Integrating Virtual Network Appliances into the Infrastructure
Server virtualization is no longer a trend but rather a common deployment model adopted by the majority of IT organizations. Even so, virtualization is not without its deployment and management challenges. Many organizations still struggle to balance server workloads and maintain reliable application performance.
Because network appliances can affect both the performance of applications and traffic management, it's no surprise that network vendors have felt the pressure to develop virtualized versions of their physical appliances, from simple load balancers to advanced application delivery controllers. Virtual ADCs have typically been thought of as replacements for their physical counterparts (pADCs), and in some cases, replacement might be the appropriate solution. In other cases, however, replacement is clearly not the right strategy. To create the dynamic data centers IT organizations want, and to support the flexibility and scalability they need, architectural considerations must be taken into account. In the end, a hybrid architecture often turns out to be the best solution.
Who Stands to Benefit Most?
Let's start by looking at who can benefit from a vADC. In the enterprise data center, deploying a vADC in testing and QA environments can be of great benefit to network administrators and architects. For little cost, a vADC enables organizations to test and optimize new solutions before deploying them in production.
Ideally, it would be advantageous to make vADCs available to all teams involved in the application development lifecycle. Due to cost constraints, ADC technology has been largely unavailable to developers and architects--even when an application will ultimately be used in production with an ADC. With access to a vADC throughout the entire development process, architects and developers can include advanced ADC features such as acceleration, security, and optimization in the application delivery platform. Doing so can help foster collaboration among teams that, in the past, have often not worked together. And it can speed time to market and produce a better product that takes advantage of all the advanced features of application delivery controllers.
For similar reasons, independent software vendors can also benefit by deploying a vADC in their development environments. In particular, a vADC gives ISVs the opportunity to create new and innovative tools for managing and orchestrating both physical and virtual applications and network components--tools that are now in great demand, especially with the move toward cloud computing. Until effective management and orchestration tools exist, it's understandable that many organizations are reluctant to fully embrace virtualization and cloud computing solutions.
Many cloud providers have come to rely on physical ADCs to provide the flexibility and scalability that they require in these highly dynamic, virtualized environments. But, for cloud providers with many thousands of customers, it's critical that they be able to isolate components and application delivery policies for each customer, and that's where pADCs aren't so efficient. In such cases, a vADC can be an excellent fit because the cloud provider, rather than sharing its pADC among many customers, can instead enable customers to deploy their own vADCs, giving them control over their own application delivery policies.
To create and maintain truly dynamic data centers, enterprise IT (and cloud providers as well) must not only look at who can benefit from vADCs but also at the potential effect of vADCs on characteristics such as scalability and mobility. vADCs are often thought to be the best choice for scalability because they can be deployed more quickly than pADCs and they are far less costly. But to assume that quick deployment makes vADCs less disruptive in the infrastructure is a mistake. Each is disruptive in its own way; pADCs for the obvious reasons of having to procure, install, configuration, and integrate a new device in the existing infrastructure. vADCs, on the other hand, can be disruptive because of their potential to degrade performance and application availability. One reason is that vADCs run on commodity hardware, so they can't take advantage of the specialized, optimized hardware typical of pADCs. For this reason, a vADC will never be able to achieve the same performance levels as a pADC.
Mobility is a particularly important consideration for organizations that plan to expand their operations into the cloud. Specifically, they need to consider the ease with which applications can be moved from data center to data center, and from the data center to the cloud and back again.
Organizations that rely on pADCs in their data centers will want to choose a cloud provider that does the same. But this, again, is where a vADC can be extremely applicable, if the application can be bundled with the vADC. In that case, it's far easier and more reassuring to move an application into the cloud knowing that all the configurations and policies associated with the application will move with it.
Virtual network appliances have the potential to offer significant cost savings and new kinds of flexibility for IT organizations, but they also present more architectural challenges than do virtualized servers. If you're still uncertain about how best to deploy a hybrid application delivery network, deploy pADCs at key aggregation points in the infrastructure to get the benefit of server and application offloading functions (and the benefits of specialized, optimized hardware) that pADCs provide. Use pADCs to support application workloads that require high throughput, and for complex deployments that require advanced ADC functions like application security, acceleration, and access control.
vADCs are preferred for lab and QA environments, for example, when workloads require compute intensive processing. In these cases, deploy vADCs in a tier behind the pADCs that handle the server offloading functions. In the application development lifecycle, a vADC can help to enable quicker development, yield a better integrated product, reduce time to market, and encourage teamwork among network, security, and application development groups.
Posted by Karl Triebes on 10/05/2010 at 12:47 PM