application delivery 2 0

.

Application Delivery 2.0

Virtualization and Cloud Change Everything

Jim Metzler

Jim@ashtonmetzler.com

.

Goals of the Presentation:Describe the factors that currently impact application delivery

Describe how factors such as virtualization and cloud computing are dramatically impacting application delivery

Highlight Interop sessions that provide greater detail

Non-Goals:Read every bullet on every slide

Goals and Non-Goals

2

.

•Application Delivery 1.0•Application Delivery 2.0•Summary & Call to Action

Agenda

.

The Goals of Application Delivery

Ensure that the applications that an organization utilizes:

Are cost effectiveHave appropriate security protectionAre manageableExhibit acceptable performance

.

Factors That Make Application Delivery Difficult Today

•Consolidation of IT resources•Distribution of employees•Deployment of protocols & applications:

Chatty; e.g., CIFS Computationally intense; e.g., SSL*Delay sensitive; e.g. VoIP

•The prevalence of hacking*A Comparison of ADCs, Wed. 2:00 to 3:00

.

Factors That Make Application Delivery Difficult Today

•Applications have different characteristics

•Lack of visibility•Stovepipes & MTTI•Complexity n-tier applications

.

Traditional Complex N-Tier IT Environment

7

End Users Application Servers

Web Servers

Database Servers

DatabaseServers

ApplicationServers

Web ServersADCWANLANEnd Users

ADC refers to an Application Delivery Controller

.

Application and Infrastructure Complexity Increases The

•Probability of a performance problem•Time to identify the root cause of performance problems

•Probability of a security intrusion•Difficulty of real-time tracking of routing and traffic flow changes*

*Breakthrough Network Technologies, Wed. 11:30 to 12:30

.

•Application Delivery 1.0•Application Delivery 2.0:

A New Generation of Challenges & Solutions

•Summary & Call to Action

Agenda

.

Drivers of Application Delivery 2.0

•Focus on SLAs•Mobility•Technology & Vendor Convergence

•Security•Virtualization•Cloud Computing

.

Internal SLAs for Applications

• SLAs for a handful of key applications• Usually weak & difficult to manage• Map the business critical applications to the relevant

IT components.• Quantify how the infrastructure impacts the

applications.• Employ predictive and proactive monitoring.• Implement rapid root cause analysis

capabilities.

.

Drivers of Application Delivery 2.0

•Focus on SLAs•Mobility•Technology & Vendor Convergence

•Security•Virtualization•Cloud Computing

.

Mobility

•Natural extension of the movement to decentralize employees.

•Expected to have 1 billion mobile workers by 2011

•Many are running delay sensitive, business applications

•One challenge: wireless packet loss

.

MSS: Maximum Segment Size

RTT: Round Trip Time

P: Packet Loss

! Goodput decreases as round trip time and packet loss increases !

1: The Macroscopic behavior of TCP congestion avoidance algorithms by Mathis, Semke, Mahdavi and Ott in Computer Communication Review, 27(3), July 1997

Maximum TCP Throughput on a Single Session1

.

0 .0

1 0 .0

2 0 .0

3 0 .0

4 0 .0

0.010

%0.0

20%

0.050

%0.1

00%

0.200

%0.5

00%

1.000

%2.0

00%

5.000

%10

.000%

P a c k e t Lo s s P r o ba b ility

Max

Thr

uput

(Mbp

s)

1 0 0 m s

5 0 m s

1 0 m s

Impact of Packet Loss on Goodput: MSS = 1,420 bytes

.

Drivers of Application Delivery 2.0

•Focus on SLAs•Mobility•Technology & Vendor Convergence

•Security•Virtualization•Cloud Computing

.

Technology & Vendor Convergence

•Avaya vs. Cisco and now Microsoft•Fibre channel over Ethernet*•Switching and Servers*

Pros: Potential for greater efficiencyCons: Management, single vendor, embryonic technology, organizational impact

*Why Networking Must Fundamentally Change (Tuesday, 2:45 to 5:00); Breakthrough Network Technologies (Wednesday, 11:30 to 12:30)

.

Drivers of Application Delivery 2.0

•Focus on SLAs•Mobility•Technology & Vendor Convergence

•Security •Virtualization•Cloud Computing

.

Computer Crime: More Organized and More Sophisticated

• In 2009 the top DDoS attack was 49 Gbps.• Global damage from data loss exceeds $1

trillion.• Credit card fraud is now a “cash cow” and

cyber criminals are now focusing on intellectual property..

• Malware writers now have R&D departments and test labs.

.

Computer Crime: More Organized and More Sophisticated

• A black market has evolved:Botnets are available for rentMalware authors sell their code and provide support.

• Session: Optimizing the Performance of Cloud Computing

.

Drivers of Application Delivery 2.0

•Focus on SLAs•Mobility•Technology & Vendor Convergence

•Security •Virtualization•Cloud Computing

.

Virtualization Defined

• Virtualization typically involves a logical abstraction of physical systems.

• Sometimes virtualization allows one of the following:

A single physical system to be partitioned to appear as multiple independent logical systems.Multiple physical systems to appear as single logical system

.

