How to secure continuous ROI from an application delivery controller...
Until recently, ‘application delivery controllers’ (ADCs) were considered just another piece of the IT infrastructure jigsaw puzzle.
Although a necessary component for load-balancing web services, ADC solutions also need to accelerate application delivery, reduce the hardware infrastructure footprint and protect against DDoS attacks.
Driving down Capex and Opex in both the data center and the cloud is an increasing focus of Chief Finance Officers, and organisations are tired of vendors railroading the procurement team into paying extra for product features complicated by acronyms.
Improving application security, intelligently steering customer connections between data center and the cloud, and offloading CPU intensive processes like SSL negotiation are all related to critical deliverables for IT Infrastructure Architects, Chief Information Security Officers and Chief Technology Officers.
Today’s ADCs can help to optimise existing corporate infrastructure, scale applications at Internet speed and maximise existing infrastructure investments for years to come. These benefits apply to small, medium and large data centers alike.
Multiple options
A key factor in assessing an ADC solution is its potential impact on the bottom line, today and in the future – what is its return on investment (ROI)?
While all ADCs can improve application performance and availability, not all deliver equal efficiencies and low relative cost of ownership. An ADC’s memory and CPU architecture can have a drastic impact on the degree to which the solution can improve the performance, security and availability of web services and business applications. Space within the data center is at a premium, and a low-profile, high throughput solution can have significant positive impact.
Application uptime and resilience, as well as the ability to scale up and down to support current and future needs, have real costs many organisations underestimate. More significant than the initial capital outlay is the ongoing operational expense associated with the space, power, cooling, licence management and administrative activities.
Deploying ADCs with highly efficient shared resource architecture, low data center footprint and a single all-encompassing licence model will have a ripple effect on the overall infrastructure’s TCO.
Server offload is key
Servers are undeniably overtaxed. Beyond serving applications, servers often complete many corollary functions to keep the infrastructure working. For example, to meet the security and compliance demands of most enterprises, SSL is being added to websites, which means the servers have to process complex cryptographic functions that add significant overhead.
Further extending the lifetime of deployed server infrastructure through intelligent offload provides a way to extend application server ROI. Also, the ability to steer traffic to secondary global sites or into the cloud provides greater uptime and the flexibility of least cost path routing and reliability.
Leaving Infrastructure Architects shaking at the knees, it can be an operational nightmare to ensure that each device has the latest patch levels to mitigate against SSL attacks, maintain valid certificates and ensure sites function at the capacity expected.
Maximising the utility of each server can be accomplished by offloading processing that is not core to running the applications, and addressing these functions in a platform optimised to handle cryptographic computationally intensive functions.
One way to offload the servers is to use open source load-balancing products. These technologies can run on generic servers to accomplish basic requirements with a small number of load-balancing methods, typically just round robin.
Unfortunately, significant hidden costs may occur. Generic servers are not optimised for performance and can create other operational issues – self-support, manual one-off builds and the complication of bespoke configuration customisation are problems often only uncovered once the application is released into production and starts to fail.
New-generation ADCs are designed to increase infrastructure efficiency by offloading processing that is typically handled by the server or within the application.
In general terms, these ADCs offload the servers up to 70 percent which delivers server reduction and optimisation that results in significant CAPEX and OPEX savings. ADCs can also reduce the load on the servers by offloading SSL encryption and decryption, provide centralised management of ciphers and encryption certificates, as well as offloading TCP connection management overhead, provide caching and implement compression.
SSL acceleration
The best ADCs also offer optional hardware security modules (HSMs) with FIPS 140-2 certification to further guard against tampering and protect the SSL private keys.
Mature ADCs can also reduce TCP connection management overhead to increase overall server capacity considerably, often by up to 50 percent. Processing in this manner streamlines server TCP connection setup and teardown, which improves application response times and overall application performance and reliability.
ADCs can also reduce the number of TCP connections to the server in a method called TCP multiplexing, reducing memory resources and CPU cycles required to maintain session connections. Top ADCs eliminate repetitive fetches by the server for frequently requested content. Instead of going to the server for every request, commonly accessed content can be stored and served from a highly accelerated ADC cache.
In this way, selected ADCs can reduce server processing requirements and in larger environments, reduce the number of physical application servers required overall.
So what are the boxes to tick in seeking an advanced ADC?
1. To meet rapidly growing needs, look for an operating system purpose built for ADC and deployment models that will scale the performance and security of your data center applications and networks. Choose a solution that will improve application performance and availability, provide functionality that will meet future business requirements, but reduce current Capex and Opex costs.
2. Seek a hardware platform operating system with dedicated SSL hardware and traffic acceleration ASICs that can relieve server hardware of the burden of managing CPU-intensive SSL traffic, support the consolidation of SSL processing into a single platform and strengthen application security. Also look for TCP optimisation, RAM caching and compression that will further offload server overhead as they accelerate response times and improve the overall scalability of corporate infrastructure.
3. Don’t get caught out by complex licencing models. Choose an ADC that includes the full range of features in the one licence: from SSL offload, global load balancing and compression to routing, IPv6 and Web Application Firewall.
With the right choice of platform, today’s ADC platforms can deliver 2x to 5x more application transactions than older multi-blade chassis systems or solutions that only provide a single load balancer or traffic management outcome. Security, routing functionality and even IPv6 capabilities within the platform protect the investment into the future.
With an optimal ADC, data center applications and networks will remain highly available, fast and secure – and an ROI could be achieved within six months.
By Greg Barnes, Managing Director, Australia & New Zealand, A10 Networks, Inc.