Cloud security: the grand challenge In addition to the usual challenges of developing secure IT systems, cloud computing presents an added level of risk because essential services are often outsourced to a third party. The externalized aspect of outsourcing makes it harder to maintain data integrity and privacy, support data and service availability, and demonstrate compliance. In effect, cloud computing shifts much of the control over data and operations from the client organization to their cloud providers, much in the same way organizations entrust part of their IT operations to outsourcing companies. Even basic tasks, such as applying patches and configuring firewalls, can become the responsibility of the cloud service provider, not the user. This means that clients must establish trust relationships with their providers and understand the risk in terms of how these providers implement, deploy, and manage security on their behalf. This trust but verify relationship between cloud service providers and consumers is critical because the cloud service consumer is still ultimately responsible for compliance and protection of their critical data, even if that workload had moved to the cloud. In fact, some organizations choose private or hybrid models over public clouds because of the risks associated with outsourcing services. Other aspects about cloud computing also require a major reassessment of security and risk. Inside the cloud, it is difficult to physically locate where data is stored. Security processes that were once visible are now hidden behind layers of abstraction. This lack of visibility can create a number of security and compliance issues. In addition, the massive sharing of infrastructure with cloud computing creates a significant difference between cloud security and security in more traditional IT environments. Users spanning different corporations and trust levels often interact with the same set of computing resources. At the same time, workload balancing, changing service level agreements, and other aspects of today's dynamic IT environments create even more opportunities for misconfiguration, data compromise, and malicious conduct. Infrastructure sharing calls for a high degree of standardized and process automation, which can help improve security by eliminating the risk of operator error and oversight. However, the risks inherent with a massively shared infrastructure mean that cloud computing models must still place a strong emphasis on isolation, identity, and compliance. Cloud computing is available in several service models (and hybrids of these models). Each presents different levels of responsibility for security management. Figure 1 on page 3 depicts the different cloud computing models. READ MORE>
Brocade Unlocks the Power of the Cloud Through Open, Multi-Vendor Virtual Compute Blocks
Brocade and Its Partners Help Customers Build the Next Generation of Distributed and Virtualized Data Centers in a Simple, Evolutionary Way
LAS VEGAS, NV-- (MARKET WIRE) --08/30/11--(VMworld 2011) --Today at VMworld,Brocade(NASDAQ: BRCD), the leader infabric-baseddata center architectures, today announced significant advancements to the Brocade®CloudPlex™ architecturewith new Brocade Virtual Compute Blocks. These bundled solutions consist of integrated, tested and validated multi-vendor server, virtualization, networking and storage resources. Demonstrating substantial partner traction, the new solutions are available today, delivered and supported in collaboration with a wide range of alliance partners, includingDell, EMC, Fujitsu,Hitachi Data Systemsand VMware.
This open approach is an underlying tenet of the Brocade CloudPlex architecture, which was announced inMay 2011. The open, extensible framework is designed to help customers build the next generation of distributed and virtualized data centers in a simple, evolutionary way that preserves their ability to dictate all aspects of the migration. It is the foundation for integrated compute blocks and it supports existing multi-vendor infrastructure to unify customers' assets into a single compute and storage domain.
"Organizations are seeking to maximize the benefits of cloud computing through more efficient infrastructure procurement, pre-integrated components, faster support response, and greater choice in best-in-class products to meet specific business needs," saidJohn McHugh, CMO of Brocade. "Brocade Virtual Compute Blocks leverage our Ethernet fabrics and industry-leading Fibre Channel SAN fabrics to allow our partners to create integrated stacks that optimize cost effectiveness, flexibility and performance. Because these solutions are open, they allow our customers to scale components independently and better utilize legacy infrastructures."
According to IDC research, "As organizations move to create a dynamic data center enabled by virtualization, they are moving to architectures where server, storage, and network assets are in tighter alignment into converged infrastructures. IDC defines a converged infrastructure as one in which the server, storage, and network infrastructure resources are treated as pools to be assigned as needed to business services... The top benefits organizations achieve by implementing a converged infrastructure are cost savings, simplified management, better availability, increased flexibility, and higher utilization."(1)
Brocade Virtual Compute Block Partner Solutions Brocade Virtual Compute Block solutions include hypervisor software integrated with servers, storage and Brocade fabric networking products in bundled, pre-racked and pre-tested configurations enriched by technology from Dell, EMC, Fujitsu,Hitachi Data Systemsand VMware.
