2. CONTENTS
2 Verisign Public | Verisign®
Dynamic Traffic Management
EXECUTIVE SUMMARY 3
Use-Case Examples: Improving Availability and Performance While
Enhancing the End User Experience..............................................................................3
Use Case #1: Enhance User Experience by Always Directing Queries
to Your Best-Performing Data Center, Cloud Platform Provider or CDN.....................4
Use Case #2: Avoid Outages by Using Data Center-Specific Health Data
and Network Intelligence ................................................................................................5
Use Case #3: Use Business Rules to Dynamically Choose the Right
Network and/or Cloud Platform at Any Moment............................................................6
Use Case #4: Differentiate Services According to the User’s Network or Location...7
Use Case #5: Minimize Environmental Impact as Part of a “Green” Data
Center Strategy................................................................................................................7
Choosing a Solution – Traditional Approaches to Traffic Management and
Why They’re Not Sufficient.............................................................................................8
Hardware-Based Solutions – Flexibility and Control, But at a Higher Price...............8
Cloud-Based Solutions – Fast and Scalable, But Not All are Created Equal..............9
Finding the Right Balance – Choosing the Right Provider..........................................9
Verisign Dynamic Traffic Management Service – The Best of Both Worlds..............10
Case Example: Viber Media Creates a Split DNS to Support Innovative
Mobile Service .................................................................................................11
ABOUT VERISIGN 12
3. Verisign Public | Verisign®
Dynamic Traffic Management 3
EXECUTIVE SUMMARY
Organizations with widely deployed network services often view Global Load
Balancing (GLB) as a routine operational function that keeps Internet traffic
running smoothly through their data centers, cloud platforms and content
delivery networks (CDNs). However, some new cloud-based GLB services can
elevate global load balancing from a supporting technical role to a versatile,
cost-effective solution for meeting strategic business goals and gaining a
competitive advantage.
The key to obtaining such benefits is being able to leverage virtually any criteria
(e.g., enterprise-driven metrics, real-time monitoring data and/or complex
business rules) to dynamically optimize traffic flow to websites, email servers,
mobile applications and other critical Internet services and applications. Until
recently, this capability was mainly limited to hardware-based solutions, which
prevented organizations from capitalizing on the advantages of the cloud.
Now, with the introduction of dynamically scripted GLB in the cloud,
organizations can have the best of both worlds.
As the operator of .com, .net, two of the Internet’s root servers and other top-
level domains, Verisign has gained unique expertise and invaluable insight into
the business and operational needs of customers. This paper draws on that
expertise and insight to outline five use-case examples of cloud-based GLB
solutions that leverage custom scripting and real-time data to globally balance
website traffic for the greatest business benefit. It also highlights some of the
key differentiators among various GLB solutions and introduces Verisign®
Dynamic Traffic Management, a service representing a new breed of GLB that
enables organizations to reap the benefits of working in the cloud while using
custom scripts to dynamically direct traffic according to their unique needs.
Use-Case Examples: Improving Availability and Performance While
Enhancing the End User Experience
Many organizations with a significant Web or Internet presence use one or
more data centers, CDNs and/or cloud platforms1
(or some combination of
the three) to publicly serve their websites, email applications, mobile offerings
and other Internet services. To optimize performance, increase availability
and reduce costs, these organizations use GLB to distribute workloads across
these resources.
As detailed on page eight (see Choosing a Solution), organizations have
traditionally been faced with using either complex and costly hardware-based
GLB solutions or statically configured cloud platforms that offer very little
flexibility and control. That is all changing with the emergence of new GLB
solutions that enable organizations to use custom scripts to easily incorporate
real-time, actionable information into cloud-based traffic management services.
1 Also called platform-as-a service, or PaaS
According to a 2014 Verisign-
commissioned survey of
400 IT decision makers,
the majority of companies
represented (80%) are
currently using hardware
for their GLB solution and
one-third of the companies
indicated that they would be
open to outsourcing their
DNS to gain the benefits of
cloud-based GLB.4
VERISIGN’S PROVEN DNS
INFRASTRUCTURE
Systems around the
world depend on the DNS
infrastructure that Verisign
operates to quickly and
reliably respond to .com
and .net queries. Over the
years, Verisign has invested
significantly in infrastructure,
people and processes to
produce reliable, resilient and
secure systems. In doing so,
it has maintained 100-percent
operational accuracy
and stability of the DNS
infrastructure for .com and
.net for more than 16 years.
