Building an elastic environment requires elastic infrastructure

DevCentral > Weblogs > Lori MacVittie - Two Different Socks

Building an elastic environment requires elastic infrastructure

posted on Tuesday, January 13, 2009 4:15 AM

One of the reasons behind some folks pushing for infrastructure as virtual appliances is the on-demand nature of a virtualized environment. When network and application delivery infrastructure hits capacity in terms of throughput - regardless of the layer of the application stack at which it happens - it's frustrating to think you might need to upgrade the hardware rather than just add more compute power via a virtual image.

The truth is that this makes sense. The infrastructure supporting a virtualized environment should be elastic. It should be able to dynamically expand without requiring a new network architecture, a higher performing platform, or new configuration. You should be able to just add more compute resources and walk away.

The good news is that this is possible today. It just requires that you consider carefully your choices in network and application network infrastructure when you build out your virtualized infrastructure.

ELASTIC APPLICATION DELIVERY INFRASTRUCTURE

Last year F5 introduced VIPRION, an elastic, dynamic application networking delivery platform capable of expanding capacity without requiring any changes to the infrastructure.

VIPRION is a chassis-based bladed application delivery controller and its bladed system behaves much in the same way that a virtualized equivalent would behave. Say you start with one blade in the system, and soon after you discover you need more throughput and more processing power. Rather than bring online a new virtual image of such an appliance to increase capacity, you add a blade to the system and voila! VIPRION immediately recognizes the blade and simply adds it to its pools of processing power and capacity. There's no need to reconfigure anything, VIPRION essentially treats each blade like a virtual image and distributes requests and traffic across the network and application delivery capacity available on the blade automatically. Just like a virtual appliance model would, but without concern for the reliability and security of the platform.

Traditional application delivery controllers can also be scaled out horizontally to provide similar functionality and behavior. By deploying additional application delivery controllers in what is often called an active-active model, you can rapidly deploy and synchronize configuration of the master system to add more throughput and capacity. Meshed deployments comprising more than a pair of application delivery controllers can also provide additional network compute resources beyond what is offered by a single system.

The latter option (the traditional scaling model) requires more work to deploy than the former (VIPRION) simply because it requires additional hardware and all the overhead required of such a solution. The elastic option with bladed, chassis-based hardware is really the best option in terms of elasticity and the ability to grow on-demand as your infrastructure needs increase over time.

ELASTIC STORAGE INFRASTRUCTURE

Often overlooked in the network diagrams detailing virtualized infrastructures is the storage layer. The increase in storage needs in a virtualized environment can be overwhelming, as there is a need to standardize the storage access layer such that virtual images of applications can be deployed in a common, unified way regardless of which server they might need to be executing on at any given time.

This means a shared, unified storage layer on which to store images that are necessarily large. This unified storage layer must also be expandable. As the number of applications and associated images are made available, storage needs increase. What's needed is a system in which additional storage can be added in a non-disruptive manner. If you have to modify the automation and orchestration systems driving your virtualized environment when additional storage is added, you've lost some of the benefits of a virtualized storage infrastructure.

F5's ARX series of storage virtualization provides that layer of unified storage infrastructure. By normalizing the namespaces through which files (images) are accessed, the systems driving a virtualized environment can be assured that images are available via the same access method regardless of where the file or image is physically located. Virtualized storage infrastructure systems are dynamic; additional storage can be added to the infrastructure and "plugged in" to the global namespace to increase the storage available in a non-disruptive manner.

An intelligent virtualized storage infrastructure can further make more efficient the use of the storage available by tiering the storage. Images and files accessed more frequently can be stored on fast, tier one storage so they are loaded and execute more quickly, while less frequently accessed files and images can be moved to less expensive and perhaps less peformant storage systems.

By deploying elastic application delivery network infrastructure instead of virtual appliances you maintain stability, reliability, security, and performance across your virtualized environment. Elastic application delivery network infrastructure is already dynamic, and offers a variety of options for integration into automation and orchestration systems via standards-based control planes, many of which are nearly turn-key solutions.

The reasons why some folks might desire a virtual appliance model for their application delivery network infrastructure are valid. But the reality is that the elasticity and on-demand capacity offered by a virtual appliance is already available in proven, reliable hardware solutions today that do not require sacrificing performance, security, or flexibility.