Dell Brocade and Dell have partnered to develop a reference architecture that includes Dell Compellent Fibre Channel storage, Dell PowerEdge servers, Brocade data center and SAN switches and the VMware hypervisor, which is being shown at the Brocade VMworld booth.
"Our reference architecture developed with Brocade demonstrates Dell Compellent's commitment to provide open, cloud-optimized solutions for our customers' increasingly dynamic requirements in Fibre Channel environments," saidPhil Soran, president of Dell Compellent. "Enterprises that deploy this reference architecture benefit from the ability to scale virtualization with their business requirements while deploying industry-leading storage from Dell Compellent and Fibre Channel networking solutions from Brocade."
EMC EMC and Brocade have joined forces with several partners to deliver Virtual Compute Blocks, which combine VMware virtualization software and management tools, EMC® VNXe™ unified storage, servers and integrated Brocade Fibre Channel and Ethernet fabric networking technologies. EMC and Brocade are now working with Arrow, Tech Data, First Distribution and Acao to deliver Virtual Compute Blocks in the U.S., and in parts ofEurope,Africa, andSouth America. These integrated, easy-to-install solutions enable EMC customers to quickly deploy private and hybrid cloud infrastructures, which provide data center consolidation, availability, scalability and automation.
"Our integration work with Brocade is a key enabler for our resellers in providing simplified deployment of Virtual Compute Blocks and further demonstrates our commitment to delivering cloud infrastructure solutions for our mutual customers that help transform data centers into highly efficient and agile environments," saidJosh Kahn, vice president of Solutions Marketing at EMC.
Fujitsu Fujitsu and Brocade have partnered to create solutions supporting Fujitsu's Dynamic Infrastructures architecture, which will help enterprises boost business agility, efficiency and IT economics. These are designed for data centers of the future, delivering powerful automated pools of computing resources made up of server, storage, network and virtualization technology.
"Fabric-based networks are an important requirement to successful deployments of solutions that will enable our customers to accelerate their cloud-based IT initiatives," saidJens-Peter Seick, senior vice president of theProduct Development GroupatFujitsu Technology Solutions. "We are pleased to add Brocade Ethernet fabric technologies to our portfolio, which enhances the long-term partnership we have had in deploying SANs for our customers' virtualized environments."
Hitachi Data Systems Hitachiconverged data center solutionscombine storage, compute and networking, with software management, automation and optimization to automate, accelerate and simplify cloud adoption. As a key networking partner, Brocade provides networking solutions for Hitachi converged data center solutions, including Ethernet switch, Fibre Channel fabric data center switches, and Fibre Channel switch modules for the Hitachi Compute Blade family. Solutions include:
Hitachi solutions built on Microsoft Hyper-V Cloud Fast Track: A combination of Hitachi storage and compute, with Brocade networking and Microsoft Windows Server 2008 R2 with Hyper-V andSystem Centerfor high-performance private cloud infrastructures and an avenue for further automation and orchestration.
Hitachi Unified Compute Platform: An open and converged platform that provides orchestration and management within the portfolio of Hitachi converged solutions for automated dynamic management of servers, storage and networking to create business resource pools from a simple, yet comprehensive interface.
Hitachi Converged Platform for Microsoft Exchange 2010: The first in a portfolio of pre-tested application-specific converged solutions, engineered for rapid deployment and tightly integrated with Exchange 2010's powerful new features for resilience, predictable performance and seamless scalability.
"HDS and Brocade have partnered to deliver tested and proven solutions with tightly integrated storage, compute and networking products that allow our mutual customers to benefit from Ethernet switch and Fibre Channel fabric technologies to create flexible cloud-based infrastructures," saidAsim Zaheer, vice president of Corporate and Product Marketing atHitachi Data Systems. "Through quicker deployment, automation and scalability, Hitachi converged data center solutions help organizations adopt cloud at their own pace and see predictable results and faster time to value."