What is Being Virtualized

•Servers•Storage•Desktops•Applications•WANs•LANs•…….

•I/O•Switches•Routers•Firewalls•WOCs•ADCs•…….

.

Virtual Appliances*

•A Virtual Appliance (VA) is based on network appliance software, together with its operating system.

•A VA often runs in a virtual machine (VM) over the hypervisor in a virtualized server.

•A VA can include WOCs, ADCs, firewalls, routers, switches and performance monitoring solutions among others.

*Tuesday, 11:30 to 12:30, “The Emergence of Virtualized Application Delivery Appliances”

.

Virtual Desktops

•A VM on a data center server hosts a complete user desktop.

•The enterprise desktop is isolated from whatever else is running on the PC.

•Client-side virtualization – applications are delivered to the end system, often using a protocol such as CIFS.

•Server-side virtualization – the application and the data remain at the central side and are accessed using protocols such as Microsoft’s Remote Desktop Protocol (RDP), Citrix’s ICA, and/or Teradici’s PCoIP.

.

The Challenges of Virtual Desktops*

•An increased focus on the data center.•Virtual desktop systems need to be tightly integrated with

policy management systems and user authorization. •Delivering acceptable application performance to the

virtual desktop over the WAN. •The inefficiencies associated with LAN-centric remote

display protocols, such as RDP, ICA and PCoIP.*Thursday, 9:00 to 10:00, “What Virtualization Means to the

Branch Office”

.

.

Virtual Servers

VM Monitor/Hypervisor

VirtualMachine 1

VirtualMachine N

Guest OS 1 Guest OS N

Physical Machine

Application1

ApplicationN

…

.

Layer 2 Support for VM Migration*

•Source and destination servers have to be on the same:

VM migration VLANVM management VLANData VLAN.

•VMotion requires 622 Mbps/1 Gbps of WAN/LAN bandwidth and no more than 5 ms of roundtrip delay

* Why Networking Must Fundamentally Change (Tuesday, 2:45 to 5:00); Breakthrough Network Technologies (Wednesday, 11:30 to 12:30)

.

5 ms is Not Much Time

•Speed of light in a vacuum: 186,000 mph•Speed of light in copper/fiber: 120,000 mph

•In 5 ms, light travels 600 miles•Hence, the data centers can be 300 miles apart if……………

.

Layer 3 Support for VM Migration

•If user traffic to the VM transits a Layer 3 network, then granular routes need to be advertised by the destination data center.

•The IP addresses of the default gateways of the data subnets in the primary and secondary data centers need to be identical.

.

Layer 3 Support for VM Migration

•If remote clients are accessing a VM that is front ended by a load balancer, DNS has to return the virtual IP address of the load balancer where the VM is moved to.

•The configurations of the DHCP server, DNS server, load balancer and virtual server management systems must be synchronized.

.

Dynamic Infrastructure Management

•Where DNS, DHCP and IPAM share a common database:

Automatically generate addresses for new VMsAutomatic allocation of subnets for new VLANsPopulation of an IP address database with detailed information about the current location and security profiles of VMs

.

Restrictive Topologies

Scale Up

Subnet

A

Subnet

B

Low throughputHigh latency

Core L3Switches

Edge L2Switches

TOR L2Switches

ServerRacks

• Traditional L2/L3 protocols (spanning tree,..) pick only one path between any two endpoints leading to low and uneven link utilizations

• VM live migration from one VLAN/subnet to another encounters higher latency and lower link throughput

.

Traditional Control Plane

•Traditional L2/L3 networks integrate control plane into hardware => lack of control over how the data center network routes traffic

•Trend to move this control into the operator’s hands via policy based routing

•Similar to what happened in the compute and storage substrates, the network substrate may eventually get commoditized and virtualized

.

Distributed Virtual Switching (DVS)

•First generation of virtualized server came with a vSwitch.

•It have an integrated data and control plane integrated in software.

•With DVS the data and control planes are separate.

•The data plane of multiple vSwitch can be controlled by an external management system that integrates the control plane.

.

Advantages of DVS

•Can have consistent networking feature set and provisioning process from core to VM.

•Enables the network organization to manage the vSwitches.

•Can provide visibility into inter-VM traffic.

•Makes it easier to transfer QoS and switch resident policies as part of VM migration.

.

Other Management Challenges with Server Virtualization*

•VM sprawl•The automatic creation and/or movement of a VM requires ensuring the VM has the appropriate security, storage access, and QoS configurations and policies applied.

•Loss of insight into inter-VM traffic•Perform management tasks such as discovery and troubleshooting on a per VM basis.

*On Wednesday, the virtualization track focuses on management

.

Virtual Data Center: Now The ADC Each Server is on a VM

38

End Users Application Servers

Web Servers

Database Servers

DatabaseServers

ApplicationServers

Web ServersADCWANLANEnd Users

.

Application Delivery 2.0 Troubleshooting

•The application sporadically exhibits poor performance

•Because they have no inter-VM visibility, it takes a while to realize that the application server sporadically performs badly.

•That, however, is not the root cause!!

.

