Half of all IT workloads still run in enterprise data centers and will continue to do so through at least 2021, according to the Uptime Institute’s Annual Data Center Survey for 2019. In fact, workload demands in enterprise data centers continue to increase, which can cause performance problems as resources reach capacity. Many data center operators are also spreading workloads across multiple data centers and the cloud to improve resilience, further increasing complexity and risk.
Data center operators use application delivery controllers (ADCs) to provide consistent application services across the data center and the cloud. ADCs perform load balancing to distribute client requests across a pool of servers, maximizing performance and capacity utilization by ensuring that no one server is overloaded. ADCs also typically provide caching, compression and SSL processing to further reduce server load and increase throughput.
ADCs have traditionally been offered as appliance-based or software-based solutions. Appliance-based ADCs consist of proprietary software running on hardware with specialized processors. They require upfront capital investments and are administered manually on a box-by-box basis. Designed in the client-server era, they are unable to scale up and down elastically to meet changing workload demands. Operators tend to overprovision appliance-based ADCs so that they don’t have to wait to buy more hardware to support new applications.
Software-based ADCs are somewhat more flexible in that they typically run on commodity hardware or even in a cloud environment. However, even virtualized ADCs lack the agility, elasticity and distributed architecture needed in today’s dynamic environments. Neither software-based nor appliance-based solutions incorporate security services such as web application firewalls and distributed denial of service (DDoS) protection.
A better approach is to apply software-defined principles to ADCs, separating the control plane from the data plane. This would allow for centralized management of a distributed pool of ADCs. Load balancing functionality could be scaled up or down in response to real-time traffic, accelerating application rollouts and enabling multi-tenancy for internal groups without buying more appliances.
Policy-driven self-service could even allow for automated provisioning of application delivery services for line-of-business applications and dev/test use cases. Roll-based access control would enable internal customers to monitor their applications.
Security services such as dynamic DDoS protection, app isolation and micro-segmentation could be incorporated into the ADC software. Software-defined ADCs could also integrate with software-defined networking protocols, public cloud APIs, container orchestration platforms and DevOps tools.
Service delivery in software-defined ADC architectures is provided by a distributed data plane. The ADCs in the data plane sit in line with application traffic and continuously collect and relay application telemetry data to the controller. The software can be deployed to deliver services close to the application or even on a per-application basis. This approach also enables services for east-west traffic among applications in addition to the traditional north-south transactions between users and applications.
Advances in the processing power of x86 servers have made it possible for software-defined ADCs to provide elastic, high-performance and highly available services at a lower total cost of ownership than traditional solutions. In our next post we’ll dive deeper into software-defined ADCs and take a look at the Avi Vantage platform from Avi Networks.
Paul Zoda has a rich background in network security, cloud computing, relational databases, and telecommunications. Prior to working at Rahi Systems, Paul was the co-founder of Cyber Falcon specializing in cyber security consulting services for Fortune 100 companies. At Rahi Systems, he is currently focusing on providing comprehensive networking solutions for on-premise and cloud environments, while working with customers for network optimization, cloud computing, and network security.
Paul Zoda