VMware VMware and Brocade have developed a reference architecture solution that enables organizations to create a scalable virtual desktop infrastructure (VDI) environment.
The VMware/Brocade VDI reference architecture,VMware View™, combines Brocade VDX data center switches and converged network adapters, Intel x-86-based rack servers, iSCSI-based storage and TrendMicro security software.
Benefits of the VMware/Brocade VDI solution include best-in-class performance and scalability, enhanced security, ease-of-migration and lower total cost of ownership.
"VMware and Brocade have collaborated on a joint VDI solution that addresses our customers' needs to improve business productivity though increased performance, secured client access and elimination of business disruptions," saidVittorio Viarengo, vice president of End-User Computing at VMware. "IT organizations can utilize our reference architecture to deploy a quick-start configuration within their data center or at remote locations. In addition, it can be used as a test or development platform for businesses eager to gain the benefits and advantages of virtualizing user desktops."
Avnet Virtual Compute Block Solutions Separately today at VMworld, Brocade and Avnet announced the joint development of marketing and enablement support for a new set of multi-vendor, pre-tested and configured virtualization solutions. The first of these is a reference architecture and validated solution designed to cost effectively scale virtual desktop infrastructure (VDI) environments to support thousands of clients (or desktops) per solution bundle. The VDI bundle will help Avnet reseller partners design and deploy open, efficient and scalable virtualization solutions for their end customers by incorporating Brocade and VMware networking and hypervisor technologies in conjunction with a variety of compute and storage platforms.
About Brocade Brocade (NASDAQ: BRCD) networking solutions help the world's leading organizations transition smoothly to a world where applications and information reside anywhere. (www.brocade.com)
Brocade, the B-wing symbol, DCX, Fabric OS, andSAN Healthare registered trademarks, and Brocade Assurance,Brocade NET Health, Brocade One, CloudPlex, MLX, VCS, VDX, and When the Mission Is Critical, the Network Is Brocade are trademarks of Brocade Communications Systems, Inc., inthe United Statesand/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners.
VMware, VMware View and VMworld are registered trademarks and/or trademarks of VMware, Inc. inthe United Statesand/or other jurisdictions. The use of the word "partner" or "partnership" does not imply a legal partnership relationship between VMware and any other company.
Leading Fuel Card Provider Values Brocade Market Leadership, Reliability and Network Security
SAN JOSE, CA -- (MARKET WIRE) -- 07/19/11 --
Brocade (NASDAQ: BRCD) today announced that FleetCor,
a leading independent global provider of specialized payment products
and services to businesses, commercial fleets, major oil companies,
petroleum marketers and government fleets, has selected Brocade as the
vendor to build its cloud-optimized
network. This new network enhances FleetCor's ability to securely
process millions of transactions monthly and ultimately better serve its
commercial accounts in 18 countries in North America, Europe, Africa and Asia.
Millions of commercial payment cards are in the hands of FleetCor
cardholders worldwide, and they are used to purchase billions of gallons
of fuel per year. Given this volume of network-based transactions, network reliability, scalability and security were critical factors for FleetCor to consider in its selection process to maintain superior customer satisfaction.
In addition, FleetCor selected Brocade as its networking expert to help
evolve its data center and IT operations into a more agile private cloud
infrastructure. Brocade® cloud-optimized networks
are designed to reduce network complexity while increasing performance
and reliability. Brocade solutions for private cloud networking are
purpose-built to support highly virtualized data centers.
"When we evaluated networking vendors to build our private cloud, we
looked at market leadership and non-stop access to critical data," said
Waddaah Keirbeck, senior vice president global IT, FleetCor. "Brocade
cloud-optimized networking solutions are perfect for our data centers
because they allow us to optimize applications faster, virtually
eliminate downtime and help us meet service level agreements for our
customers. Moving to a cloud-based model also provides us the
flexibility to make adjustments on the fly and access secure information
virtually anywhere and anytime."
