Cloud computing is transforming the traditional server application tiers into mobile, virtualized containers. As applications and servers are abstracted from the infrastructure, this serves their easy integration with the systems used to provide for availability, performance, and security.
As a result, more organizations are prompted to examine a critical fourth tier within the data center architecture - a flexible and highly scalable tier in which application delivery concerns such as security, performance, and availability can be addressed.
The application delivery tier is based on an application delivery network, a set of services that addresses and mitigates the operational risks that hinder the successful deployment and delivery of applications. At the heart of the application delivery network is the Application Delivery Controller (ADC).
ADCs, most often associated with load balancing to address availability and performance issues, have evolved to provide services to mitigate security threats, ensure availability, and improve performance within the data center and in the cloud.
What to Look for When Choosing an ADC?
ADCs should be evaluated against functional criteria that include:
- Performance
Performance
Performance is a primary concern. ADC is logically deployed between end-users and applications to provide delivery services. Its performance, therefore, is a critical consideration.
In evaluations, connection capacity and decisions-per-second are far more important than mere speeds and feeds. Often, it is either capacity or transaction rate that is the bottleneck that drags the performance of applications.
Connection Capacity
The number of connections necessary to meet the demands is rising. Connection management is a common cause of application performance problems. It not only consumes resources that cannot be used to process requests, it also consumes additional time per request as applications search longer and longer lists of connections before identifying the most efficient one. On web and applications servers, performance is directly related to connection management.
An ADC can mitigate this problem by mediating for the servers and limiting the number of connections that must be opened without impacting the number of users that can be served concurrently. This enables the ADC to sustain large numbers of connections without negatively affecting performance.
Connection capacity becomes more critical as application-layer attacks increasingly bypass traditional security measures and threaten the infrastructure with an overwhelming number of connections.
Transactions per Second
Behavioral changes in applications such as the increasing reliance on APIs for mobile applications make it important to evaluate an ADC's ability to make decisions at an acceptable rate.
Consider the difference between a simple HTTP request and response in which the request is nothing more than a GET request paired with a zero-byte payload response, a POST request filled with data that requires processing not only on the application server but on the database, and the serialization of the response. The metrics that describe the performance of these two requests will almost certainly show that a GET request has a higher capacity and faster response time than a POST request.
Performance tests that measure only the abilities to pass packets or open and close connections are simply not enough to evaluate the performance of an ADC. It is necessary to compare ADCs from the perspective of decisions-per-second rather than mere protocol-per-second measures.
Scalability is an important aspect of availability and performance. Scalability, which includes a lot of seemingly unrelated technologies, focuses primarily on increasing available resources to meet the demands. Equally important is the ability to failover from one application instance to another or one data center to another - or to the cloud. Failover capacity is important because it is critical to business continuity.
Failover and scaling are more interrelated than they first appear. These rely on a third capability - visibility - to provide accurate, actionable data upon which an ADC can base its routing decisions, and share with other infrastructure components responsible for failure and application scaling tasks.
The ADC is most often responsible for scaling of applications - whether those applications are deployed in virtual containers or on physical machines. When choosing an ADC, it is important to consider the level of integration and support for various automation, orchestration, and virtualization solutions, particularly those in the realm of provisioning.
ADCs that easily support heterogenous environments bring organizations the benefits of operational consistency: Lower management costs, repeatable deployments across environments, and consistent enforcement of security policies.
Visibility has always been important to application delivery especially as applications become more fluid, multi-tier, multi-server, and geographically dispersed. The ADC combines these multiple sources of information into single application views and intelligently uses the individual status points to control the flow of traffic. It is the means to ensure scalability while at the same time addressing performance and availability issues.
Visibility is also important to automation and integration, enabling the automated scaling out and back down of applications across environments. Visibility is key to detecting attacks and preventing them. In short, visibility is a crucial capability of an ADC that should not be treated as a checkbox item. It should be investigated fully to ensure comprehensive views and functionality.
Because of its location in the data center architecture, an ADC is uniquely positioned to provide security in a variety of ways to protect not only the application but the computing and network resources upon which applications rely.
Increasingly, this strategic location requires advanced security such as data center, network, and web application firewall services. As an intermediary between clients and services, ADC offers a cost-effective and processing-efficient solution for deploying security services.
From the client perspective, ADC is the endpoint and a more appropriate point for network and data center firewall services than an upstream or downstream device. Similarly, the ADC must necessarily intercept and examine requests and responses to perform advanced load balancing and application routing. This enables the ADC to examine content in depth and to ensure it is free of virus or malicious code.
If an ADC is to be used as a firewall, certifications such as the International Computer Security Association (ICSA) help to assure companies that the product they choose is secure in ways beyond the mere addition of access control lists to a load balancer.
An ADC should be able to consolidate web application security, access management, load balancing, and acceleration services onto a single, shared, and consistently managed platform. The goal is to reduce performance degradations caused by an architecture composed of multiple solutions and reduce the time and costs associated with managing multiple solutions.
All application delivery services should be available on a unified, consistent platform through which IT staff can integrate, automate, and replicate policies in an on-demand and highly agile manner for efficiency. An ADC should provide a consistent operational experience across all application delivery services.
A flexible ADC should be able to support new technologies and deployment models without requiring new solutions. Cloud integration models, for example, are variations on existing themes that rarely require brand new, often costly, products. When evaluating an ADC, it is more important to examine its ability to support a wide variety of architectures than it is to look for a companion 'cloud' product to provide functionality that almost certainly already exists within the core product.
An extensible, integrated application delivery platform is the foundation of future data center architectures. Whether integrating cloud computing resources or providing a flexible infrastructure tier through which emerging mobile and VDI applications can be delivered, an ADC provides the critical application delivery services required to support the security, availability, and performance requirements of current and future highly dynamic data centers. ANIL POCHIRAJU
Scalability
Visibility
Security
Manageability
Flexibility
Conclusion
The author is managing director,
F5 Networks India/Saarc
maildqindia@cybermedia.co.in