Cisco Subnet An independent Cisco community View more

A conversation with John McAdam of F5 Networks

Looking to the future and understanding the past in application delivery controllers

I am going to continue my series of conversations with industry CEO’s and today we have John McAdam of F5 Networks. 

1. So why don't you tell us where you think the markets are at with [application delivery controllers] to start and then, do you still see growth? You can also include your other products.

In general, the application delivery controller (ADC) market is good, but it's particularly strong and growing for F5 because we're able to provide advanced ADC capabilities-beyond simple load balancing or encryption. There are a couple of reasons for that. First, we occupy strategic control points in the data center-we are typically positioned inside the network firewall between clients and servers and very close to the applications-so we see all the traffic that passes in between. Second, our products use a full proxy architecture, which gives us something we call "application fluency"-the ability to see and understand what's happening in both the network and the applications themselves. As the application environment changes, we can adjust to network conditions and manage application access, availability, and performance in real time. This gives us a strong advantage over competitors who aren't able to provide this level of sophistication or who focus on just one aspect of traffic management such as load balancing or WAN optimization.

2. Who do you see as your biggest competitor and why?

Although they are not necessarily the biggest competitor from a technology perspective, Cisco is certainly the most pervasive. They have a long history and a strong customer base, but really, their technical approach is much different from ours.

John McAdam

3. Who do you see as your biggest technical competitor?

That would probably be Citrix but, like Cisco, their technical approach is also very different from ours. Here's a real-world example. As ADCs have become more advanced, IT organizations need to decide whether it's best to handle certain functions and services, such as authentication and authorization, in the network or in the application itself. Unlike our competitors, F5 would argue that enforcement functions like these are best done in the network. This offloads application servers and provides an extra layer of security and centralized control. It also enables an architecture that works across all applications, not just a few specific types, or those from a specific vendor.

Another example: does it make sense for an organization to implement access control services for just one specific VDI environment? We believe it's better to create an access control architecture that supports all VDI environments along with other applications, whether enterprise, unified communication, intranet, extranet, etc. It's more cost-effective, operationally efficient, and provides a better security posture to unify these tasks at the network level. I guess, from that perspective, any vendor that takes a similar approach could be considered our "technical" competitor, but as of today, I don't know of any.

4. Will we one day see [application delivery controllers] move into new markets or products?

We will be placing a lot of focus on security in the near future. It's not really a new market for us-we've been providing solid security solutions for years-but more and more, people are recognizing the depth of security protection we can provide. Again, that's based in part on the strategic position we occupy in the data center and our advanced ADC capabilities. In today's climate with many more organizations experiencing cyber attacks, we're finding an urgent need to educate customers about implementing layered application security solutions. This is particularly important in the financial services and government sectors, but it's essential now for organizations across all industries to have multilayer security strategies. Many enterprises don't realize how vulnerable they are. They're trusting their network firewalls alone to protect them, but clearly that's not enough anymore.

5. Where do you see your products expanding to next, or options you will add to the current product?

We just announced TMOS version 11, the foundation of our BIG-IP product family, which includes more than 150 new sophisticated management, scalability, and security features that enhance data center consolidation and cloud architectures. Version 11 also includes specific solutions for the service provider market. The influx of smartphones and tablets such as the iPad has created a huge opportunity for us. Our high-end VIPRION products are able to deliver the performance service providers need to handle the massive increases in mobile traffic volume they're seeing.

Conceptually, we are focused on helping organizations move toward the "dynamic data center," a model in which the network is managed as a pool of reusable resources (physical, virtual, or distributed) that can be dynamically configured and reconfigured. An application-centric approach gets customers away from managing individual devices and resources, or adopting incomplete public cloud networking models. Instead, the network becomes the "control plane" that directs the user to the appropriate resources based on policy. iApps, which we just announced in TMOS v11, is key to enabling this approach and will be pivotal for several years to come.

In fact, analysts are calling BIG-IP version 11 game-changing because it unites disparate and distributed resources, making them look like one common architecture. This gives operations, network, and application development teams a common view and a collective intelligence to withstand the most difficult IT challenges.

6. I know many customers would like to hear where your products compete with other vendors. So if you could, by product, tell us which vendor product they compete against and why they are a better value.

When it comes to a unified Application Delivery Controller platform that can contextually manage and control application delivery inside and out of the data center, our BIG-IP products and TMOS version 11 truly stand alone in the marketplace. Individual components of the unified BIG-IP system, however, do face some competition.

For basic, core ADC capabilities such as load balancing and application availability, Cisco and Citrix are our closest competitors, but each has less than 20 percent of the market compared to our nearly 45 percent. Our full-proxy TMOS architecture gives us a big advantage because it lets us combine many functions on a single platform and manage application traffic in ways that aren't possible with other vendors' solutions.