FleetCor installed a Brocade MLXe router for each of its three data
centers, citing scalability as a major driver for the purchase. This
approach enables FleetCor to virtualize its geographically distributed
data centers and leverage the equipment it already has, at the highest
level, to achieve maximum return on investment. The Brocade MLXe
provides additional benefits for FleetCor by using less power and has a
smaller footprint than competitive routers; critical in power-and
space-constrained locations in order to allow for growth. The Brocade
MLXe also enables continuous business operation for FleetCor based on
Multi-Chassis Trunking, massive scalability supporting highest 100 GbE
density in the industry with no performance degradation for advanced
features like IPv6 and flexible chassis options to meet network and
The Brocade ServerIron ADX
Series of high-performance application delivery switches provides
FleetCor with a broad range of application optimization functions to
help ensure the reliable delivery of critical applications.
Purpose-built for large-scale, low-latency environments, these switches
accelerate application performance, load-balance high volumes of data
and improve application availability while making the most efficient use
of the company's existing infrastructure. It also delivers dynamic
application provisioning and de-provisioning for FleetCor's highly
virtualized data center, enables seamless migration and translation to
IPv6 with unmatched performance.
As an added benefit for its bottom line, through the use of Brocade ADX Series switches and Brocade MLX™ Series routers
FleetCor has eliminated thousands of costly networking cables, saving
it hundreds of thousands of dollars and allowing the company to segment,
streamline and secure its network. FleetCor has also been able to
easily integrate Brocade network technology with third-party offerings
already installed in the network, for complete investment protection.
FleetCor anticipates moving to 10 Gigabit Ethernet (GbE) solutions for
its backbone switch in the near future.
"We wanted a dependable, secure, redundant, 24 by 7 backbone switch in
each of our data centers to help us leverage the benefits of cloud
computing and the Brocade MLXe delivered on all fronts," said Keirbeck.
"By virtualizing our data center, Brocade allows for non-stop access to
the mission-critical data that FleetCor and its customers rely on every
day. We chose the Brocade MLXe because of the tremendous results we
already saw from our existing Brocade solutions and the exceptional
support and service."
According to a report from analyst firm Gartner, "Although 'economic
affordability' is an immediate, attractive benefit, the biggest
advantages (of cloud services) result from characteristics such as
built-in elasticity and scalability, reduced barriers to entry,
flexibility in service provisioning and agility in contracting."(1)
United States Army Advances Ethernet Infrastructure to Optimize Applications and Deliver Mission-Critical Military Information
Brocade Improves Business Continuity With Non-Stop Networking and Maximum Performance
SAN JOSE, CA -- (MARKET WIRE) -- 06/01/11 --
Brocade (NASDAQ: BRCD) today announced it is working with the United States Army as part of the Installation Information Infrastructure Modernization Program (I3MP) at Fort Carson
to create a highly resilient network to support advanced voice, video
and critical military applications in an effort to modernize the base's
core enterprise information infrastructure. This installation represents
one of the largest core-to-edge deployments of 100 Gigabit Ethernet (GbE)-ready routers and 10 GbE aggregation and LAN switches.
Fort Carson, winner of the Network Enterprise Center (NEC) of the Year award, is a United States Army installation located in Colorado. Its 137,000-acre facility is home to critical members of the military, including the 4th Infantry Division, the 10th Special Forces Group, the 71st Ordnance Group (EOD), the 4th Engineer Battalion, the 759th Military Police Battalion, the 10th Combat Support Hospital, the 43rd Sustainment Brigade and the 13th Air Support Operations
Squadron of the United States Air Force. Due to the
sheer number of users requiring more bandwidth to support emerging forms
of external and inter-base network communication, Fort Carson
required an infrastructure refresh that would provide scalability for
growth while simplifying the delivery of latency-sensitive voice, video
This mission-critical imperative was successfully solved by deploying 100 GbE-ready Brocade® NetIron® XMR
Multiprotocol Label Switching (MPLS) IPv6-ready core routers as the
backbone of the network. The MPLS capabilities provide superior
efficiency, Quality of Service (QoS) and reduced latency times for
critical online applications and services. As a result, Fort Carson's
personnel can minimize network bottlenecks by prioritizing their
delay-sensitive traffic over a path with minimal hops and lower
congestion -- helping boost overall productivity and expedite response
to urgent situations.
