Virtualization, security advances on tap for ADCs

A look at what 2014 could hold for application delivery controllers

The application delivery controller has been more than a simple accelerator and load balancer for some time now, becoming an increasingly important component of enterprise network infrastructures over the past couple of years.

This growth in importance is illustrated by a recent Infonetics research study, which found that ADC revenues in the second quarter grew by 4% year over year, while WAN optimization, a related network management technology, saw an 11% decline over the same period.

As 2014 kicks off, two of the main issues for the growing ADC market are security and virtualization – the technology has several features that have implications for denial-of-service protection, and the trend toward SDN and network virtualization has many people looking for software-only application delivery.

But the technology isn’t going to turn into a cloudified, all-inclusive network management panacea overnight – experts say there is still some way to go.

+ALSO ON NETWORKWORLD: ABC's of ADCs in the cloud | ADC: It's a platform, not a product | How to shop for ADCs+

F5 Director of Technical Marketing Alan Murphy says that modern ADCs are a natural fit for the security role, particularly in light of the fact that most of today’s denial-of-service attacks target the application layer to begin with.

“The network tools that protect network perimeters from security attacks are great at network-level stuff – knowing what IP address it’s coming from, going to, source, and then protocol,” he says. “But once the attacker moves over to the application, manipulating what’s going on over the protocol … issuing a million DNS requests, for example – that’s going over the network, but the attack is actually against the DNS application infrastructure.”

ADCs, adds F5 Senior Product Marketing Manager Lori MacVittie, are better-suited than traditional firewalls to identify and defend against this type of attack, particularly where detection and classification are concerned.

“As we continue to evolve into the next year, it really becomes more important to start analyzing the behavior of the interaction with the application, and that’s something that application delivery is well-suited to do,” she says.

So will 2014 be the year to ditch your enterprise firewall and entrust everything to the ADC? Not entirely. Citrix Senior Product Management Director Steve Shah acknowledges that the issue is a hot one in the ADC market.

+ MORE ON NETWORK WORLD Read the entire list of our Outlook 2014 articles

“Right now, the ADC landscape is getting a little conflated with the whole firewall landscape,” he says. “Do ADCs take on firewall responsibilities or don’t they? Or do we maintain separation of responsibilities? And this is where I actually believe that [in] 2014, we’re going to see further clarification of that, and I believe that separation of duties is going to win out here.”

A risk is created, according to Shah, when ADC admins are required to be constantly tinkering with an appliance that’s also a primary security system.

“ADC configuration can be much more involved than firewall configuration, because now you’re twiddling with the apps, you’re standing in the middle of that whole process,” he says. “So even though an ADC has a lot of ‘security-like’ capabilities – it is a full proxy, it does have denial-of-service protection, and so on – it does not do the same thing as an enterprise-grade firewall.”

Rohit Mehra, vice president of network infrastructure at IDC, says that both positions should be taken with a grain of salt, in that F5 and Citrix likely have differing views on the role of security in the ADC market because their product lines dictate it.

“I think it’s fair to say that security is an adjacent networking capability, that it would be always nice to have as an add-on to ADCs,” he says.

ADCs and virtualization

But what of virtualization? According to Mehra’s predictions, 2014 will be the year virtualized ADC revenues surpass the $200 million mark. But generalized adoption of the technology won’t really take off until 2015, he says, and hardware appliances will remain more common at least through 2018.

“The virtualized ADC is still at a very early stage of its life cycle,” he says. “We’re definitely going to see significant growth, but obviously the purpose-built appliance market will continue to hold its own from that perspective.”

F5’s Murphy is excited by the possibilities, particularly when it comes to managed services.

“Hands-down, it’s going to be huge. And a lot of it is going to be driven by enterprise customers who are looking for services, obviously, in the cloud, but very specifically with MSP providers and the ability to manage their virtual infrastructure in the same way that they’ve managed their traditional infrastructure in the past,” he says.

Management will be the main concern for integrating ADCs into virtualized data centers, and platform agnosticism, in turn, will be an important part of that, says Murphy.

“Being able to manage those [cloud] services with one interface, to not have to go pick and choose and kind of create this issue of operational inefficiency – that’s kind of the big hurdle,” he says.

Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.

Insider Shootout: Best security tools for small business
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies