SDN and virtualization are driving a shift from hardware-based application delivery controllers toward a microservices model that enables more flexible ADC licensing options
The application delivery controller (ADC) market is ripe for disruption.
The ADC sits at a strategic place in the data center, in between the firewall and application servers, where it’s able to see, route and analyze much of the inbound and outbound traffic. Traditional ADCs were sold as all-in-one hardware appliances. However, software-defined networking and virtualization have enabled more flexible deployments of ADC functionality. At the same time, the advent of multicloud environments and microservices, such as containers, are changing the makeup of enterprise data centers.
Over time, migration to a software-defined data-center network will require the disaggregation of ADC features, increasing use of microservices-based ADC features, and more flexible licensing options.
What is the software-defined data-center network?
In software-defined networking (SDN), networking software is abstracted from networking hardware, enabling significant changes in how networks are built and operated. SDN impacts both the WAN and the data center network; in the SDDCN, adaptable network resources are deployed with compute resources such as virtual machines and containers, along with enterprise disc and flash storage, to deliver specified performance for private cloud applications. Via software abstraction, data center resources can be easily reallocated to address changing application requirements without changing the underlying physical compute, storage, or network elements.
ADC role in the SDDCN
The primary role of the ADC in the data center is as a server load balancer. In this use case, the ADC optimizes the quality of end-user experience for data center applications both internally to the organization and externally in the case of web sites. ADCs help to accelerate the performance of applications by using application identification and prioritization, data compression and reverse caching. Large organizations typically deploy ADCs for this application as a high-performance hardware appliance. ADC functionality is also available via network software and can be deployed as an instance in the cloud.
As the ADC typically sit between the firewall and data center compute/storage, it can be used for a variety of security applications. For example, it can determine the security requirements of the application and provide connectivity to the appropriate security appliances/software. Many ADCs are deployed as web application firewalls (WAF) and can be a vital part of protecting against denial of service (DDOS) attacks.
Microservices and container impact on ADCs
Containers are becoming increasingly popular for DevOps-style, or microservices-based, applications. Unlike virtual machines, containers are constantly changing as they may be rapidly spun up and torn down as required by the application. Container-based applications may have numerous (five to 10 or more) microservices all running on individual containers on different servers or cores, which generates significant east-west traffic flows.
Microservices represent a potential new application or market for ADCs, which traditionally accelerate north-south traffic. ADCs can help accelerate and secure application flows (often referred to as a service mesh) between the numerous containers for each microservice. To address the opportunity, ADC suppliers will need to automate ADC provisioning and modifications (such as IP address changes). ADCs themselves may disaggregate into a microservices model with each function or use case available via a flexible licensing model.
Data center security and the ADC
Given their place in the network, ADCs are often considered part of the network security infrastructure for the data center – along with next generation firewalls, UTM, IPS/IDS and other security appliances. Since the ADC collects telemetry data about application performance, it can provide insight about possible attacks. For example, ADCs are considered the first line of defense against denial-of-service attacks as they can divert traffic which can overwhelm the application servers.
How a multicloud environment impacts ADCs
Many large organizations are increasingly leveraging public cloud resources for critical IT applications, including SaaS and IaaS. The term multicloud typically means using a mix of Amazon Web Services (AWS) and Microsoft Azure, for example, to host applications (IaaS) in combination with SaaS providers (such as Saleforce) and an organization’s data center resources (private cloud). In a multicloud world, the IT organization remains responsible for delivering, securing and monitoring the performance of these public cloud-based applications.
The leading IaaS providers (AWS and Azure) offer only lightweight server load-balancing (ADC) functionality. One option for enterprise IT is to spin up ADC instances in each IaaS cloud. This approach offers the benefit of consistent ADC functionality (as opposed to the different ADC functions offered by each IaaS provider) and the ability of IT to manage/adjust application performance characteristics via the ADC instance. Running ADCs in IaaS environments requires new pricing and delivery models from ADC suppliers. Customers want pools of capacity and to be able to pay for what they use.
Virtual application delivery controllers
IT organizations have a number of options with regards to ADC suppliers, including networking providers, start-ups and open-source options; some vendors have been slower to adapt their physical ADCs to virtual, multi-cloud environments than others.
Although traditional ADC appliances remain critical for delivering on application performance, especially for e-commerce applications, their use and form factor is changing rapidly with the increased adoption of multicloud and microservices. Many large organizations are moving to adopt multiple ADC solutions as specific suppliers offer ADCs with the functionality, consumption model and pricing that meets their needs.
Like the rest of the networking industry, ADC are migrating from hardware appliances to software and as-a-service offerings. Improved automation with rapid provisioning and the ability to respond to network/application changes is becoming increasingly critical. As the need for ADC functionality decentralizes (through the deployment of containers, for example), ADCs will decompose into sets of features that meet specific use case requirements.