4. 4 Verisign Public | Verisign®
Dynamic Traffic Management
The following use cases exemplify how global, complex organizations can
leverage the benefits of a dynamic cloud-based traffic management solution to
create a competitive advantage and meet strategic business objectives.
Use Case #1: Enhance User Experience by Always Directing Queries to
Your Best-Performing Data Center, Cloud Platform Provider or CDN
Problem: My users get slow service when they are directed to an overloaded
data center or an overloaded network link.
Solution: Dynamically direct user requests to less-busy or higher-performing
data centers.
Users will abandon a website in less time than the blink of an eye (literally) if
pages or content do not load as quickly as expected. In an early observation
on the relationship between site speed and revenue, Amazon noted that
every 100 milliseconds (ms) of latency cost the company one percent in
sales.2
Another company found that one additional second of latency resulted
in a 16-percent decrease in customer satisfaction, a seven-percent loss in
conversions and 11 percent fewer page views.3
In a typical GLB scenario, organizations might distribute user requests equally
among all their data centers or CDNs, or they might route requests based
on geographic proximity—regardless of a particular server’s current load or
capacity. The problem with these approaches is that they do not take into
account real-time conditions at a particular data center or network link. For
example, an organization with three data centers may continue to send users to
a data center that is very busy and slow, even though its two other data centers
could easily handle additional load.
In such cases, an organization could potentially shave seconds off of each
user’s wait time by configuring its GLB to leverage real-time—not historic—
performance data from network probes and server monitors to route the user
request to the resource(s) with the shortest latency/highest performance.
Besides reducing latency, this cloud-based approach can potentially reduce
the capital investment and operational costs associated with operating
multiple data centers, where each center is usually designed to accommodate
rarely reached peak demands for bandwidth and processing. Instead of
building each site to meet spikes in demand, organizations can use real-time
DNS DEFINED
The Domain Name System
(DNS) is the addressing
system that allows Internet
user requests to reach the
server instances that run
Web, email, media and other
applications or services. It
translates domain names
such as example.com into
numeric addresses that
servers and other devices
can use to establish a
connection between an end
user who enters a domain
name and his or her desired
destination (e.g., a website or
email address).
2 G. Linden, Amazon. Make Data Useful. 2008.
http://www.scribd.com/doc/4970486/Make-Data-Useful-by-Greg-Linden-Amazoncom
3 M. Nemschoff. MAPR Technologies. Time Is Money: Milliseconds Matter. December 2013.
http://www.mapr.com/blog/time-is-money-milliseconds-matter
Real or perceived delays in response time are a leading factor in
customer dissatisfaction and can significantly impact customer
interaction and revenue.
5. Verisign Public | Verisign®
Dynamic Traffic Management 5
information to route users to the best-performing resource during peak activity
so that no single data center experiences the full impact of peak demand.
Use Case #2: Avoid Outages by Using Data Center-Specific Health
Information and Network Intelligence
Problem: Availability is a high priority. An outage or attack would be disastrous
for our organization and our customers.
Solution: Divert traffic to unaffected data centers, CDNs or cloud-based
services as soon as symptoms of latency or failure appear.
In terms of user experience and productivity, availability is as important as
performance. Customers may permanently abandon an unavailable website,
mobile application or Internet service—or spend their dollars elsewhere—in the
time it takes to restore services. Amazon’s main website went down for about
45 minutes in August 2013; industry estimates of associated losses ranged
from $2-5 million.
To avoid outages that could impact service availability, organizations can
dynamically route traffic based on data center health information or other
criteria. Organizations that operate their own data centers, for example, can
write scripts that use server health metrics—for CPU and chassis temperature,
disk and array status, power supply status, disk space, memory utilization,
performance and so on—to proactively identify potential problems and
determine whether a service instance should receive traffic. Instead of waiting
until an outage occurs, the organization can use the GLB solution to divert traffic
to another data center as soon as symptoms of an eminent failure are detected.
