Data centers have evolved in terms of the network and server infrastructure, number and complexity of applications, types of users, and variety of end-users devices. But business applications — from eCommerce through CRM, order management, email, collaboration services and more — are expected to deliver fast responses times, be available 24x7, ensure consistent and seamless access from multiple locations, and have bullet-proof security.
When rolling out a new service or expanding an existing service, application delivery controllers have a critical role: They act as "application gateways" by managing clients' traffic to globalized application resources and perform granular load distribution, end-to-end application acceleration, bandwidth management, caching, and application and transport security. This results in high availability of applications, faster response times, and better security.
Inside the ADC
The ADC is typically installed in front of server farms, after the network firewalls and anchors application security gateways as shown in Figure 1.
Figure 1. Typical ADC network deployment diagram
The remainder of this section, before introducing a real-world ADC solution in a cloud environment, describes the evolution of the ADC, its operational anatomy, and the challenges a virtualized environment imposes on ADC deploy, especially in the areas of application availability, performance, and security.
ADC evolves into business apps and virtual data centers
The first generation of ADC solutions focused on general network and applications optimization and scalability. Increasing capacity of a service is quite simple: once a new application server is installed and added to the server farm, all you need is to add the new server into the relevant ADC traffic redirection policy - and it starts load balancing the traffic between the extended farm servers.
The second generation of ADC solutions has acknowledged that applications can be better optimized when tailored to the specific vendor. ADCs are certified with leading business applications from vendors like Microsoft, Oracle, SAP, IBM, VMware, Radware, and more.
The adoption of data center virtualization ecosystems, keeping in-sync with the data center's dynamic changes, being truly "aware" of on-demand business applications, the need to scale in a cost-effective manner and lowering costs — all require a new class of ADC, hence the third ADC generation is introduced — that delivers a complete set of services to ensure the availability, performance and security of the mission-critical applications in the physical and virtual data center. This will be further discussed in detail later.
How an ADC works
The ADC provides a set of functions to optimize enterprise application deployment. The ADC evolved from basic load balancing to a set of features that enhance the application availability and performance.
The common ADC feature set includes the following features that enhance application availability and performance.
For application availability, an ADC can improve application availability and guarantee the SLA through:
- Local server load balancing: Guarantees high quality SLAs by ensuring that the best server always serves client requests while eliminating server overload.
- Health monitoring: Avoids redirecting traffic to unavailable servers.
- Global server load balancing: Enables business continuity and disaster recovery (DR) and guarantees high quality SLAs and quality of experience (QoE) to users for globally-deployed services.
- Link high-availability: Facilitates reliable, scalable, low-cost site connectivity while optimizing application end-to-end response time.
In the area of application performance, ADCs accelerate application performance, shorten application response time, and offload server processing include through:
- TLS/SSL offloading: Maximizes server infrastructure utilization by offloading server processing and encryption/decryption tasks that add latency when executed by servers.
- Caching: Leverages static and dynamic caching on the ADC and intelligently seeding browsers to the ADC delivers faster page load times.
- Other compression techniques: Reduces content size, number of connections, and TCP protocol optimization.
Figure 2 illustrates how an ADC deployment can improve application availability, performance, and security.
Figure 2. Benefits of ADC deployment to improve business applications availability, performance, and security
Challenges to ADC from cloud and virtualized environments
Deploying virtualized data centers creates a direct cost reduction by reducing the number of servers, network equipment and the cost associated with operating them. At the same time, it also increases the business's agility, as it is simpler to perform modifications in the data center infrastructure — such as topology changes or configuration refinements — in order to be aligned with the business objectives. However, the deployment of virtualized applications in a fully-virtualized or hybrid data center creates new significant challenges from an application delivery viewpoint.
The virtual data center uses a single, consolidated virtualization infrastructure that enables the deployment of multiple resources on-the-fly, so that adding or removing applications takes place dynamically and quickly. As the ADC is a critical element of the network infrastructure, it must play an active role in the virtualization ecosystem to ensure the resilience and efficiency of virtualized applications being synchronized with these dynamic changes at all times. These changes might include adding a new VM to a virtual application cluster, removing it from the application cluster, or provisioning a new critical application. Left unchecked, virtual application availability and performance could suffer significant degradation.
