Rawpixel - Fotolia
Whether it's terminating SSL connections for thousands of websites or maneuvering in the finicky world of Oracle databases, some IT shops turn to an open source alternative to AWS Elastic Load Balancing.
NGINX offers support for Server Name Indication (SNI), a mechanism in which a client indicates which server name it's attempting to contact as part of the handshaking process. This allows a server to present multiple Secure Sockets Layer (SSL) certificates on the same IP address, which is more efficient than a separate server for each SSL certificate.
That led Brandcast, a website design and publishing service based in San Francisco, to choose NGINX Inc., an open source alternative to AWS Elastic Load Balancing, about six months ago. NGINX open source is free, but Brandcast uses NGINX Plus, a product from NGINX, which starts at $1,500 a year.
"We host all the websites ourselves as well, so people will point their domain at us," said Justin Keller, senior DevOps engineer for Brandcast. "The problem with ELBs is you can have only one SSL certificate per ELB, and that doesn't scale because we have thousands of domains that point to us."
There are ways to make ELB support multiple servers from one IP address, such as subject-alternate names that host up to 100 different names on one certificate. AWS also has customers using ELB as a TCP load balancer, performing SSL themselves, including multiple certificates.
But neither of these alternatives was sufficient for Brandcast, which must accommodate thousands of domains.
NGINX isn't always a replacement for AWS Elastic Load Balancing, however.
FedBid Inc., a managed online marketplace for government, business and educational organizations based in Vienna, Va., has a cluster of application servers in different tiers, and uses ELB between those servers.
ELB is also the initial entry point into some of FedBid's applications. NGINX Plus is used primarily to maintain "sticky sessions" for Web customers, as well as some B2B customers, who may require static IPs to interface with FedBid.
"As a result of some limitations that we have with some of our clients, we don't leverage cookies extensively and rely on the JSESSIONID in WebLogic," said Rukevbe Esi, senior vice president of technology for FedBid. "We were not able to get sticky sessions to work [with ELB], given our architecture and design."
ELB does not have static IPs, which FedBid also needs. By contacting developer support, a customer can arrange to have their ELBs use a pool of stable IP addresses. But in FedBid's case, just one static IP was needed.
Carl Brooksanalyst, 451 Research
Meanwhile, client limitations also meant some difficulty with terminating SSL using NGINX for FedBid. Brandcast targets newer browsers, such as Safari, Firefox and Chrome, but not every legacy browser -- such as Internet Explorer on Windows XP -- supports SNI, so FedBid had to implement a separate NGINX instance for one customer.
These are specialized uses, but cloud consultants said NGINX is widely used in AWS shops alongside ELB.
"I use it all the time," said Patrick McClory, director of automation and DevOps for Datapipe Inc., a provider of managed hosting services for AWS based in Jersey City, N.J. "Most of my clients use it in some shape or form."
NGINX is most common in the "whiz-kid Web world," dealing with broadly distributed applications, where it can be finessed into a highly cost-performant Web-routing mechanism, according to Carl Brooks, analyst with New York-based 451 Research.
"It's an absurdly small and efficient piece of software," Brooks said. "If you have somebody smart who can do the math, it's a way to beat Amazon at its own game."
How to build scalable apps with AWS Auto Scaling
Elastic Beanstalk takes on AWS app deployment
AWS Elastic Beanstalk muddies the IaaS and PaaS waters