User Location
Verisign Dynamic Traffic
Management Platform
End User
Servers
CDN Pricing
3rd-Party Monitoring
Cloud DC-SF DC-NY
Recursive
Server
Enterprise Criteria
As depicted in the above graphic, Verisign DTM directs end users to a data center or cloud platform based on an organization’s business
rules as captured in a DTM script. Multiple factors, such as performance metrics, CDN pricing, user location or nearly any other
enterprise criteria can be scripted to determine DNS responses.
6. 6 Verisign Public | Verisign®
Dynamic Traffic Management
Similarly, organizations that rely on third-party data centers, cloud platforms or
CDNs can leverage third-party Internet monitoring services and other external
data to circumvent data centers, cloud platforms, CDNs or other resources that
are not working properly.
Finally, if an organization wants a cost-effective disaster recovery solution to
avoid disruptions to email, mobile applications, websites and other services in
the event of data center failure (or downtime related to routine maintenance),
it can dynamically configure a GLB solution to divert traffic to a cloud-based,
hosted backup solution until services return to normal. As a business continuity
solution, this approach would typically use a configuration where the backup
platform continuously maintains an exact mirror of the primary data center.
Use Case #3: Use Business Rules to Dynamically Choose the Right
Network and/or Cloud Platform at Any Moment
Problem: We use multiple providers for CDNs and cloud platforms around
the world, each with different pricing and regional performance. We want to
provide a great user experience at the lowest possible cost.
Solution: Leverage performance, pricing, geographic information and other
data to route traffic to the right CDN and/or cloud platform at the best price.
Cloud Platform and CDN vendors base fees on a range of variables, including
bandwidth usage, number of HTTP requests and the geographic region where
the content is served. In most cases, billing models include usage tiers, where
the cost for each transferred gigabyte (GB) decreases as bandwidth usage
increases. These models may include options to commit to a minimum monthly
usage to receive even larger discounts. Pricing models may also include
different classes of service (e.g., delivering content with lower or higher latency
at a correspondingly higher or lower cost). Finally, some vendors do not charge
fees but their service may have performance and availability limitations.
Organizations can use dynamically updated information—including usage,
performance monitoring, pricing and other parameters—to strategically route
traffic through the lowest-cost vendor, while also considering performance,
security and other business drivers. Optimizing global load balancing in this
scenario offers the following types of flexibility:
•• Use free or low-cost suppliers (which may not offer service-level guarantees
regarding latency/performance) for lower-value content or during non-peak
According to a Verisign-commissioned survey of 400 IT
decision-makers, 58 percent of respondents use a CDN. Among
respondents who use a CDN, 75 percent use more than one.4
4 Merrill Research. Verisign MDNS Traffic Management Study. February 2014.
7. Verisign Public | Verisign®
Dynamic Traffic Management 7
hours, when performance is more likely to meet acceptable levels, or when
third-party performance monitoring indicates acceptable performance.
•• Use premium or high-cost suppliers when low latency/high performance
is a priority.
•• Use country- or region-specific suppliers to take advantage of lower prices
and reduce latency.
•• Monitor usage patterns across suppliers and then strategically distribute
traffic to reduce costs (e.g., by meeting monthly minimums for usage or
moving into a cheaper pricing tier).
Use Case #4: Differentiate Services According to the User’s Network or
Location
Problem: We need to differentiate service and billing depending on which
network or region the user is coming from.
Solution: Use dynamic GLB to base DNS responses on the source IP address
of the DNS resolver.
In some cases, it may be advantageous or necessary to create a split DNS
system that bases DNS responses on the source IP address of the resolver—
that is, the IP address of the device or service making the request. For example,
an organization might want to differentiate services for partners without requiring
users to perform additional steps during login. Most large companies have their
own domain name resolvers, which translate URLs (e.g., for employee email
addresses or mobile devices) into Internet Protocol (IP) addresses and enable
the GLB system to identify devices, services, and users from their organization.
In these scenarios, organizations can dynamically configure GLB to identify the
partner’s employees and route requests accordingly.