The main challenge when virtualizing the ADC is that it poses a potential risk as the application SLA might be compromised due to several ADC services that utilize shared resources.
In addition, deploying an application delivery solution in multi-application environments — whether it be a virtualized, hybrid or even physical data center — implies operating multiple ADC devices or using complex, shared configuration files, which increases operational complexity making the operations less efficient and increasing costs.
In the real world: Virtual and hypervisor ADCs
The team at Radware has built ADC cloud solutions, based on virtualization and the hypervisor layer, that cater to all sizes and types of data centers and organizations, from mid-sized companies to large enterprise data centers to carriers to cloud and hosting providers. Any organization looking to consolidate and virtualize an ADC infrastructure can save costs and increase business agility.
Radware offers virtual ADC instances in two form factors:
- Alteon VA Radware Soft ADC, is a vADC deployed on a general server virtualization infrastructure (VI), running as a virtual appliance. It provides all the functionality of a physical ADC (local and global server load balancing, Layer 7 capabilities, application acceleration, etc). It is designed to provide maximum ADC agility for private and public cloud environments as well as for enterprise's virtualized data center. While taking advantage of the virtual infrastructure dynamic provisioning, decommissioning and business agility, Soft ADC virtual appliances can be rapidly provisioned and deployed in the data center to perform application delivery services and provide greater business agility. This element also plays a key role in hybrid cloud design and cloud migrations by supporting virtualization operating systems such as VMware ESX, OpenXen and KVM.
- ADC-VX™ is an Application Delivery Controller (ADC) hypervisor that runs multiple virtual ADC instances on a dedicated ADC hardware, Radware's OnDemand Switch platforms. ADC-VX is designed from the ground up to enable organizations to consolidate their ADC hardware devices without compromising resiliency or performance predictability of their ADC services, resulting in significant savings of hardware costs and operational expenses. It offers vADC density up to 256 instances per platform.
The Alteon VA provides an ADC solution running on standard virtualized compute resources. Alteon VA fits lab, testing, and demo environments, as well as applications that need a best-effort SLA. The ADC-VX fits environments in which application availability and performance are critical. It offers a predicted SLA and is designed for critical applications delivery.
Data center and cloud integration
Virtualized data centers and cloud data centers have many resources and moving parts, as well as high degrees of flexibility. This means that managing all of the IT resources using multiple management solutions increases both the complexity of managing the data center as well as the data center's operating costs.
To address these issues, IT managers turn to orchestration/integrated management systems such as SmartCloud and Workload Deployer, VMware's vCenter Orchestrator or Red Hat Enterprise Virtualization, to help them achieve end-to-end management of mission-critical applications and IT services and create work flows which can auto-provision a new services. Implementing such systems creates a new virtual data center eco-system, in which all data center resources (physical and virtual) are managed and provisioned via a single view, allowing IT managers to become more productive and efficient.
Figure 3. Virtual ADC fabric fully integrated into the virtual data center and cloud ecosystem
Radware virtual ADCs are fully integrated with the virtual data center and cloud eco-systems through Radware vDirect™ plug-in and SDK. Radware's vDirect is the industry's first ADC management SDK and plug-in, designed specifically for virtual data centers. It provides all the building blocks and management interfaces required for a data center management and orchestration system to provision, decommission, configure and monitor Radware's vADCs and computing resources within a virtual data center — ensuring maximum business agility and IT efficiency when managing an application delivery infrastructure.
Shaping applications to facilitate delivery
Deployment of application delivery services requires expertise of the application and takes weeks of staff work to configure, optimize and test for production. To accelerate and optimize the application delivery services, Radware offers AppShape™. AppShape technology reduces deployment time of application delivery services by 86 percent, while guaranteeing maximum value for each business critical application in terms of availability, performance and security.
AppShape offers configuration templates and wizards for leading business applications such as Microsoft® Exchange, Microsoft SharePoint, Microsoft Lync, Oracle® E-Business Suite, Oracle 10g, PeopleSoft®, SAP® ERP and more removing expertise from application rollouts. AppShape helps users set up and configure all the required ADC options in a user friendly format, including application server information, specific application health checks and redundancy options. Through certification and testing campaigns, optimized policy is automated for the administrator or orchestration solution.