Reblog this post [with Zemanta]

Technorati Tags: MacVittie,F5,application delivery,storage virtualization,ARX,BIG-IP,iControl,automation,virtualization,elastic,dyanmic,on-demand,scalability,reliability,security,virtual appliance,dynamic infrastructure,infrastructure 2.0,application delivery network,VIPRION,web,internet,blog

del.icio.us

Feedback

1/13/2009 10:36 AM
		"But the reality is that the elasticity and on-demand capacity offered by a virtual appliance is already available in proven, reliable hardware solutions today that do not require sacrificing performance, security, or flexibility." Legacy specialized hardware has its limitations that has proven a big burden in today's economy. Buying several Viprons upfront is significant CapEx comparing to OpEx expense of virtual appliance that provides same functionality and doesn't sacrifice the performance, security, let alone flexibility. Compared to legacy specialized hardware (such as Vipron) virtual appliances do in fact ride the Moore's Law when it comes to performance by simply moving it to a faster general purpose boxes that are available now and will be available in faster "edition" two years down the road for the same money vs. new CapEx for "Viprons 2.0" in two years. Another thing that virtual traffic managers can address is development infrastructure. Can you imagine the cost providing access to legacy hardware traffic managers to developers in order for them to develop their application in conjunction with traffic managers (and utilize intelligent traffic manager functions as an extension of their application)? How does it compare to new breed of virtual traffic managers and its ability for dynamic and inexpensive provisioning in development virtualized environment? Can one imagine company deploying production environment on Viprons frontending virtual applications and buying tens of "development" hardware so their developers can develop and test based on the traffic manager functionality? What a nightmare. Especially in today's economy.
Izzy

1/13/2009 11:49 AM
		"Another thing that virtual traffic managers can address is development infrastructure. Can you imagine the cost providing access to legacy hardware traffic managers to developers in order for them to develop their application in conjunction with traffic managers (and utilize intelligent traffic manager functions as an extension of their application)?" And that's exactly where a virtual appliance version of a network or application network solution makes sense and where they should be employed.
Lori MacVittie

1/13/2009 2:12 PM
		Lori, I am glad you agree on the performance part with me (that software/virtual traffic managers are no less performing then hardware). I see you now also agree that at minimum they bring value in development, testing etc... Few more interaction of our conversation and we will be on the same page that they are really suitable to be deployed in production where reliability, performance, and security count (so far you have not showed any evidence of lack of any of the tree in the virtual traffic manager vs. legacy hardware traffic manager). Last but not least, I am sure you will agree that in today's economy virtual traffic managers answer the key issue of longevity. Let's ask a CFO what they would rather see (all else being equal), proprietorial legacy hardware solution at twice the cost per throughput that has to be forklifted out once it reaches capacity or software license on common hardware that can be moved to a newer faster standard box two years down the road for fraction of the money the legacy hardware upgrade would requite? Want to venture and guess the answer? Example: Say 10 Gbps box materialized in legacy hardware would cost almost twice as much as 10 Gbps box with "off the shelf" hardware and traffic management software where majority of the investment would be in software. 3 years down the road when one would need 20 Gbps box, guess what? CFO writing a check for more money then the first time for another legacy hardware vs. go to the same "off the shelf" vendor to buy new box for way less then quarter of the price of legacy hardware replacement. Your suggestion is simply not reasonable in today's world.
Izzy

1/13/2009 2:38 PM
		"And that's exactly where a virtual appliance version of a network or application network solution makes sense and where they should be employed." Can we take it that F5 is working on a software/virtual appliance release of their traffic manager? It certainly does read to me like it. Perhaps we should stay tuned to major cloud providers to see what they see as their future, bunch of legacy hardware that doesn't fit their business model or "pay as you go" virtual appliances that they can run on their "off the shelf" hardware that they've stockpiled for rest of their service? After all from business perspective standardizing on hardware as much as possible makes sense esp. when we take performance, reliability and security (as demonstrated in another thread) as being equal.
Izzy

