Skip Links

ABC's of ADCs in the cloud

There are several options for two-tier application delivery controller deployments

By Robin Layland, Network World
November 01, 2011 06:06 AM ET

Network World - Application Delivery Controllers (ADC) are critical to a smoothly functioning data center. They provide key functions including server load balancing, monitoring the health of servers and apps; protecting the data center from distributed denial-of-service attacks, performing SSL encryption and decryption; making servers more efficient by managing connections, running specialized application scripts and accelerating applications.

ADCs are the glue that holds the data center network together at the application layer.

When applications move to the public cloud they still need all the services ADCs provide. Going to the public cloud without the critical ADC functions puts applications and service levels at risk. This is especially the case when using a hybrid cloud solution where parts of the application are in the cloud and part stay in the data center.

How do ADCs fit in architecturally in the cloud? Is the public cloud provider responsible for the ADC in the cloud?

Two-Tier Architecture

The best architecture for the ADC in the public cloud is a two-tier structure with the ADC's functions roughly split between tiers. The first tier, provided by the public cloud provider, handles server load balancing (SLB), directing different customer traffic to the group of virtual servers running the application.

This is a rough SLB function without the refinements of directing traffic based on such factors as server load and latency. The cloud service provider's ADC just gets the traffic to the group of virtual machines supporting the application. The cloud provider's ADC also performs the SSL encryption and de-encryption, along with providing the first line of defense against any attackers.

The ADC can also compress and decompress traffic, along with providing authentication services, but this requires coordination with the customer. The first tier ADC is also referred to as the "guard dog" ADC because it protects the cloud's data center from attacks, or network ADC since it oversees the cloud's network.

A hardware solution is the best answer for the first tier ADC, since this ADC needs maximum performance to handle the large traffic load. Additionally, SSL processing is best performed in specialized hardware that is available only on a hardware ADC. In the early days of ADCs the SSL processing was done in software but the industry quickly learned that as traffic volume increased the software solution had problems keeping up and added an unacceptable amount of latency. A hardware solution also has the horsepower to fight off large DDoS attacks and perform the guard dog function.

There are several reasons the first tier does not perform the other ADC functions. Performance is the biggest reason. The guard dog ADC needs to concentrate its power directing traffic, performing SSL functions and fighting off attacks. Additional ADC functions such as running individual customer's scripts can slow down the ADC and will take capacity away from the guard dog function. There is also concern about interactions between different customer scripts. Running individual customer scripts greatly complicates change control and problem determination. Additionally, having different customer's objects cached on the same ADC can open security holes. For these reasons, the first tier ADC should concentrate only on key functions and leave customer specific tasks to the next level.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News