Varnish Enterprise Feature Migration From Varnish Cache

Varnish Enterprise Feature
Migration From Varnish Cache
Yusuf Hadiwinata - PT Biznet Gio Nusantara
www.biznetgio.com

We are Indonesian Cloud Computing Company
that provides flexible and reliable infrastructure
solutions.
Established in 2014, as part of Biznet Networks
(www.biznetnetworks.com)
Our main focus is to provide world class cloud
computing services in Indonesia
www.biznetgio.com
About
Biznet Gio Cloud
www.biznetgio.com
PT Biznet Gio Nusantara

www.biznetgio.com
Agenda
✓ What is Varnish Cache and Enterprise
✓ Varnish Cache and Enterprise Different
✓ Varnish Enterprise Feature Highlight

www.biznetgio.com
Introduction
Varnish Cache & Enterprise
Different and How to Choose

www.biznetgio.com
Varnish Cache vs Enterprise

www.biznetgio.com
Varnish Cache & Enterprise
Varnish Cache is built for web acceleration. It has a huge impact on website
speed, and even a basic setup with boilerplate Varnish Configuration
Language (VCL) will deliver
the best open-source caching performance available
Varnish Enterprise is a platform for high-traffic, content-heavy web services,
not just websites but video streaming, origin shield, CDN and edge computing
use cases too. It contains a wider, more advanced feature set and many more
Varnish modules (VMODs).

www.biznetgio.com
Simply follow the decision tree

www.biznetgio.com
Critical Varnish Enterprise-only features include
• Massive Storage Engine (MSE) - Dual-layer storage solution with speed of memory,
and resilience of disk, without usual slowdown effects of traditional disk-based storage
• Varnish High Availability (VHA) - Replicates stored objects across Varnish servers
• Built-in client / backend TLS - High-speed native TLS, also supports mutual TLS
• Varnish Controller - A browser-based administration interface
• Varnish Discovery - Streamlines configuration and autoscale Varnish
• Web Application Firewall (WAF) - Detect and block malicious requests at the edge
• Varnish Broadcaster - Distributed cache invalidation

www.biznetgio.com
What should I use - Varnish Cache or Varnish Enterprise?

www.biznetgio.com
Use Case Varnish Enterprise
Use case Varnish Enterprise Features
Stream video on demand • Massive Storage Engine
• Content pre-fetch
• High availability
• Cache persistence
Stream live / OTT video • Front and backend TLS
• Authentication and geo-
restriction
• Request coalescing
• High availability
• Origin shield
Building a private CDN • Custom PoP placement
• Administration console
• Load balancing
• WAF / origin shield
• Multi-tenancy
Caching large objects • Massive Storage Engine • High availability
Building an edge computing
platform
• Real-time execution of
• edge logic
• In-process TLS
• Edgestash
• Parallel ESI
• Content transformation
Optimizing for device • Parallel ESI
• Edgestash
• Device detection
• Request & response body Modification

www.biznetgio.com
Deep Dive
Varnish Enterprise
Feature Highlight

www.biznetgio.com
Varnish Enterprise Product Portfolio
• Varnish Enterprise - A supercharged version of the popular open-source reverse
HTTP proxy, Varnish Cache
• Varnish High Availability - A high-performance content replicator for Varnish
Enterprise
• Varnish Broadcaster - Broadcasts client requests to multiple Varnish nodes from a
single entry point
• Varnish Controller - Varnish Controller is a system used to manage Varnish
servers.
• Varnish WAF - Varnish WAF is an advanced VCL based web application firewall.
• Varnish Custom Statistics - A statistics engine allowing aggregation, display, and
analysis of user web traffic, and cache performance in real-time.
• Varnish Cloud

www.biznetgio.com
Varnish Enterprise - VMOD
Varnish Enterprise is the enhanced version of Varnish Cache, offering
performance improvements and an extended set of features. These features are
made available through Varnish Modules, (VMODs)

www.biznetgio.com
Varnish Enterprise - Massive Storage Engine (MSE)
Massive Storage Engine (MSE) is an advanced stevedore for Varnish Cache Plus.
The stevedore is the component that handles storing the cached objects and their
metadata, and keeping track of which objects in the cache are most relevant, and
which to purge if needed to make room for new content. Some of the highlights
are:
• Memory based caches using a compacted object structure
• Large caches using disks to cache objects
• Memory Governor and Persisted caches
• Safe runtime disk failures and Runtime disk reinitialization

www.biznetgio.com
Varnish Enterprise - Massive Storage Engine (MSE)
books = book1
database_size = "2G";
memcache_size = "auto";
stores = store1
size = "100G";
Cold
Object
Cold
Object
Cold
Object
Object
Metadata
Hot Object env: {
id = "mse";
memcache_size = "auto";
books = ( {
id = "book1";
directory = "/var/lib/mse/book";
database_size = "2G";
stores = ( {
id = "store1";
filename = "/var/lib/mse/store1.dat";
size = "100G";
} );
} );
};
Persistent
Cache
across
Reboot
Large caches
using disks to
cache objects
Compact
memory object
structure