1/14/2009 3:22 AM
		@Izzy If one were to infer that because I said a particular technology has benefits that F5 is working on a solution in that area then F5 would be spreading its resources across a much wider variety of markets than application delivery. Time and deployments will tell, of course. You can go today and talk to vendors like Blue Lock and Joyent and ask them which solution they prefer, and what features it is they require to build the foundation of their cloud computing infrastructure. It isn't so much about hardware vs software as it is flexibility, integration capabilities and features.
Lori MacVittie

1/14/2009 3:28 AM
		Ah, no, we won't likely be on the same page. We haven't agreed on performance, reliability, or security at this point - only the suitability of traffic managers as virtual appliances for testing, development, and training. You're not comparing MTBF of the solutions, nor are you including MTBF of each component required in a virtual appliance - OS, VM, and solution. You're not taking into consideration that the security of a virtual appliance relies upon not only the solution's security, but the security of the VM, the hypervisor, the OS, and all related software executing on that server. And you're not taking into consideration performance as it relates to throughput - hardware and software have vastly different throughput capabilities, and software is further limited by its reliance on the multiple layers of software required. In my long years evaluating application delivery solutions for Network Computing I have never run across a software solution capable of matching the throughput and performance of a hardware solution. If you distribute the software across multiple instances, you might be able to match the performance, but then your CapEx story goes out the window as each instance requires more hardware and more maintenance and increases the chances of a failure.
Lori MacVittie

1/14/2009 4:48 AM
		Lori, you must be kidding me. There are software solutions on generic hardware that can push 10Gbps (Layer 7, not just "fast HTTP") with ease. The total hardware/software package costs less then half the price of 10Gbps F5 box (AFAIK 10Gbps F5 is only in "fast HTTP" without decent L7 capabilities turned on). What does one do with legacy hardware when it exceeds performance? Replace it with newer one at premium? Or is it possible just to add extra hardware into a cluster to build 3, 4, 5, 6... node traffic management cluster? Obviously there is only so far even specialized legacy hardware can go and at one point you have to add capacity in other form, don't you? So what does one do when 60Gbps is required? Do we have any hardware option out there right capable of handling it? Clustered software solution is an easy match to the challenge.
Izzy

1/14/2009 10:50 AM
		Izzy, "So what does one do when 60Gbps is required? Do we have any hardware option out there right capable of handling it? Clustered software solution is an easy match to the challenge." I like your definition of "easy". :) I'd love to see an "easy" to configure, deploy, manage and maintain software solution that can push 60Gbps. I really would, but that doesn't mean they exist. The fact of the matter is that you can easily make an argument for a software solution if you slant the discussion in that direction. When you look at the facts and the products used by the giants out there that are actually pushing the huge amounts of traffic you're talking about, they just aren't using software. Do you really think that's because they don't know any better? Don't they pay people millions of dollars to know what the best option is? If I, as an admin, had the choice between a handful of hardware systems that used a single management tool for licensing, version updates, patching and administration, vs. what...20? 40? 100? servers running virtual instances of a software based load balancer trying to do the same job, the choice would be easy. As Lori already pointed out, absolutely every part of the servers from the hardware to the OS to security patches for the OS and any and ALL other software running on the system, to the virtualization software itself, to the controller, to the virtual instances and all software running on them, etc. ... all of it must be 100% in sync, 100% secure, and easy to manage / patch when new things must be rolled out. That management nightmare alone would be enough to turn me off to the idea, let alone the complex and painful process of trying to configure that many systems into a cluster. That's not even getting into the differences in data center space, power, cooling, etc. How do your hundreds of clustered systems look on a heat map compared to 10 hardware solution boxes? What about the increase in individual component failure that you're now driving up at an exponential level? Hard drives, power supplies, backplanes..these things fail, and the more systems you're running, the more often they're going to do so in aggregate for the solution. Have you factored in long-term hardware maintenance costs? Your idea of infinitely scaling a cluster is a pretty one, but also unrealistic. You're saying that at some point the hardware solution will be outdated, but the hardware in your cluster won't? Does it somehow upgrade itself so it's never old or underpowered? You're going to just keep adding more and more boxes to it, so now you have mis-matched systems in your cluster, each with their own parts to keep in stock for replacement? Sounds...interesting. The bottom line is, there is not a single, easy solution when talking about traffic loads in the stratosphere. The benefits of a hardware solution though, are very clear to me. Call me bias if you want, but look at the market and I think it's hard for anyone that's interested in the best solution to disagree. #Colin
Colin