In the federal government, network manageability is a top priority for
IT managers. A challenge has been deploying scalable solutions that are
cost-effective and do not degrade or impair network performance. Through
the use of Brocade IronView® Network Manager,
customers can leverage the power of sFlow scalability and wire-speed
operation to deliver a network-wide solution for detecting and
monitoring network traffic without impacting application performance.
This is a significant advantage over alternative network management
solutions that are limited in their scope and that can impact
performance when implemented as inline appliances.
The entire Brocade network solution meets the stringent Defense Information Systems Agency
(DISA) Joint Interoperability and Test Center (JITC) requirements. DISA
JITC's mission is to support the war-fighter with direct technical
assistance and to conduct performance and interoperability testing and
certification for net-centric strategic voice, video and data networking
systems integral to the Department of Defense (DoD) Global Information Grid.
"The selection of Brocade by the United States Army's I3MP
program is a significant win for Brocade, highlighting our proven
expertise in providing high-performance, non-stop networking solutions
to government organizations worldwide," said John McHugh,
chief marketing officer, Brocade. "By meeting the I3MP network and
service requirements, Brocade is well-positioned to further extend its
market presence within the government sector as a leading networking
provider to support and optimize mission-critical applications."
About Brocade Brocade (NASDAQ: BRCD) networking solutions help the world's
leading organizations transition smoothly to a world where applications
and information reside anywhere. (www.brocade.com)
Brocade, the B-wing symbol, BigIron, DCFM, DCX, Fabric OS, FastIron, IronView, NetIron, SAN Health, ServerIron, TurboIron, and Wingspan are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, Extraordinary Networks, MyBrocade, VCS, and VDX are trademarks of Brocade Communications Systems, Inc., in the United States
and/or in other countries. Other brands, products, or service names
mentioned are or may be trademarks or service marks of their respective
In the cover story this month,
Lee Cleveland, Distinguished Engineer, Power Systems direct attach
storage, and Andy Walls, Distinguished Engineer, chief hardware
architect for DS8000 and solid-state drives (SSDs), sat down to talk
about all of the new storage technologies IBM has been releasing lately.
What I didn’t have room for in the article was a nice summary of the
technologies that can help you improve access, manage growth, protect
data, reduce costs or reduce complexity. Whatever your goals, IBM has an
integrated storage option for every organization.
Here are the quick highlights of the latest storage announcements:
IBM Storwize V7000
New advanced software functions
New easy-to-use, Web-based GUI
RAID and enclosure RAS services and diagnostics
Additional host, controller and ISV interoperability
Integration with IBM Systems Director
Enhancements to Tivoli Storage Productivity Center (TPC), FlashCopy Manager (FCM) and Tivoli Storage Manager (TSM) support
Proven IBM software functionalities
Easy Tier (dynamic HDD/SSD management)
RAID 0, 1, 5, 6, 10
Storage virtualization (local and external disks)
Non-disruptive data migration
Global and Metro Mirror
FlashCopy up to 256 copies of each volume
IBM Storwize Rapid Application Storage Solution
Runs on: AIX 7.1-5.3, IBM i 7.1-6.1 (with VIOS), Red Hat and SUSE Linux, z/VSE, Microsoft Windows, Mac OS X
ProtecTier deduplication offers 25-to-1 reduction and online backup
In June, IBM debuted ProtecTIER* deduplication solutions
for AIX* and IBM i. ProtecTIER offers solutions to those who can’t
complete backup operations in a given window, have difficulty protecting
rapidly growing amounts of data or find their current backup
With data amounts growing, deduplication is becoming a vital part of
data management, backup and recovery. “One of the reasons ProtecTIER is
so crucial is because of the crazy growth the world is experiencing as
it moves to an all-digital environment,” says Victor Nemechek,
ProtecTIER deduplication offering manager at IBM. “Customers are finding
their data often doubles or more every year and their current backup
systems make it difficult to capture that data, protect it and restore
it when they need to.”