AppShape allows application delivery services to be fully managed and operated from an application-centric view including operational screens, logs and compliance. The result is simplified and efficient application management in the ADC. In addition, AppShape drives business agility through auto-discovery of application resources changes and automatically synchronizing them to the ADC with no human intervention.
Furthermore AppShape's reporting capabilities help organizations with capacity planning tasks, by providing per application trends analysis and alerts when an application is about to reach its allocated resources on the ADC. This helps organizations to efficiently utilize resources, meet applications SLA and guarantee performance.
Ensuring 24x7 application availability
Radware application delivery solution ensures absolute uptime and effective disaster recovery (DR) for local and globally dispersed applications at all times. By leveraging distributed intelligence, advanced health monitoring, traffic redirection, persistency and content modifications capabilities, it guarantees transaction completion with a resilient solution that performs real-time identification and bypassing of any faulty element (such as application failure, server failure, server farm failure and even site failure) along the transaction path. Granular layer 7 traffic distribution has been proven to increase CPU utilizations by 90 percent and lend itself to the elasticity required to handle natural volume events in a multi-tenant environment.
The solution fully supports IPv6 functioning as a full IPv4/6 gateway, to transparently load balance applications over IPv4 or IPv6 networks with no need to modify the applications. In addition, Radware's global server load balancing (GSLB) service ensures the global availability of all applications, whether they are based on DNS or not. Radware's application delivery solution's capabilities that improve application availability include:
- Health monitoring eliminates business loss due to IT failures via transaction file bypassing.
- Traffic redirection guarantees highest quality SLAs by ensuring that the best server always serves client requests while eliminating server overload.
- Global server load balancing enables business continuity and disaster recovery (DR) for all users, at any place, at all times. Hence it guarantees the highest quality SLA and best quality of experience (QoE) to users for globally-deployed services.
- Link high availability facilitates reliable, scalable, low-cost site connectivity while optimizing application end-to-end response time.
- Full redundancy — Active-Active or Active-Passive Device redundancy — ensures high availability to reduce service interruptions and guarantee service uptime while lowering TCO.
Result-driven application acceleration
Radware's application delivery solution's integrated application acceleration features are designed to accelerate application response time and ensure best application SLA while offloading server processing. With the ability to intelligently align user agents and content, traffic is optimized for all users, addressing the critical need of a mobile workforce. By offloading processor intensive operations, such as SSL and/or TCP overhead, the ADC frees the servers' resources to expedite requests, which results in reduced application resources, latency and lowering CAPEX. Moreover, the bandwidth management service aligns the utilization of network resources with business objectives to guarantee SLA.
Radware's application delivery solution's capabilities that accelerate application performance and shorten application response time and offload server processing include:
- TLS offloading maximizes server infrastructure investments by offloading server processing. Hence it creates major savings on server CAPEX, as less servers can serve more content to more users.
- HTTP multiplexing reduces the number of servers required via server connection reduction, to reduce server CAPEX, significantly reducing latency by removing TCP overhead.
- Leveraging static and dynamic caching on the ADC and intelligently seeding browsers to the ADC delivers faster page load times and reduces server CAPEX through offloading server processing.
- Content "mini"-fication reduces content size by removing and trimming redundant data from web pages, maximizes objects per user agent, and intelligently compliments mobility users.
- Web compression increases savings on OPEX by reducing traffic volumes and bandwidth costs. In addition, it also improves QoE and increases end-user and employee productivity by minimizing round-trips.
- TCP optimization reduces server connections and congestion avoidance optimization to improve QoE and increase employee productivity.
- Reduced HTTP number of requests per page by combining multiple Java Scripts (JS) and CSS elements into one big object or embedding small JS and small CSSs into the HTML document, means that fewer requests are required per web page, accelerating the overall page load time.
- Bandwidth management assists in guaranteeing application SLA based on per device, user, location, or application. It also optimizes network usage and reduces costs by aligning network allocation with business priorities.
- Global traffic optimization can be achieved using global server load balancing; user sessions can be redirected to the data center closest to the user, reducing the round-trip delay between the end user and the servers serving the requests.