1/15/2009 10:27 PM
		Colin, I did a quick search on performance of software vs. hardware. (google search on: f5 citrix software performance) and found my first link to be an eye opener. It looks like software solution pushing 10Gbps at almost third of a price of F5 Vipron (with 1 chassis and 1 blade). So with 3 instances to match the price it would be twice the price and include redundancy - 2+1 cluster. Pretty powerful, don't you think? Then I went to look for reliability on the solution's hardware (Sun T5140 generic hardware). http://www.sun.com/servers/coolthreads/t5140/ras_wp.pdf and found out the following availability number 0.99999160. Pretty good. Now it would be cool to compare this to F5 hardware. I couldn't find it on F5 site but since Lori knows that Vipron hardware is superior it would be interesting to see her reference to its availability numbers. Lori, doable? More interesting info on Sun box (U_MTBSI = 412,358, MTBSI = 148,526 MTBS = 55,043) - pretty large numbers. Wonder how they stack to Vipron. Colin, don't forget. We are talking about new market here. Cloud and virtualization are fairly new game and we might be looking at completely new layout 6-12 months down the road. Obviously I doubt Izzy can foresee the future any more then Lori, you or I can but Izzy's post made me re-think my position and did some quick research. I guess the bottom line here is that we should all look this space closely and see where it takes it. It seems that with shift in paradigm from datacenter solutions to virtual and then to cloud might be a shift in thinking what makes reasonable sense in virtualizing. I was with Lori and you on ADCs until I did some search. Now I am not so sure.
JC

Leave Feedback

Title
Name
Email
Url
Comments
Remember Me? Enter the code shown above:
Please add 4 and 4 and type the answer here:

My Links

DevCentral Home
DevCentral Blogs
DevCentral Forums
My Blog
Contact Me
Syndication
Login

Blog Stats

Posts		473		Comments		763
Stories		0		Trackbacks		37

	Tag Cloud
	acceleration AJAX APIs application application acceleration application delivery application delivery controller application security applications architecture availability BIG-IP blog cloud cloud computing cloud computing infrastructure developers development dynamic infrastructure efficiency F5 Gartner Google HTTP infrastructure INfrastructure 2.0 integration internet iRules load balancing load-balancing MacVittie Microsoft network optimization performance scalability security services SOA SSL standards TCP twitter virtualization VMWare web web 2.0 web application firewall web application security more tags...

Post Categories

		General SOA
		SOA Delivery
		Randomness
		Web 2.0 Security
		Security
		iRules
		iControl
		Development and General
		Monitoring/Management
		XML
		ISV Solutions
		Microsoft Solutions
		Performance
		Cloud Computing

Archives

		July, 2009 (2)
		June, 2009 (20)
		May, 2009 (20)
		April, 2009 (21)
		March, 2009 (23)
		February, 2009 (17)
		January, 2009 (19)
		December, 2008 (17)
		November, 2008 (18)
		October, 2008 (27)
		September, 2008 (32)
		August, 2008 (31)
		July, 2008 (30)
		June, 2008 (33)
		May, 2008 (30)
		April, 2008 (24)
		March, 2008 (5)
		February, 2008 (4)
		January, 2008 (8)
		December, 2007 (5)
		November, 2007 (6)
		October, 2007 (3)
		September, 2007 (5)
		August, 2007 (7)
		July, 2007 (7)
		June, 2007 (5)
		May, 2007 (11)
		April, 2007 (9)
		March, 2007 (7)
		February, 2007 (10)
		January, 2007 (5)
		December, 2006 (4)
		November, 2006 (8)

Application Delivery

		Infrastructure 2.0
		onizo#
		The Virtual ADC

Cloud Computing

Google Group: Cloud Computing

Random

Security

Rational Security

SOA

		Loosely Coupled
		Miko Matsumura's SOA Center
		SOA Enterprise Patterns

Copyright 1996 - 2008 F5 Networks, Inc. | Privacy Statement | Terms Of Use