For backups many companies use tapes that load data quickly, but
present retrieval problems. These challenges—along with reliability
problems—sent customers to disk where data was more accessible, but also
expensive. Companies used disk for small portions of their most
critical data, and kept their other data on tape. “Even with disk for
critical data, backup is still an issue because you have a primary disk
that you store your data on and you have to have that much disk to back
up to, basically doubling your disk needs, and that can be very
expensive,” Nemechek says.
“Deduplication can squeeze 25 terabytes of data down to only
1 terabyte of physical disk, so customers can have the speed and
reliability of disk but without that one-to-one cost.” —Victor Nemechek,
ProtecTIER deduplication offering manager, IBM
Cisco’s apparently going to try to simplify its sales, services and engineering organizations in the next 120 days
Faced with a nasty loss of credibility, a string of poor financial
results, shrinking market share in its core business, an unwieldy and
alienating bureaucracy blamed for the top executive exodus it been
experiencing, and a stock price that's plunged into the toilet Cisco,
once an economic bellwether, is promising to do more than simply kill
off its once-popular Flip video camcorder business and lay 550 people
off, an admission that its foray into the consumer segment had largely
It said in a press release issued Thursday morning that it's going to
a "streamlined operating model" focused on five areas, not apparently
the literally 30 different directions it's been going in although it did
say, come to think of it, something about "greater focus" so maybe it's
not really cutting back.
These focus areas are, it said, "routing, switching, and services;
collaboration; data center virtualization and cloud; video; and
architectures for business transformation."
Nobody seems to know what that last one is and the Wall Street
Journal criticized Cisco for not being able to explain in plain English
what it's doing and Barron's complained that it needed a Kremlinologist
to decrypt the jargon in the press release.
Anyway Cisco's apparently going to try to simplify its sales,
services and engineering organizations in the next 120 days or by July
31 when its next fiscal year begins. Well, maybe not everything, it
warned, but sales ought to be reorganized by then.
This streamlining seems to mean that:
Field operations will be organized into three geographic regions
for faster decision making and greater accountability: the Americas,
EMEA and Asia Pacific, Japan and Greater China still under sales chief
Services will follow key customer segments and delivery models still under its multi-tasking COO Gary Moore;
Engineering, still reporting to Moore, will now be led by
two-in-a-box Pankaj Patel and Padmasree Warrior and aside from the
company's five focus areas there will be a dedicated Emerging Business
Group under Marthin De Beer focused on "select early-phase businesses"
"with continued focus on integrating the Medianet architecture for video
across the company."
Lastly, it's going to "refine" - but apparently not dismantle its
hydra-headed, decision-inhibiting Council structure blamed for
frustrating and running off key talent - down to three "that reinforce
consistent and globally aligned customer focus and speed to market
across major areas of the business: Enterprise, Service Provider and
Emerging Countries. These councils will serve to further strengthen the
connection between strategy and execution across functional groups.
Resource allocation and profitability targets will move to the sales and
engineering leadership teams which will have accountability and direct
responsibility for business results."
It's unclear whether any of this means layoffs.
Cisco piped in a quote credited to Moore saying. "Cisco is focused on
making a series of changes throughout the next quarter and as we enter
the new fiscal year that will make it easier to work for and with Cisco,
as we focus our portfolio, simplify operations and manage expenses. Our
five company priorities are for a reason - they are the five drivers of
the future of the network, and they define what our customers know
Cisco is uniquely able to provide for their business success. The new
operating model will enable Cisco to execute on the significant market
opportunities of the network and empower our sales, service and
Load Balancers Are Dead: Time to Focus on Application Delivery 2 February 2009 Mark Fabbi Gartner RAS Core Research Note G00164098 When looking at feature requirements in front of and between server tiers, too many organizations think only about load balancing. However, the era of load balancing is long past, and organizations will be better served to focus their attention on improving the delivery of applications. Overview This research shifts the attention from basic load-balancing features to application delivery features to aid in the deployment and delivery of applications. Networking organizations are missing significant opportunities to increase application performance and user experience by ignoring this fundamental market shift. Key Findings
Enterprises are still focused on load balancing.
