How To Increase Logging Performance & Save $100,000


As many CISOs out there know too well, web-accessed applications must provide logging to enable anti fraud and business context visibility on application activity. In many cases, those applications must also comply with government regulations. The implication is that an application must log and analyze transactions, preferably in real time.

For example, an online store that processes credit cards transactions online, must comply with PCI regulations, and log details of the transaction before it is completed. Financial services companies offering online banking capabilities must provide detailed information on every transaction that takes place – in real time, to back-end, anti-fraud solutions.

There is a multitude of ways for logging information from applications. In most cases, if not all, this involves a piece of software that runs in the web application server and extracts some basic information from the transaction (so as not to overload the server). Either this functionality is installed as a small agent in the server, or it is tightly integrated into the application. Regardless of the solution, the integration of this logging functionality into a live production environment is always risky and complex, requiring long staging and test cycles before it can go live, as does any change in what is being monitored.

What many are not aware of is the cost of the logging functionality. I am not talking about the integration cost of a monitoring solution, although it can also be high. What I am speaking of is the performance degradation that such a “small” program can have on any web server. This can be as much as 50% of the server’s resources. The reason monitoring solutions introduce such a heavy performance penalty is not because of the heavy processing required; normally the processing of this function is quite low. The performance hit is because of the high I/O usage any logging function requires as all transactions are written either in the local disk or in a network disk, introducing even more server delay.

The implication of this type of performance hit can be seen in three areas:

  1. The need for more servers to cover both the amount of application transactions needed to be processed and the logging of those transactions, meaning higher CAPEX. If the server runs an expensive software / application, it too increases the cost.
  2. More servers require a larger footprint effecting real estate, power, cooling and other maintenance costs resulting in higher OPEX
  3. Limitation on what can be logged based upon the server capacity risking compliance requirements. This results in reduced performance on an increased server load with additional heavy processing for the logging function.

By using a different approach, one can address all of the challenges mentioned above and more. Simply take the monitoring function out of the server into a passive dedicated network monitoring device which is smart enough to analyze the traffic, understand the transactions, and push in real time meaningful business events to your existing logging solution. The business motivation is clear and immediate: By offloading the monitoring function from the servers to external network device, servers can immediately handle more transactions, reducing the number of servers required to handle the same amount of traffic on your site.

Radware’s Inflight™ provides this solution. Inflight is an out-of-path network-based monitoring solution that captures all user transactions from network traffic and delivers real-time intelligence used in back-office business applications.

Let’s take an example from an actual Radware customer:

 

Server Infrastructure Value
Cost per server $5,000
Cost of power, cooling and space per server per month $220
Total number of web application servers 80
Server Performance
Average TPS per server 30
Logging performance penalty (in%) 30%
Monitoring Infrastructure Value
Total cost of Radware’s Monitoring Solution for this deployment’s capacity $80,000
Cost of power, cooling and space for monitoring infrastructure per month $200
Cost saving – CAPEX Value
Number of server saving (through logging offloading) 24
Total server CAPEX savings $120,000
Total cost of Radware’s Monitoring Solution for this deployment’s capacity $80,000
Total CAPEX savings (minus the Inflight cost) $40,000
Cost saving – OPEX Value
Server’s power, cooling, space cost savings per month $5,280
Cost of power, cooling and space for monitoring infrastructure per month $200
Total monthly OPEX saving with Inflight Monitoring Solution $5,080
1 year OPEX cost savings $60,960
Total savings after 1 year $100,960
Total savings after 2 years $161,920

This example illustrates the substantial savings by offloading the resource intensive logging function. As you can see, an 80 server installation can be reduced by 24, thus reducing the CAPEX by $40,000 and OPEX by $60,960 – yearly. The savings at the end of the first year is $100,960. This does not even include maintenance/support savings for the 24 servers. Clearly, the numbers provide a strong argument for offloading the logging function to a purpose built dedicated device that integrate seamlessly into the data center eco system.

Meryl Robin

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center