BIG-IP Application Security Manager (ASM), our award-winning web application firewall (WAF), competes with Imperva, but ASM is far more than most standard network firewall solutions, which are often blind to layer 7 attacks. It protects against web 2.0 application attacks as well as layer 7 denial of service, brute force, and Slowloris, and web scraping attacks-and these are just a few of the advanced features ASM is recognized for.

Our ARX file virtualization product remains unique in the data management market and presents an innovative way for enterprises to manage their data growth. The primary competitor is really the existing manual processes that many organizations still have in place. We demonstrate to our customers, day-in and day-out, how ARX can help them realize capital and operational cost savings in their storage infrastructure.

7. Do you see consolidation in the marketplace or more companies starting up in this space?

I think there will always be consolidation among smaller companies that offer point solutions, but F5 is focused on building a strong and growing independent company. Advanced feature ADCs are becoming "must-haves" in the data center, so I think we'll see more large enterprises trying to expand their reach by incorporating ADCs into their offerings, but I don't see a lot of room for startups simply because they would be years behind in terms of technology.

8. What new verticals, segments do you see F5 moving into within the next few years?

We already have a very horizontal play across most industry segments, but you'll see a stronger focus on financial services, healthcare, and government. We're also stepping up our efforts in the service provider market, which faces unique and challenging requirements. Our high-end VIPRION products can handle the massive increases in traffic volume these companies are experiencing and deliver the levels of performance they need. We also provide a way for service providers to transition gradually to IPv6, which is critical for them right now as their IPv4 addresses run out and IPv6-only devices begin to flood the market.

9. Let's talk about the cloud, what is F5 doing in the cloud now?

We're doing a lot with cloud right now. Our vision is to make the cloud a seamless extension of the local data center, and we're helping organizations achieve that vision with solutions for application delivery, security, and storage. The two most difficult challenges customers face with cloud deployments are managing and controlling applications in a dynamic environment, and integrating this new computing model into their existing, static data center environments. We believe organizations should have the same level of control and security in the cloud-whether public or private-that they have in traditional data center environments, otherwise, what good is the cloud? With our BIG-IP products, customers can apply the same configurations, access, and security policies they use in their traditional environments to the applications they deploy in the cloud. The end-goal is to deploy, manage, and control applications transparently, regardless of where those applications reside.

We've also just introduced a virtual edition of our Application Security Manager (ASM), our web application firewall that I mentioned earlier. Now, customers can deploy this virtual edition very quickly, whether in the data center or the cloud. Policies are automatically updated and shared across multiple implementations-physical and virtual-so IT no longer has to manually update policies on every device. With this virtual edition, our customers can keep the application security policy as close to the application as possible, even as it moves around and between data centers and clouds.

Storage is also an important component of cloud deployments, and with our ARX and ARX Cloud Extender products, customers can include the cloud as part of their tiered storage implementation. ARX makes all cloud-based storage appears to the administrator as a local storage tier, and users have easy access to files regardless of where the storage is located.

10. How are you helping large cloud providers manage their product by using yours?

With our ADC solutions and the infrastructure management tools that we provide, cloud providers such as Rackspace can manage and dynamically scale their infrastructures based on application, user, and customer demand. They can create secure, hybrid clouds-environments that combine managed hosting services with on-demand cloud services. When all traffic is routed through an F5 device, for example, cloud providers can isolate individual customer traffic and transparently move it between portions of the cloud-enabled infrastructure. They can scale out cloud services as demand increases and, in turn, scale back those services when they're no longer needed. It's classic cloudbursting at the provider level-complete with data isolation and automatic provisioning and de-provisioning. Every end-customer wants it, but few cloud providers can deliver it.

11.  Let's talk green, many companies talk about it but they really don't do it. Can you tell us [where] F5 is going in the green space and how customer can save money with your products?

That's a great question because organizations often overlook the application delivery network in their green initiatives. First, by offloading functions like SSL processing, authentication and authorization, compression, and TCP multiplexing from application and web servers, we improve server utilization-enough that customers can significantly consolidate servers. Also, our unified platform combines many ADC functions such as WAN optimization, application security, and load balancing, for example, on a single device. So, our solutions not only help customers consolidate their servers but also their network devices, which cuts both capital and operating expenses when you factor in reduced power and cooling costs.

12. Right now we are at 10gbps, moving to 40gbps and beyond. Where do you see F5 moving to and how fast?

F5's ADC was the first in the marketplace to support 10 Gbps interfaces and will be the first in the marketplace with a 40 Gbps interface when we ship the new Centaur blades for the VIRPRION 4400. The VIPRION 2400 was also designed to support 40 Gbps interfaces with a native 40 Gbps per slot bandwidth to the fabric. We are already working on our next generation of VIPRION, which will be released sometime in the next 36 months. It will support both 100 Gbps and 40 Gbps interfaces and provide greater than 100 Gbps layer 7 performance per blade.  

13. Could you one day see every data center having an F5 application delivery controller?

1 2 Page
Join the discussion
Be the first to comment on this article. Our Commenting Policies