There is little cooperation between networking and application teams on a holistic approach for application deployment.
Properly deployed application delivery controllers can improve application performance and security, increase the efficiency of data center infrastructure, and assist the deployment of the virtualized data center.
Network architects must shift attention and resources away from Layer 3 packet delivery networks and basic load balancing to application delivery networks.
Enterprises must start building specialized expertise around application delivery
What you need to Know IT organizations that shift to application delivery will improve internal application performance that will noticeably improve business processes and productivity for key applications. For external-facing applications, end-user experience and satisfaction will improve, positively affecting the ease of doing business with supply chain partners and customers. Despite application delivery technologies being well proved, they have not yet reached a level of deployment that reflects their value to the enterprise, and too many clients do not have the right business and technology requirements on their radar. Analysis What's the Issue? Many organizations are missing out on big opportunities to improve the performance of internal processes and external service interactions by not understanding application delivery technologies. This is very obvious when considering the types of client inquiries we receive on a regular basis. In the majority of cases, clients phrase their questions to ask specifically about load balancing. In some cases, they are replacing aged server load balancers (SLBs), purchased before the advent of the advanced features now available in leading application delivery controllers (ADCs). In other cases, we get calls about application performance challenges, and, after exploring the current infrastructure, we find that these clients have modern, advanced ADCs already installed, but they haven't turned on any of the advanced features and are using new equipment, such as circa 1998 SLBs. In both cases, there is a striking lack of understanding of what ADCs can and should bring to the enterprise infrastructure. Organizations that still think of this critically important position in the data center as one that only requires load balancing are missing out on years of valuable innovation and are not taking advantage of the growing list of services that are available to increase application performance and security and to play an active role in the increasing vitalization and automation of server resources. Modern ADCs are the only devices in the data center capable of providing a real-time, pan-application view of application data flows and resource requirements. This insight will continue to drive innovation of new capabilities for distributed and vitalized applications. Why Did This Happen? The "blame" for this misunderstanding can be distributed in many ways, though it is largely history that is at fault. SLBs were created to better solve the networking problem of how to distribute requests across a group of servers responsible for delivering a specific Web application. Initially, this was done with simple round-robin DNS, but because of the limitations of this approach, function-specific load-balancing appliances appeared on the market to examine inbound application requests and to map these requests dynamically to available servers. Because this was a networking function, the responsibility landed solely in network operations and, while there were always smaller innovative players, the bulk of the early market ended up in the hands of networking vendors (largely Cisco, Nortel and Foundry [now part of Brocade]). So, a decade ago, the situation basically consisted of networking vendors selling network solutions to network staff. However, innovation continued, and the ADC market became one of the most innovative areas of enterprise networking over the past decade. Initially, this innovation focused on the inbound problem — such as the dynamic recognition of server load or failure and session persistence to ensure that online "shopping carts" weren't lost. Soon, the market started to evolve to look at other problems, such as application and server efficiency. The best example would be the adoption of SSL termination and offload. Finally, the attention turned to outbound traffic, and a series of techniques and features started appearing in the market to improve the performance of the applications being delivered across the network. Innovations migrated from a pure networking focus to infrastructure efficiencies to application performance optimization and security — from a networking product to one that touched networking, server, applications and security staff. The networking vendors that were big players when SLB was the focus, quickly became laggards in this newly emerging ADC market. Current Obstacles As the market shifts toward modern ADCs, some of the blame must rest on the shoulders of the new leaders (vendors such as F5 and Citrix NetScaler). While their products have many advanced capabilities, these vendors often undersell their products and don't do enough to clearly demonstrate their leadership and vision to sway more of the market to adopting the new features. The other challenge for vendors (and users) is that modern ADCs impact many parts of the IT organization. Finally, some blame rests with the IT organization. By maintaining siloed operational functions, it has been difficult to recognize and define requirements that fall between functional areas. Why We Need More and Why Should Enterprises Care? Not all new technologies deserve consideration for mainstream deployment. However, in this case, advanced