Rawpixel - Fotolia

NGINX serves up alternative to AWS Elastic Load Balancing

AWS customers are working around the limitations of AWS Elastic Load Balancing using an open source product.

Whether it's terminating SSL connections for thousands of websites or maneuvering in the finicky world of Oracle databases, some IT shops turn to an open source alternative to AWS Elastic Load Balancing.

NGINX offers support for Server Name Indication (SNI), a mechanism in which a client indicates which server name it's attempting to contact as part of the handshaking process. This allows a server to present multiple Secure Sockets Layer (SSL) certificates on the same IP address, which is more efficient than a separate server for each SSL certificate.

AWS Elastic Load Balancing (ELB) does not support SNI, and some AWS customers said they have been waiting for it since last year.

That led Brandcast, a website design and publishing service based in San Francisco, to choose NGINX Inc., an open source alternative to AWS Elastic Load Balancing, about six months ago. NGINX open source is free, but Brandcast uses NGINX Plus, a product from NGINX, which starts at $1,500 a year.

"We host all the websites ourselves as well, so people will point their domain at us," said Justin Keller, senior DevOps engineer for Brandcast. "The problem with ELBs is you can have only one SSL certificate per ELB, and that doesn't scale because we have thousands of domains that point to us."

There are ways to make ELB support multiple servers from one IP address, such as subject-alternate names that host up to 100 different names on one certificate. AWS also has customers using ELB as a TCP load balancer, performing SSL themselves, including multiple certificates.

But neither of these alternatives was sufficient for Brandcast, which must accommodate thousands of domains.

NGINX isn't always a replacement for AWS Elastic Load Balancing, however.

FedBid Inc., a managed online marketplace for government, business and educational organizations based in Vienna, Va., has a cluster of application servers in different tiers, and uses ELB between those servers.

ELB is also the initial entry point into some of FedBid's applications. NGINX Plus is used primarily to maintain "sticky sessions" for Web customers, as well as some B2B customers, who may require static IPs to interface with FedBid.

ELB supports sticky sessions, which use an indicator in the URL for a request, which sends it to a specific server instance on the back end. But ELB uses cookies, which don't jibe with the WebLogic middleware layer in the company's customer-facing Oracle application.

"As a result of some limitations that we have with some of our clients, we don't leverage cookies extensively and rely on the JSESSIONID in WebLogic," said Rukevbe Esi, senior vice president of technology for FedBid. "We were not able to get sticky sessions to work [with ELB], given our architecture and design."

ELB does not have static IPs, which FedBid also needs. By contacting developer support, a customer can arrange to have their ELBs use a pool of stable IP addresses. But in FedBid's case, just one static IP was needed.

If you have somebody smart who can do the math, it's a way to beat Amazon at their own game.
Carl Brooksanalyst, 451 Research

Meanwhile, client limitations also meant some difficulty with terminating SSL using NGINX for FedBid. Brandcast targets newer browsers, such as Safari, Firefox and Chrome, but not every legacy browser -- such as Internet Explorer on Windows XP -- supports SNI, so FedBid had to implement a separate NGINX instance for one customer.

These are specialized uses, but cloud consultants said NGINX is widely used in AWS shops alongside ELB.

"I use it all the time," said Patrick McClory, director of automation and DevOps for Datapipe Inc., a provider of managed hosting services for AWS based in Jersey City, N.J. "Most of my clients use it in some shape or form."

NGINX is most common in the "whiz-kid Web world," dealing with broadly distributed applications, where it can be finessed into a highly cost-performant Web-routing mechanism, according to Carl Brooks, analyst with New York-based 451 Research.

"It's an absurdly small and efficient piece of software," Brooks said. "If you have somebody smart who can do the math, it's a way to beat Amazon at its own game."

Next Steps

How to build scalable apps with AWS Auto Scaling

Elastic Beanstalk takes on AWS app deployment

AWS Elastic Beanstalk muddies the IaaS and PaaS waters

Dig Deeper on AWS instances strategy and setup