling software in the cloud simple, seamless and scalable for all kinds of businesses, including independent software vendors, service providers and IT channel organizations.” Google also touted the fact that Orbitera had launched 60,000+ enterprise stacks for the likes of Adobe, Oracle, and Megalogix.

Techcrunch is reporting that the sale was for $100 million plus, according to its sources. What these small-scale acquisitions do, however, is round out Google’s cloud offerings, increasing interoperability and expanding its cloud, marketing, and apps technology.

Scroll to Top