ADCs provide capabilities to help mitigate the challenges of deploying and delivering the complex application environments of today. The past decade saw a mass migration to browser-based enterprise applications targeting business processes and user productivity as well as increasing adoption of service-oriented architectures (SOAs), Web 2.0 and now cloud computing models. These approaches tend to place increased demand on the infrastructure, because of "chatty" and complex protocols. Without providing features to mitigate latency, to reduce round trips and bandwidth, and to strengthen security, these approaches almost always lead to disappointing performance for enterprise and external users. The modern ADC provides a range of features (see Note 1) to deal with these complex environments. Beyond application performance and security, application delivery controllers can reduce the number of required servers, provide real-time control mechanisms to assist in data center virtualization, and reduce data center power and cooling requirements. ADCs also provide simplified deployment and extensibility and are now being deployed between the Web server tier and the application or services tier (for SOA) servers. Most ADCs incorporate rule-based extensibility that enables customization of the behavior of the ADC. For example, a rule might enable the ADC to examine the response portion of an e-commerce transaction to strip off all but the last four digits of credit card numbers. Organizations can use these capabilities as a simple, quick alternative to modifying Web applications. Most ADCs incorporate a programmatic interface (open APIs) that allows them to be controlled by external systems, including application servers, data center management, and provisioning applications and network/system management applications. This capability may be used for regular periodic reconfigurations (end-of-month closing) or may even be driven by external events (taking an instance of an application offline for maintenance). In some cases, the application programming interfaces link the ADC to server virtualization systems and data center provisioning frameworks in order to deliver the promise of real-time infrastructure. What Vendors Provide ADC Solutions Today? During the past five years, the innovations have largely segmented the market into vendors that understand complex application environments and the subtleties in implementations (examples would be F5, Citrix NetScaler and Radware) and those with more of a focus on static feature sets and networking. "Magic Quadrant for Application Delivery Controllers" provides a more complete analysis and view of the vendors in the market. Vendors that have more-attractive offerings will have most or all of these attributes:
A strong set of advanced platform capabilities
Customizable, extensible platforms and solutions
A vision focused on application delivery networking
Affinity to applications:
Needs to be application-fluent (that is, they need to "speak the language")
Support organizations need to "talk applications"
*What Should Enterprises Do About This?
Enterprises must start to move beyond refreshing their load-balancing footprint. The features of advanced ADCs are so compelling for those that make an effort to shift their thinking and organizational boundaries that continuing efforts on SLBs is wasting time and resources. In most cases, the incremental investment in advanced ADC platforms is easily compensated by reduced requirements for servers and bandwidth and the clear improvements in end-user experience and productivity. In addition, enterprises should:
Use the approach documented in "Five Dimensions of Network Design to Improve Performance and Save Money" to understand user demographics and productivity tools and applications. Also, part of this requirements phase should entail gaining an understanding of any shifts in application architectures and strategies. This approach provides the networking team with much greater insight into broader IT requirements.
Understand what they already have in their installed base. We find, in at least 25% of our interactions, enterprises have already purchased and installed an advanced ADC platform, but are not using it to its potential. In some cases, they already have the software installed, so two to three days of training and some internal discussions can lead to massive improvements.
Start building application delivery expertise. This skill set will be one that bridges the gaps between networking, applications, security and possibly the server. Organizations can use this function to help extend the career path and interest for high-performance individuals from groups like application performance monitoring or networking operations. Networking staff aspiring to this role must have strong application and personal communication skills to achieve the correct balance. Some organizations will find they have the genesis of these skills scattered across multiple groups. Building a cohesive home will provide immediate benefits, because the organization's barriers will be quickly eliminated.
Start thinking about ADCs as strategic platforms, and move beyond tactical deployments of SLBs. Once organizations think about application delivery as a basic infrastructure asset, the use of these tools and services (and associated benefits) will be more readily achieved.
Note: We have defined a category of advanced ADCs to distinguish their capabilities from basic, more-static function load balancers. These advanced ADCs operate on a per-transaction basis and achieve application fluency. These devices become actively involved in the delivery of the application and provide sophisticated capabilities, including:
Application layer proxy, which is often bidirectional