Use Case #5: Minimize Environmental Impact as Part of a “Green” Data
Center Strategy
Problem: As part of our strategy to environmentally optimize or “green” data
center operations, we want to improve resource utilization and reduce our
energy usage footprint.
Solution: Identify the key variables that impact resource consumption,
and then leverage relevant data to route traffic in a way that minimizes the
environmental impact.
Many data centers run servers 24/7 to accommodate bursts in activity and
ensure that services are always available to customers. In many cases, the
need to meet customer expectations for immediate service results in over-
provisioning and under-utilization. In other cases, peak loads generate
excessive heat, forcing data centers to increase cooling. The environmental
cost of powering, cooling and housing these servers is high, and many
organizations are implementing policies to minimize the environmental impact
of their operations.
CDN DEFINED
Content delivery networks
(CDNs) are large distributed
systems for delivering
content to end users. CDNs
have evolved from hosting
primarily voice, audio, video
and other media-rich content
to serving almost any kind
of content, application or
service—from streaming
media and downloadable
software to social
networks and e-commerce
transactions. Because CDNs
rely on servers distributed
across multiple data
centers, they tend to offer
better performance, higher
availability and greater DDoS
attack resilience than an in-
house solution.
8. 8 Verisign Public | Verisign®
Dynamic Traffic Management
According to an author of a July 2012 report on data centers and the
environment,5
“IT efficiency (which includes higher utilization and performance
improvements as well as purchasing efficient hardware) is the most important
issue on which to focus.”6
By dynamically managing GLB, organizations can potentially reduce their
environmental footprint in the following ways:
•• Use relevant real-time data (e.g., usage, data center temperature and power
consumption) to optimize data center loads so that all data centers operate
more efficiently and with lower power consumption.
•• Maximize use of data centers that run on “cleaner” sources of power (e.g.,
hydro-electric vs. coal).
Choosing a Solution – Traditional Approaches to Traffic Management and
Why They’re Not Sufficient
Until recently, global organizations seeking a GLB solution have had to
choose between either rich-featured but high-cost hardware solutions or easily
deployed, highly scalable cloud-based solutions that offer cost savings and
high availability but are limited in terms of functionality. Fortunately, global
companies no longer have to compromise on one or the other. Organizations
can now consider a third option that allows them to more easily and cost
effectively advance their strategic business goals: a cloud-based GLB solution
that enables them to dynamically create custom scripts that incorporate their
unique criteria.
Hardware-Based Solutions – Flexibility and Control, But at a Higher Price
As with any in-house solution, organizations that implement and manage
their own GLB appliances face significant capital expenditures and ongoing
operational costs for maintenance, updates and upgrades. Planning,
implementation and deployment can take weeks or months, and each of these
phases requires experienced personnel. As the organization expands, it must
invest in more hardware to scale sufficiently. Conversely, if the organization
reduces in size it must still maintain the over-provisioned solution. In addition,
because traffic is funneled to one “location,” GLB appliances can become
a single point of failure in the event of a distributed denial of service (DDoS)
attack. To counter this vulnerability, organizations can add redundant global
load balancers, but this too increases complexity and cost.
While GLB appliances offer more flexibility and control than most cloud-based
solutions, they require experienced personnel to customize them as well as
training and support to manage them. When properly configured, though, they
can take into account dynamic, real-time input from performance monitoring
tools and other data sources, and then direct traffic to the resource with the
least latency/best performance.
5 E. Masanet, et al. Nature. Characteristics of low-carbon data centres. July 2013.
http://www.nature.com/nclimate/journal/v3/n7/full/nclimate1786.html
6 Report: IT Devices Are the Key to Greener Data Centers. Accessed March 2014.
http://gigaom.com/2013/06/27/report-efficient-it-devices-are-the-key-to-greener-data-centers/
9. Verisign Public | Verisign®
Dynamic Traffic Management 9
Cloud-Based Solutions – Fast and Scalable, But Not All are
Created Equal
Cloud-based GLB solutions are virtual services deployed over the Internet
as a service (also known as software-as-a-service, or SaaS). Within a cloud
computing environment, they are considered SaaS in that the applications do
not reside on an organization’s internal system. The services do not require
capital expenditures and can often be implemented quickly and easily. Since
most cloud pricing models are based on usage, organizations can easily scale
cloud solutions up or down in accordance with current business conditions. In
addition, most cloud providers have global infrastructures, which provide scale
and redundancy to help ensure high availability and resilience when under
DDoS attack.