Drivers of Application Delivery 2.0

•Focus on SLAs•Mobility•Technology & Vendor Convergence

•Security •Virtualization•Cloud Computing

.

So, what is cloud computing?

Definition: Depends upon who you talk to.Goal: An order of magnitude improvement in the cost-effective, elastic provisioning of IT services – which are good enough.

.

Why Care About Cloud Computing?

Geir Ramleth, CIO of Bechtel, benchmarked his company:

The price that Amazon charges for storage is one fortieth his internal costHe estimated that YouTube spends between $10 and $15 per megabit/second of WAN bandwidth. He spends $500.

.

Cloud: A Lot of Things Old

•Time sharing•Virtualized computers•Out-tasking•Renting applications

.

Cloud: A Few Things New

•On demand provisioning of IT resources

•Dynamic Movement of Virtual Machines

•New implementation models

.

Key Characteristics of a Cloud Computing Solution

•Centralization of IT resources•Virtualization of IT resources• Automation of IT processes• Simplification of IT services• Increased reliance on the WAN/Internet•Continued technology convergence

.

Silly Things That Get Said About Cloud Computing

•Providing IT is like providing electricity•A ‘pay as you go’ approach saves you money•You know, it is like Salesforce.com•You will always save a lot of money•You no longer need to know how services are provided

•It is a fundamentally new approach to IT

.

Classes of Cloud Computing

PublicSoftware as a Service (SaaS)Infrastructure as a Service (IaaS)Platform as a Service (PaaS)

PrivateHybrid

.

Private Cloud Computing

•IT organizations using the same techniques in their environment as do cloud computing service providers.

•Some purists consider this to be an oxymoron.

.

Hybrid Cloud Computing

•A variety of possible models:Run an application internally and then rent excess capacity during peak times.Run some applications entirely internally and access some others from one or more SaaS providers.Implement the web tier of an application using a cloud computing service provider and keep the application and database tiers internal.

.

Challenges of Public Cloud Computing

•Loss of control•Sensitive data in the hands of 3rd parties•Performance issues•Management challenges•Less customization•Interoperability issues

.

Challenges of Private Cloud Computing

•Investment in emerging technologies•Significant management challenges•Possible vendor consolidation•Less customization•May result in performance issues

.

Now Each Server is a VM in Different Organizational Environments

52

End Users Application Servers

Web Servers

Database Servers

DatabaseServers

ApplicationServers

Web ServersADCWANLANEnd Users

.

Managing The Virtualized Hybrid Cloud*

•Enterprise manages the wired and wireless LANs & branch office servers.

•The WAN is MPLS from one provider and Internet access from multiple providers.

•Internet access is both wired and wireless.•Third party hosts the web access tier in virtualized servers in

multiple data centers.•Enterprise hosts the application and database servers in

virtualized servers in their primary data center.

*Wednesday, 3:15 to 4:15, “Optimizing the Performance of Cloud Computing”; Thursday, 10:15 to 11:15, “How to Manage in a Public Cloud Computing Environment”

.

•Application Delivery 1.0•Application Delivery 2.0: •Summary & Call to Action

Agenda

.

Summary

•Ensuring acceptable application delivery is challenging today.

•Virtualization and cloud will dramatically impact application delivery.

Virtualization comes at a costThe biggest risks associated with cloud accrue to those who do nothing.

•IT organizations MUST prepare for the challenges & solutions associated with Application Delivery 2.0.

.

Application Delivery 2.0: Planning

• Plan for virtualization holistically• Identify what you will provide yourself and what

will be provided by a third party• Perform due diligence on potential third parties• Simplify the services and applications you provide• Standardize the infrastructure• Converge technologies where appropriate

.

Application Delivery 2.0:Management

•Develop an overall management plan•Manage over multiple technology domains•Focus management tasks at the VM level•Automate processes such as change and configuration management

•Tightly integrate DNS, DHCP, IPAM•Evaluate how service providers manage their services end-to-end

.

Application Delivery 2.0: Control

• Implement distributed security functionality• Ensure that business managers do not bypass IT• Guarantee that you can:

Control where your data is storedPass compliance auditsGet your data back whenever you want it

• Ensure that any third party provider will:Keep your data safe from security intrusionsHave adequate disaster recovery capabilities

.

Application Delivery 2.0: Acceleration & Optimization

•Resigned data center LAN – how will you support virtual servers?

•Is the network “good enough”? •Increased use of ADCs, WOCs – some of which are virtualized

•Increased use of Application Delivery Services –for performance and distributed security

•More distributed access to the Internet

.

References

The 2009 Application Delivery Handbookhttp://webtorials.com/abstracts/2009-Application-Delivery-Handbook.htm

A Guide to Understanding Cloud Computinghttp://www.webtorials.com/content/2009/11/a-guide-for-understanding-cloud-computing.html

Cloud Computing: A Guide to Risk Mitigationhttp://www.webtorials.com/content/2009/12/cloud-computing-a-reality-check-guide-to-risk-mitigation.html

The Challenges of Managing Virtualized Server Environmentshttp://www.ashtonmetzler.com/

.

Thank you.

61