- Hayato Koeda, Asia Pacific Japan Vice President, A10 Networks
The modern data center is undergoing a transformation, primarily driven by the rapid adoption of cloud and mobile computing technologies. Enterprises and service providers are experiencing rapid growth of data center traffic, which demands high-performance, scalable and efficient data center infrastructure. To keep up with the data traffic growth, application networking technologies have evolved significantly to deliver capabilities that improve the performance and security of data center architectures. In fact, conventional, simple load balancers began to incorporate features like acceleration, caching and compression, and along with the emergence of a new category called application delivery controllers (ADCs), they have become an essential part of application deployments, improving application scale and performance and maximizing uptime.
The best ADCs are capable of delivering extremely high scalability, advanced networking features, flexible deployment options and low total cost of ownership. The top ten qualities of an optimum ADC are as follows:
1. Operating system performance and scalability
The recent explosion of data traffic growth requires application networking systems to be able to handle increasingly high rates of application-layer traffic, so the software, particularly the OS in an ADC has to be able to handle that. So look for an ADC with a multi-core CPU, high-speed, shared memory architecture, along with an OS that can utilize it efficiently and minimizes bottlenecks.
2. High SSL performance
Increasing the security strength calls for an exponential increase in CPU power, especially during setup of a secure connection. Therefore, offloading the SSL tasks to an ADC is a good strategy. Centralizing SSL (Secure Sockets Layer) certificate management on ADCs reduces human operational errors and lowers administration costs compared to managing SSL certificates on each server. It also relieves backend servers from CPU-intensive tasks of encrypting and decrypting traffic, significantly reducing server hardware demands and subsequently the required number of servers. An ADC capable of delivering fast SSL performance therefore is essential. So look for appliances that can easily handle SSL traffic encrypted with 1024-bit and 2048-bit keys and also meet the requirement of future upgrade to 4096-bit keys.
3. Advanced application delivery and security features
Some other features to look for in an ADC include server and global server load balancing, application delivery partitions for multi-tenancy with virtualization, web application firewall, DNS Application Firewall, application authentication, DDoS protection, authentication, and
SSL Intercept.
4. All-inclusive licensing
Beware of ADCs that require a license to unlock functionality. Instead, seek one that will enable all features without having to be unlocked first, and allows instant deployment of new features. So if an additional appliance needs to be brought online at once to replace or supplement the current appliance, a license mismatch can force all units to default to a lower capability level or even fail altogether. No harried IT professional needs another license quagmire to navigate, especially while battling a network outage.
5. DDoS protection
With many DDoS attacks exceeding 100 Gbps, a DDoS solution must support high connection processing rates. The best-performing ADCs therefore will have the capability to do that.
6. Cloud services architecture
As businesses turn to cloud computing to lower costs and accelerate application deployment, their networks need to be robust and flexible to match rising user demands. Cloud data center operators should look for an ADC that encompasses the following features to enable new cloud service architectures:
• An appliance that performs a variety of resource-intensive functions, including encapsulation/decapsulation, SSL offload and DDoS mitigation.
• Distributed service scale-out down to the host and/or tenant.
• Pay-as-you-go licensing that allows cloud data center operators to offer a variety of subscription-based L4-7 network services to their customers.
• SDN and network virtualization platform integration with leading data center solution providers, including Cisco APIC, IBM SDN-VE, Microsoft Windows Server Hyper-V Network Virtualization, and VMware NSX.
• Cloud orchestration integrations with leading orchestration platforms like OpenStack and Microsoft Systems Center Virtual Machine Manager.
7. Hardware vs Software based ADCs
Hardware appliances are often a preferred choice due to their high performance and long-lasting components. Some key features to look for in one include:
• High density port options to integrate smoothly in 100 Gbps data center networks, no inaccessible moving parts and compact form factors.
• FTA technology for scalable flow distribution and high-performance DDoS protection.
• Dedicated security processors for high SSL throughput.
8. Virtualization and flexible form factor choice
In order to create a next generation data center to meet all IT consumption models, today’s networks require virtualization for device consolidation and agility. So an ADC should deliver a comprehensive solution for virtualized data centers. This includes the need for virtualized ADC solutions with a common user interface among all form factors available, and support for leading hypervisors, cloud solutions, virtualized hardware solutions and virtual clustering. So in software appliances, look for support for all major hypervisors including VMware ESXi, Microsoft Hyper-V, KVM and XenServer, in addition to cloud services like Amazon Web Services, EC2 and VPC. While on the hardware side, ADC vendors also offer a selection of hypervisor-powered appliances with virtual machines for strong isolation.
9. Flexible scripting
Scripting enables flexibility for the management and for traffic transformation. Although script-based traffic management is not uncommon, it can be a missing feature in some ADCs or can be too complicated to manage. Some ADC vendors resolve this issue with scripting that is well documented and supported with an online community which includes a host of members to lend assistance and offer numerous examples. Unlike smaller vendors’ proprietary solutions, L4-L7 traffic scripting based on the industry standard TCL (Tool Command Language) enables easy migration from alternative application delivery controllers. Advanced L7 scripting can extend beyond HTTP to include DNS, RADIUS, SIP and more. Another requirement includes a flexible API, which allows custom management and third-party integration.
10. High-touch support
High-touch support and customer service must be fundamental to an ADC vendor’s core value. With field teams around the world to help locally, as well as a large technical support team, the ideal ADC vendor will deliver a fast-track to its engineers when needed. To assist global customers further, local language support must be provided. Furthermore, look for differentiated support, like getting basic scripting support as a standard part of the support itself and not as a paid consulting service.