Despite the advantages of the cloud, most traditional cloud GLB solutions are
statically configured, meaning organizations cannot use real-time information
to inform and direct traffic management. Without the capability to respond
to current conditions and dynamically configure GLB, organizations lose the
opportunity to address strategic business goals.
Finding the Right Balance – Choosing the Right Provider
A few cloud GLB providers are beginning to offer dynamic configuration
and other more advanced traffic management capabilities. One of the key
differentiators of these solutions is the ease with which organizations can
develop custom scripts, link to existing business rules or leverage solution
templates to meet their specific traffic management requirements at any
given moment. When shopping for a cloud-based, dynamic GLB solution,
organizations should consider these and other differentiators:
•• Proven, reputable provider – What is the provider’s core competence
or area of expertise? How many years of experience does it have running
mission-critical infrastructure? How seasoned is its leadership team and
what kinds of changes has it undergone that might impact its nimbleness
and longevity? Can you trust the vendor to provide the correct responses
and routing to your Internet-based services and applications?
•• Capability to support unlimited and unique scenarios – How flexible and
customizable is the solution? How easily can it be configured to integrate
with internal and external monitoring tools, business rules, and other data?
Can it be used to manage dynamic content? How easy is it to write scripts
(custom code) for various traffic management scenarios, and what kind of
support does the provider offer in terms of developing custom scripts?
•• Robust global infrastructure – How does the provider ensure high
performance, scalability, redundancy, availability and security? From how
many data centers or locations does it operate, and where?
•• Performance and outage record – What service levels does the provider
offer, and what is its history of meeting them? How many outages has it had,
what was the duration, and what was impacted? What is the average/mean
latency of request resolution?
DDoS DEFINED
A denial of service (DoS)
attack occurs when traffic
is sent from one host to
another computer with the
intent of disrupting an online
application or service. A
distributed denial of service
(DDoS) attack occurs when
multiple hosts (such as
compromised PCs) are
leveraged to carry out and
amplify an attack. Attackers
usually create the denial of
service condition by either
consuming server band-
width or by impairing the
server itself.
10. 10 Verisign Public | Verisign®
Dynamic Traffic Management
•• Support for global load balancing between CDNs or other platforms –
Some providers’ GLB features only work within their own platforms.
Can you use the solution to balance load across multiple CDNs or other
cloud platforms?
•• DNS capabilities – Does the potential provider manage its own DNS, and
if not, how does it address DNS-associated latencies? If the provider does
not operate its own DNS, DNS resolution may require an extra lookup to
reach an authoritative DNS server. This added step may increase latency
during routing.
•• Customer support – What levels of support does the provider offer for
sales, provisioning and problem resolution?
Verisign Dynamic Traffic Management – The Best of Both Worlds
Verisign Dynamic Traffic Management is a cloud-based, Global Load
Balancing (GLB) solution that optimizes network availability, improves
performance, and enhances the user experience, while enabling organizations
to quickly, easily and cost-effectively scale network services up or down based
on their unique business needs.
Unlike other solutions for GLB, Verisign Dynamic Traffic Management offers
a unique combination of custom, script-based traffic routing; DDoS attack
resilience in the cloud; and Domain Name System Security Extensions
(DNSSEC) capabilities. Organizations can utilize pre-developed templates or
easily design their own custom scripts to integrate virtually any criteria (e.g.,
third-party monitoring data, enterprise-driven metrics and complex business
rules) and quickly develop traffic management configurations to meet an
unlimited range of scenarios. In addition, the service is built on Verisign’s highly
available, trusted and globally deployed DNS infrastructure and is supported
by seasoned professionals with deep expertise in their field. Using the service,
global organizations maintain the flexibility and control of traditional hardware-
based solutions, while gaining the scalability, availability, security and cost
benefits of cloud-based solutions.
