The Role of GSLB in Service Continuity and Cyber Resilience

This document explains the role that the Global Server Load Balancing (GSLB) technology of the Application Delivery Controller (ADC) plays in securing Service Continuity and Cyber Resilience in modern digital service environments. 

The ADC has evolved beyond a simple network device that distributes and optimizes application traffic; it has now become a core platform that realizes Auto-Resilience at a global infrastructure level. 

True Security is Non-Stop Service

As core enterprise services become distributed across clouds, data centers, and SaaS, instances where a failure in a single region or infrastructure leads to a total service outage are increasing. Security threats (DDoS, Ransomware), operator errors, and network failures are now considered "conditions that can occur at any time." 

In this environment, what enterprises must protect is not just perfect defense, but the ability to maintain sustainable service operations—namely, Cyber Resilience. 

GSLB technology is a key element of this resilience. By performing failure detection, automatic traffic bypassing, and automated recovery at a global level, GSLB realizes business operations without service interruptions. 

 Understanding Service Continuity and Cyber Resilience

Service Continuity: Business Continuity

Service Continuity refers to the ability to keep core services in an available state continuously, even during failures or attacks. Its key components are: 

⚫Availability : A state where the service is always accessible.

⚫Reliability :Maintaining consistent responsiveness and performance.

⚫Redundancy : Dualized structures for systems and networks.

⚫Recoverability: Automated recovery and operational continuity.

Cyber Resilience: "Systems That Do Not Stop Even After Attacks"

Cyber Resilience is a concept combining Security + Resilience + Continuity. Its goal is not merely to 'block attacks' but to 'maintain operations during attacks.' 

The concept of Cyber Resilience (often referred to as cyber recovery or resilience) began appearing in the early 2000s.

With digital transformation, the spread of cloud computing, complex supply chains, and the accumulation of recent large-scale cyber incidents, the concept has evolved from simply 'strengthening security' to the capability of 'operating and recovering without interruption.' This has emerged as a core focus of government policies. 

Notably, the European Union (EU) has enacted the Cyber Resilience Act and is implementing related regulations. The EU explicitly includes 'resilience' in its cyber security strategy, positioning cross-border cooperation and infrastructure resilience reinforcement as strategic elements. The United States has also been supplementing related regulations in line with its policy stance on strengthening infrastructure resilience. 

The 4 Key Pillars of Cyber Resilience defined by the US NIST are as follows: 

1. Anticipate

Predict and prepare for risks. The ability to identify threats, vulnerabilities, and operational weaknesses in advance, assess their likelihood and impact, and prepare countermeasures. This includes activities beyond vulnerability scanning to predict "what will cause problems, when, and how" from the perspectives of supply chain, design, and operations. 

2. Withstand

The ability to absorb the shock of failures or attacks and maintain core functions. Technical elements include physical/logical redundancy, network/application-level defense measures, traffic steering and routing policies, access control and isolation/segmentation, and Fail-Safe modes. 

3. Recover

The ability to restore to a normal state quickly and accurately after an incident or failure. The goal is to satisfy RTO (Recovery Time Objective) and RPO (Recovery Point Objective). Automatic Failback and automatic DNS switching provided by GSLB are key elements in automating the recovery phase. 

4. Adapt

The ability to learn after an incident and improve structures, procedures, and policies to prevent the recurrence of identical or similar events and enhance response capabilities. This corresponds to root cause analysis, operational policy improvements, architecture updates, and operational capability training. 

GSLB is a key implementation technology for the Withstand and Recover stages among the 4 pillars of Cyber Resilience.

[Figure 1] NIST's 4 Pillars of Cyber Resilience 

GSLB - The Evolution of ADC

Traditionally, ADCs were responsible for distributing application traffic and optimizing performance and security at the L4/L7 layers. 

However, current ADCs are evolving in various forms to accommodate changes in service areas (like cloud), delivery methods, service continuity assurance, and market demands for security. Their role is expanding further as a key solution for data center optimization. 

They have expanded into an Application Delivery Platform that handles: 

⚫Service routing in Multi-Region and Multi-Cloud environments. 

⚫Load balancing and automated failure recovery across diverse segments.

⚫Policy-based traffic control.

[Figure 2] GSLB Conceptual Diagram 

Global Expansion Functions of ADC

GSLB (Global Server Load Balancing) is a function where the ADC goes beyond load balancing within a single data center (Local LB) to control traffic and automatically recover from failures at a global level. 

