The ABCs of Application Delivery Controllers

ADCs serve a new generation of business applications, with specific benefits when implemented in the cloud.

With the push in the past few years to scalable, service-oriented applications that primarily rely on Web services, we now have the ability to scale the delivery of those applications as required. This is good, because the ability of users to add more servers as applications demand them helps drive acceptance of virtualization, Web-based services and UIs. In turn, that ability is also enabling vendors to cook up new ways to deliver their applications to multiple devices, from desktops to smartphones.

When many datacenters first began delivering Web-based applications, we relied on IP load-balancers to make sure traffic was shared properly between servers. Currently, however, multiple tiers of services and increased security needs are making life more complicated. IP load-balancing systems are graduating to a new category called application delivery controllers (ADCs). ADCs load-balance incoming traffic, but also perform many other advanced functions centered on optimization, acceleration and security.

Led by the need for very large Web sites to deliver very fast service to their end users from increasingly complex back-ends, ADCs are leading a new expansion to Web-based application delivery. When a big site delivers e-commerce or is working with multimedia content, it needs to squeeze every bit of performance it can out of its platform to avoid being victimized by slow loading. In addition, real-time insight into the uptime and performance of the server farm allows the site to appear fully functional, even when there are problems on the back-end. ADCs help these deliveries by providing deep inspection of the incoming requests, enabling specialized services served by tailored farms of servers, providing tremendous performance with off-loading of encryption, and keeping availability up, no matter what the status of a specific server is.

What Does an ADC Really Get You?
When considering adding an ADC for their datacenter solutions, the question potential buyers often ask is: "Can I just do this with what I have?" The list of specific features will certainly sound familiar. For example, caching and TCP tweaking are all things that major Web servers can provide. In addition, you may already have some sort of Layer-4 load balancing in place for existing applications. So what are the compelling benefits of ADCs?

ADCs provide much more granular control over all those areas that affect performance. Additionally, they provide functionality that wouldn't be possible with just a Web farm and an IP load balancer.

For example, ADCs can maintain a pool of server links, providing ready-to-use connectivity. This is called TCP multiplexing, or TCP offloading, and isn't all that different from the concept of a database connection pool, which reduces the expense of building server connections and tearing them down multiple times during even a single page request. The performance gain is noticeable, and is certainly a timesaver when working with dynamic Web components. Some vendors estimate as much as a 66 percent performance improvement using this technology.

Application Layer-7 abilities are also baked into ADCs with HTTP-aware load balancing, which enables users to specialize their server sets by splitting their responsibilities. With this capability, the device isn't just looking forward based on IP, but is also looking deep into the HTTP request to understand what content is being requested and where to find it. With today's dynamic applications stitched together from many specialized server sources, Layer-7 inspection and direction is currently the most sought-after feature of ADCs.

Security has moved to the forefront of Web-based applications, and fully encrypted SSL connections are becoming the norm for many applications that hold sensitive data. Offloading SSL is nothing new, but the increased use of encryption is putting a strain on some servers, especially those that run in virtualized environments. ADCs are providing performance gains for lots of fully encrypted traffic. By acting as the proxy for SSL traffic, ADCs apply specialized hardware to encryption/decryption computations, which is much more efficient than dedicating the general-purpose CPU of a Web server to this function.

There's also the possibility that users can be greener with their ADCs. For example, SSL encryption offloading could save you up to 60 percent CPU utilization on your Web servers, as shown in research by F5 Networks Inc. With this kind of efficiency, you may be able to actually shut down some servers in your Web farm. If you're dealing with a big number -- say hundreds of servers -- this could represent a significant savings in datacenter power consumption and cooling.

As datacenter consolidation eliminates more and more servers, network performance is becoming a factor at many companies. Browser-based applications used to take a backseat to fat-client application performance, but now critical applications live in the browser. This means we have to think about HTTP performance in the same way as a commercial Web site like HTTP compression and caching is critical to making remote Web applications perform like local clients applications. ADCs are designed to cache the static content portions of Web sites so those back-end servers can serve up dynamic content. The expectation of users that their Web pages be usable within a couple seconds also holds true at sites such as Google and Facebook.

In addition, the compression of various Web parts can provide multiples of increased load time improvement. This is of particular importance to internally built applications, where developers may not think about performance the way a commercial Web site developer would. Allowing an ADC to handle compression rather than dealing with large graphics on a main page can help self-regulate the performance of application delivery. It can also help tremendously in bandwidth-challenged locations, where compression can make an application usable without a large amount of manual tweaking to the code or images. There are also Web server CPU savings to consider, as offloaded compression can increase CPU utilization by as much as 30 percent in some cases.

Who Are the Players?
The major vendors offering ADCs are no doubt familiar. Cisco Systems Inc. and Brocade Communications Systems Inc., two big networking firms with a presence in most datacenters, are on the bandwagon -- but the surprise gainer currently is F5, which is riding the wave of increasing market share with its BIG-IP line of ADCs. Citrix Systems Inc. is also offering ADCs, especially for use with its own virtualization offerings. Radware Ltd., Zeus Technology Ltd., A10 Networks Inc., Array Networks Inc., Barracuda Networks Inc. and Crescendo Networks Ltd. round out the big players in the ADC market.