According to a 2013 Traffic
Management survey
conducted by Merrill
Research, two out of five of
the 400 respondents indicated
that improved performance
was the main reason for
making the move to a cloud-
based GLB solution.4
THE VERISIGN ADVANTAGE:
Respond dynamically to
traffic management needs
Increase availability
Improve performance by
reducing latency
Provide the best user
experience via truly global
load balancing
Lower total cost of
ownership (TCO)
Scale up or down as needs
evolve
Increase resilience against
DNS-based DDoS attacks
Partner with a trusted
provider of critical Internet
and security infrastructure
services
Rely on technology and
expertise developed through
managing .com and .net with
operational accuracy and
stability for more than 16
years
P
P
P
P
P
P
P
P
P
11. Verisign Public | Verisign®
Dynamic Traffic Management 11
Case Example: Viber Media Creates a Split DNS to Support Innovative
Mobile Service
Viber is a downloadable mobile application from Viber Media that allows more
than 200 million users in nearly 200 countries to make phone calls and send
text messages to other Viber customers for free. Viber Media also supports low-
cost calls between Viber and non-Viber customers, and partners with mobile
phone carriers to offer innovative services. The company utilizes multiple
data centers, CDNs and cloud platforms (i.e., PaaS) around the world, and it
generates all of its revenue online.
As part of its business strategy, Viber Media needed a way to allow mobile
phone carriers to offer Viber to their subscribers for free, without having Viber
usage count toward a subscriber’s paid-for data allowance. Specifically, Viber
Media needed to identify when Viber customers were using the Viber app on a
smart phone associated with one of its mobile carrier partners. In such cases,
Viber Media would instruct the carrier not to charge the end user for the data
minutes associated with his or her use of the Viber app.
The company needed a GLB solution that could recognize, based on IP address,
DNS queries from end users using one of its partner’s mobile phones. It had not
been able to find a GLB provider who could meet this unique requirement until it
joined the Verisign Dynamic Traffic Management launch program.
Stas Goshtein, who manages Viber Media’s IT infrastructure, explains, “Verisign
is a trusted, proven name in Internet infrastructure and cyber security services.
When working with DNS, you need a provider who is reliable and who you can
trust. That’s why we chose Verisign.”
Given the potential impact that misrouted queries and responses could have
on Viber Media’s partners, it was essential that custom scripts were properly
written. Says Goshtein, “The whole migration team at Verisign was very helpful
and sensitive to our needs. Every change and every detail was made with great
care.” Although the new solution is in its early stages, Verisign’s deep expertise
in DNS operation, history of successful innovation, and proven infrastructure
help ensure that Viber Media is well poised to serve its customers and partners.
12. 12 Verisign Public | Verisign®
Dynamic Traffic Management
For more information on DTM use cases, watch the video.
For more information about Verisign Dynamic Traffic Management, please
contact Verisign at VerisignInc.com/dtm.
ABOUT VERISIGN
As the global leader in domain names, Verisign powers the invisible navigation
that takes people to where they want to go on the Internet. For more than
16 years, Verisign has operated the infrastructure for a portfolio of top-level
domains that includes .com, .net, .tv, .cc, .name, .jobs, .edu and .gov, as well
as two of the world’s 13 Internet root servers. Verisign’s Network Availability
product suite also includes Managed DNS Services, Distributed Denial
of Service (DDoS) Protection Services and iDefense Security Intelligence
Services. To learn more about what it means to be Powered by Verisign, please
visit VerisignInc.com.
This document may provide hyperlinks to third-party Web sites or access to third-party content. Verisign
has not reviewed all of these third-party sites, and does not control, endorse, or guarantee content
found in such sites. You agree that Verisign does not make any representations about such sites or their
information, software, products, services, or materials, and is not responsible for any content, associated
links, resources, or services associated with a third-party site. You further agree that if you should access
any of the third-party Web sites linked in this document, you do so at your own risk, and Verisign shall
not be liable for any loss or damage of any sort associated with your use of third-party content. Links and
access to these sites are provided for your convenience only.