The traditional load balancing functions within a data center versus global service load balancing can be summarized in the table below: 

[Table 1] Comparison of Local LB and GSLB Roles and Scope 

Implementing Service Continuity via GSLB and Considerations

1) Automatic Failure Detection Based on Health Checks

The ADC periodically monitors the status of each region and service node. If it detects non-response or latency, it immediately bypasses traffic to another node. 

2) Intelligent Traffic Distribution at the DNS Level

GSLB selects the appropriate endpoint during the DNS response phase by considering latency, availability, and policies (geography/weight). However, due to DNS caching and resolver characteristics, switching delays may occur for some clients, so supplementary designs such as TTL optimization, secondary DNS, and Anycast parallel usage are required. 

3) Auto Failover upon Failure / Auto Failback upon Recovery

It can be configured to attempt Failure Detection → Traffic Bypass → Automatic Failback upon restoration to normal. However, the timing and method of Failback (sequential return vs. simultaneous return) must be decided by policy considering service status and data synchronization. Improper settings can lead to traffic flapping or data inconsistencies. 

4) DR (Disaster Recovery) Automation and Security

ADC GSLB supports shifting existing manual-transition DR systems into policy-based automated structures, enabling automatic recovery without operator intervention. 

To ensure GSLB itself does not become a point of failure, the control plane (management interface) must be redundant, and strict access controls (MFA, IP whitelisting) and change history logging must be applied to management APIs. 

Additionally, security measures such as enhancing DNS response integrity with DNSSEC and improving DNS availability through Multi-DNS providers (Primary/Secondary) and Anycast should be considered together. 

ADC GSLB Strengthening Cyber Resilience

Regarding the NIST Cyber Resilience 4 Pillars introduced earlier, ADC performs a role in every stage. The role and contribution of ADC GSLB for each stage can be summarized as follows: 

ADC is evolving into a solution capable of playing a key role across all stages to secure service continuity. It is developing into the center of service optimization and security enhancement not only in traditional legacy data center environments but also in private cloud and multi/hybrid cloud environments. 

ADC GSLB can create response scenarios and guarantee service continuity not only for service interruptions caused by accidents and disasters like fires and earthquakes but also for various cyber attacks. 

⚫During DDoS Concentration: Automatically distributes traffic from the attacked region. 

⚫During Ransomware Infection: Isolates infected nodes and routes to a clean zone. 

⚫During Cloud Region Failure: Automatic Failover to other regions.

The three situations above are the most representative examples of recent IT service failures. In such cases, a comprehensive review and response regarding whether cyber resilience functioned properly—covering related processes, infrastructure, and architecture—are essential. 

Analyzing major service interruption incidents reveals structural vulnerabilities such as "Single Region, Single Network, Manual DR Structure." This is why greater interest and investment from an infrastructure and architecture perspective, and designs considering Cyber Resilience, are receiving more attention. 

ADC-based GSLB Adoption Strategy

To effectively build GSLB and achieve the goal of service continuity, the following matters need to be considered and prepared. 

The components of Cyber Resilience cannot be thought of separately in traditional network, security, and service domains. Concepts gaining attention as new security philosophies, such as Zero Trust, or frameworks like the National Network Security Framework (N2SF) and Risk Management Framework (RMF), consistently emphasize the necessity of organic connection and integrated management of authentication, user management, endpoint/asset management, network, data management, and server/service security. 

For the successful introduction/operation of GSLB and securing service continuity through it, organic cooperation between the security team, infrastructure team, and executive management is absolutely necessary. 

1. Phased Construction Roadmap

A. Introduction of ADC within a single Data Center.
B. Integration of DR regions and GSLB policy configuration.
C. Expansion of automation based on Multi-Cloud. 

2. Core Operational Elements

A. Optimization of Health Check cycles / TTL policies.
B. Automation of Failover/Failback testing.
C. Log-based availability analysis and reporting. 

3. Organizational Collaboration

A. Security Team: Threat detection and response.
B. Infrastructure Team: GSLB policy operation.
C. Management: Approval of failure response policies and ROI verification. 

ADC is the Core Infrastructure of Cyber Resilience

ADC goes beyond simple load balancing equipment to combine Service Continuity and Resilience through GSLB, ensuring uninterrupted business operations. 

It is a solution that provides the core customer value of securing Cyber Resilience and guaranteeing business continuity, beyond the traditional value of providing application availability. 

An ADC supporting GSLB realizes a "Service Delivery Platform that withstands attacks and failures."