Application availability and security even when under attack
Radware's ADC solution is the only ADC that ensures undisrupted business continuity by protecting from emerging availability-based attacks that misuse the network and application resources in order to degrade application performance and up to complete application denial of service. The ADC solution prevents all type of availability attacks:
- Network DDoS flood attacks that overload network link capacity and networking equipment capacity.
- Application DDoS flood attacks that overload application resources capacity.
- Directed DoS attacks that exploit server TCP/IP stack and application design weaknesses.
- Offering bi-directional trust and encryption models ensuring end to end data and dialog integrity.
Radware's ADC as a Service on IBM clouds
IBM and Radware collaborate to offer simplified solutions leveraging advanced service driving a cost containment strategy to customers. By leveraging Radware Alteon VA for IBM PureSystems and SmartCloud Enterprise, we can define a use case where a customer faces CAPEX in a Business Process Management (BPM) application.
Faced with the decision to build out or leverage SmartCloud Enterprise to minimize capital investments, the vADC plays an important role in this decision having the ability to facilitate controlled user population migrations, disaster recovery, and application elasticity (illustrated in Figure 4). Based on intelligent site selections for users targeting application resources, the vADC can align business and traffic policy decisions, allowing customers to leverage existing assets while leveraging the cloud for incremental needs or total application migrations.
Figure 4. User population migration for a BPM SOA application via ADC-as-a-Service
With the ability to communicate across form factors and sites, the vADC facilitates the exchange of distributed intelligence about availability, load and proximity of distributed applications. The vADC can dynamically compliment business logic between CPE and cloud assets with policy control retained by the IT administrator. This allows customers to maximize their existing investments while globalizing their IT applications and providing access to a new range of available application tools, transforming IT into a monetized, global application store. The result is a simplified, accelerated and secure application experience focused on cost reduction and innovation.
IBM and Radware go further to simplify and automate the deployment of vADC services via SmartCloud provisioning and cloning applications. Driven by AppShapes or "application patterns" deployments, Radware and IBM are removing the need for on-site human expertise from the deployment of expert systems. The vADC optimizes the end-to-end exchange for mobility users and guarantees a bidirectional trust and data encryption model ensuring data integrity and application security. Radware and IBM therefore offer improved application quality and time-to-market via proven and repeatable automated application service creation and orchestration minimizing any risk in cloud exploration.
When rolling out a new service or expanding an existing service, the ADC has an important role enhancing the availability, performance, and security of mission-critical applications. As a globalized application gateway the ADC facilitates hybrid architectures meant to save customers money ensuring a simplified, accelerated and secure application experience.
In cloud virtual environments the ADC becomes the component minimizing the overall costs of application deployments. When integrated into cloud workflows it significantly shortens the time to new application rollout, accuracy in first time deployments, aligning with the dynamic virtual server infrastructure and improves resource utilization.
Our goal is to transform ADC computing resources, ADC services, and virtualization services into an integrated, agile and scalable virtual application delivery infrastructure and enable the creation of an ADC fabric that addresses the requirements of the virtual data center from an ADC perspective, creates a true cloud-ready ADC, and is fully aligned with the economy requirements and models of IBM PureSystems and IBM SmartCloud.
Learn more about the technologies and techniques mentioned in this article:
- developerWorks cross-site search function delivers a library of informative resources on cloud application migration.
- Mark Fabbi from Gartner analyzes in blog entry: Load Balancers Are Dead: Time to Focus on Application Delivery.
- "Optimize cloud application delivery systems" demonstrates how to use ADCs to make services more resilient to faults and more snappy for users, to overcome scalability problems in web infrastructure, and to reveal the difference among various load balancing options.
- In the developerWorks cloud developer resources, discover and share knowledge and experience of application and services developers building their projects for cloud deployment.
- Find developer resources for IBM PureSystems on developerWorks.
- Find out how to access IBM SmartCloud Enterprise.
Get products and technologies
- See the product images available for IBM SmartCloud Enterprise.
- Radware provides integrated application delivery and application security products; take a look at Radware ADC for IBM PureSystems.
- Join a cloud computing group on developerWorks.
- Read all the great cloud blogs on developerWorks.
- Join the developerWorks community, a professional network and unified set of community tools for connecting, sharing, and collaborating.