What differentiates these vendors? Implementation is the key. They all provide similar operations and features, but the compatibility of the implementation with your particular app-delivery environment may be a crucial decision point. For example, Cisco core switches integrate well with user infrastructures, giving users enhanced network performance.

The ADC market has developed around a few different implementations, but one important distinction is that of a software ADC versus its hardware counterpart. Hardware-based ADCs are located directly in front of application servers, and directly behind firewalls. They look like many network appliances, with switch ports and a slim form factor that slides into a rack. In addition, they also include specialized hardware for accelerating SSL, among other features.

Software-based ADCs are deployed on general-purpose servers. They're less expensive than hardware versions and offer scalability through the server upgrades and additional licenses that have traditionally only been available with new hardware versions. Admins can even convert their soft ADCs into virtual machines (VMs) if they're based on a standard x86 hardware platform, thus integrating them into existing server consolidation and easing the management of another piece of hardware. However, if you're looking to offload SSL, the performance of a soft ADC will be hard-pressed to match that of dedicated hardware. Zeus is one of the leaders in software ADCs.

Virtual ADCs are an option for IT shops that have fully virtualized their applications onto VMs. They typically come in the form of VMs or virtual appliances that sit on the hypervisor host. (Citrix and Radware offer virtual ADCs.) They include the benefit of full integration with virtual switches of the hypervisor, thereby offering enhanced performance, configurability and monitoring. For example, the Citrix NetScaler VPX is a downloadable virtual appliance that includes the features of the company's NetScaler hardware appliance -- but the product runs on a standard virtual server host. VMware Inc., Microsoft and Citrix virtual hosts are all supported. Virtual ADCs are cost-effective and the integration with the virtual network is beneficial, but their appropriateness will depend on individual application needs. As with soft ADCs, offloading SSL with virtual ADCs is not as productive as doing so with hardware versions.

All these variations on the ADC theme make performance statements one way or the other, pushing out bigger numbers compared to their competitors. Performance is certainly important, but how your ADC integrates into your delivery may be the biggest decision point.

Where Do You Deploy an ADC?
In proposing ADC solutions to management, it's essential to be able to cost-justify them. What are the scenarios that will show the greatest return on investment? According to Matthias Machowinski, directing analyst for Enterprise Networks and Video at research firm Infonetics Research: "If you're in IT for a telecom company or a financials business, you're already implementing ADCs."

Machowinski goes on to explain the growing ADC market: "The general uptick in the economic recovery is feeding much of the needed upgrades to corporate datacenter functions that have been ignored due to budget cuts."

Now is a good time to review your software needs. You may have put off upgrading your financials, ERP or HR software for a few years, but those behemoths are due for a refresh, and it should be done via Web services.

Any application that relies on a Web farm of servers, has a complex back-end and conforms to the service-oriented architecture (SOA) model of services is a candidate for ADC intervention. Add to this list servers that have been consolidated and virtualized. Further add anything that must be bound to a server and may be eating CPU cycles, such as SSL, and you've pretty much covered the ADC application waterfront.

Not only are you providing scalable solutions, but you may be expanding into a more non-traditional delivery such as a co-location host or on top of cloud services. The ADC technology is also readily available to you in those arenas. Some cloud vendors are offering ADC as a Service (AaaS). This is really no different than using the ADC in your datacenter, except it's geared specifically for network OSes from cloud vendors such as Amazon Web Services LLC or Rackspace US Inc.

The benefits of ADC in the cloud are the same as they are in your datacenter. This is especially true if you're deploying internal applications via the cloud. In cases such as these, performance over the WAN becomes even more critical, and cloud ADC solutions should be a strong consideration for any scalable solutions.

A varied combination of ADC solutions is also a possibility. Cisco, F5 and Citrix all tout combined hardware/software solutions that stack virtual ADCs with their hardware counterparts. Vendors such as Zeus also integrate with some cloud solutions. Just remember that many of these vendors are big networking companies that may have more than one solution for sale. Take the complete solution under advisement, but make sure it's not overkill for your needs.

Breaking Down Old Boundaries
The old boundaries between hardware, software and networks are disappearing quickly as we move from client/server solutions to Web-services methodology. ADCs are perfect examples of hardware/software appliances that provide acceleration, uptime and security by reaching deep into applications hosted on multiple machines. This concept is common for giants like Google, but may not be familiar to every system administrator or Web developer.

Moving these common functions out of code, off servers and into common devices that front-end entire Web applications provides advantages that are becoming commonplace in some industries. Gartner Inc. expects the proliferation of ADCs to continue, with spending already increasing from $874 million in 2005 to $2.1 billion in 2010. Infonetics sees ADC implementation as a general trend, along with 10GB switches and other core-network technologies.

You should definitely be considering ADCs as critically as you're considering your next core switch or set of servers, because ADCs may be the next piece of core equipment you'll add to your datacenter.


Subscribe on YouTube