www.biznetgio.com
Varnish Enterprise - In-Process TLS
SSL termination on Varnish Cache
Clients
Nginx
443
Varnish
Cache
Nginx
Bridge
HTTPs
Backend
High Latency and TTFB
Varnish Enterprise - In-Process TLS termination offers lower latency, improves data throughput (over
150Gbps), and removes the need for a separate TLS terminator greatly simplifying network topography.
backend default {
.host = "ip-address-origin";
.port = "443";
.ssl = 1;
.ssl_sni = 1;
.ssl_verify_peer = 1;
.ssl_verify_host = 1;
}

www.biznetgio.com
Varnish Enterprise – Compression with VMOD Brotli and VMOD Image
Speed up your website with vmod brotli
you can compress content up to 85%
Then combine with vmod image, your
jpeg/png content can be compressed
into webp format up to 50%.
Depending on the quality configuration
you customize.
Credit : https://www.giftofspeed.com/gzip-test

www.biznetgio.com
Varnish High Availability (HA)
Varnish High Availability (VHA) is a content replicator for Varnish Enterprise. Its
performs direct API-based cache-to-cache transfers without needing VCL context
Varnish Server1 (ID)
Varnish Server2 (US)
Varnish
Server2 (SG)
1st Clients
From ID
1st Req
Origin/
Backend
on ID
Req to origin
2nd Clients
From SG
Repl
cache
Repl
cache
Response
2nd Req
Response
3rd Clients
From US
3rd Req
Response
1st client requesting example.com, varnish
server1 will handle the request, if there is no
cache on server1, then request to origin. After that
server1 will broadcast cache to other server on
other peer node (server2 and server3)
When 2nd client accessing from SG, server2
already have the cache and avoid request to
origin

www.biznetgio.com
Varnish Controller
Varnish Controller’s main function is to manage a cluster of Varnish servers. Varnish
Controller consists of four main parts:
• The Agent interacts with the Varnish process and is responsible for VCL
deployments.
• The Brainz process handles all system-wide decision-making.
• The API-GW (API Gateway) serves a REST API to control the system.
• Router (Varnish Traffic Router) is used to route traffic to the most appropriate
Varnish server based on different configurable decisions, using either HTTP302 or
DNS.

www.biznetgio.com
Varnish Controller - HA Desain
Varnish Controller HA
Database Replication (master-
slave) and multiple Varnish
Controller to provide High
availability and Business
Continuity Plan

www.biznetgio.com
Varnish Controller - Agent

www.biznetgio.com
Varnish Controller - Router
Routers in Varnish Controller are used for traffic routing. The router supports two types of routing:
• HTTP Redirect - Incoming HTTP requests from clients are redirected to the most suitable caching node using the
302 Found HTTP response.
• DNS - Incoming DNS requests from clients are directed to the best caching node using dynamic A and AAAA
records

www.biznetgio.com
Varnish Controller – Shared Deployment
Varnish Enterprise support shared Deployment on Agent/Server
Varnish
Server1
Varnish
Server2
Varnish
Server2
Tag2
Server2
Server3
Tag1
Server1
Server2
Server3
Tag3
Server1
Server2
Tag1: example.com
Tag2: domain.com
Tag3: dummy.com

www.biznetgio.com
Varnish Controller – Dashboard

www.biznetgio.com
Varnish Web Application Firewall (WAF)
Varnish WAF is an advanced web application firewall built using the popular
ModSecurity library. It allows for all traffic to be inspected by ModSecurity and it is
configurable using VCL. Varnish WAF supports ModSecurity features and the full
ModSecurity rule set, including the complete OWASP CRS
The Core Rule Set provides protection against many common attack categories, including:
• SQL Injection (SQLi)
• Cross Site Scripting (XSS)
• Local File Inclusion (LFI)
• Remote File Inclusion (RFI)
• Remote Code Execution (RCE)
• PHP Code Injection
• HTTP Protocol Violations
• HTTPoxy
• Shellshock
• Session Fixation
• Scanner Detection
• Metadata/Error Leakages
• Project Honey Pot Blacklist
• GeoIP Country Blocking

www.biznetgio.com
Varnish Web Application Firewall (WAF)
Clients
Varnish
Enterprise
Varnish Enterprise - WAF Workflow
Mod_Security
With
CRS RuleSet
Request Headers
Request Body
Origin/
Backend
Response Headers
Response Body
Logging
https://github.com/comotion/VSF
Rules

www.biznetgio.com
Get in touch with us
Biznet Gio Cloud
PT Biznet Gio Nusantara
www.biznetgio.com
Thank You

Varnish Enterprise Feature Migration From Varnish Cache

More Related Content

Similar to Varnish Enterprise Feature Migration From Varnish Cache (20)

More from Yusuf Hadiwinata Sutandar (20)

Recently uploaded (20)