Could application delivery network appliances be the way to faster network pipes? Kevin White reports
At least 30% of the data traffic that passes along the enterprise network may not be readily identifiable as being business-related, and often times 50% is the average. The extent of costly infrastructure additions and forced bandwidth upgrades driven by this non-business network activity could be phenomenal.
The concept of the application delivery network (ADN) appliance has developed in response. Popularised by the likes of Blue Coat, Cisco, Citrix, F5 Networks and Riverbed, use of the technology is slowly becoming more widespread as a means of examining network traffic, eliminating latency and bandwidth issues on the enterprise WAN, and using acceleration to optimise network performance for business applications and business application users.
Such devices are needed because applications of all types are starting to put uncontrolled strain on the enterprise networks, explains Blue Coat CEO Brian NeSmith.
“On the typical enterprise network Salesforce.com data can be competing with YouTube data which is competing with business transactional data traffic, which is competing with web search traffic, and so. The enterprise network has become a great ubiquitous pipe that is only loosely controlled, by IP address or by protocol type. With ADN you get visibility into that generalised network, so that you can start to exert controls over the applications you care about, and manage the traffic you care less about.” Blue Coat’s software provides visibility into the network at a very granular level. “Once you have that visibility, you can start to control, manage and prioritise applications.”
NeSmith explains the history and the evolution of its appliances, “We started out with systems that improved the performance of the web, but when that improved we added security and policy-based controls. Then we broadened the acceleration focus of our ProxySG product to address the full set of enterprise applications,” A landmark event for Blue Coat was the $268m acquisition in 2008 of Packeteer, and its highly regarded Packetshaper line which provides visibility and control over network traffic to improve application monitoring and performance.
Today, Blue Coat builds appliances that an organisation would install across multiple sites just inside of the WAN-facing router. They are tools for streamlining the network infrastructure by consolidating functions such as content inspection and security, compression and QoS bandwidth management, load balancing and redundancy. Blue Coat sells its systems against a proposition that in combination they provide functions that bring visibility, security as well as acceleration to critical business applications and other network traffic.
Analysts confirm the market has changed of late from being focused initially on acceleration to where a range of appliances are being developed that blend different features and collapse them into a single box.
Gartner reports: “As basic acceleration capabilities mature, we expect a resurgence of interest in visibility and control, both as a means to demonstrate effectiveness, and as a bandwidth/response-time planning tool. There is an increasing focus on security, including the acceleration of encrypted protocols such as Hypertext Transfer Protocol Secure (HTTPS). In branch offices, the capabilities of these appliances will evolve to the point where they can support server-less branch operations.”
Various analysts have coined terms like ‘branch-office-in-a-box’ or ‘branch office box’ to describe a broad set of server appliances that can be optimised to provide distributed support for simple utility functions that are required locally but are difficult to provide over a WAN. These include functions for voice over IP telephony, file serving and caching, IP address management and remote monitoring, email and print servers, or DNS, HTTPS, encryption and decryption.
The need for such devices is building. Businesses are busy consolidating and virtualising data centres and storage systems, and centralising applications for reasons of control, compliance and cost. They are also moving to SaaS and putting more applications out into the cloud. All these steps effectively are moving applications and application resources further away from an end-user.
Elsewhere, SOA mash-ups take content from many sites and put it together into a single front end for a user, generating considerable traffic across the WAN in the process.
Meanwhile, recreational applications like Spotify and YouTube, increasingly in use during working hours, are hogging more bandwidth than bona fide business applications that run alongside them. The situation needs constant monitoring, and application delivery network technology is proposed as being one of the best ways of dealing with the issues.
NeSmith again, “We want to give corporates a good idea of what is running on their network and who’s doing what with which application. From there they can decide if it should be accelerated or secured. Securing may mean blocking a specific traffic stream if it is malicious or inappropriate, throttling back or limiting network resources if it is recreational or low priority. If it is allowed it means we can accelerate it making it run more reliably over the network alongside all the other high-priority and low-priority applications.”
One of the final moves of John Swainson, the outgoing CEO at CA who is to step down by the end of the year, could edge the systems management company into the same application delivery network segment as Blue Coat, Riverbed and the rest. The acquisition by CA this month of NetQoS for software that ensures networks deliver consistently high application service quality to end users, will help position it in the emerging technology sector.
It is not just about having control over the applications that run on the network, but about managing the performance of the network to accommodate those applications.
After buying Wily, Concord and Aprisma, CA’s takeover of NetQoS will see it target network engineers who focus on application delivery where the management of traffic flows is the primary task. “NetQoS does similar things as our PacketShaper product does,” NeSmith confirms. The NetQoS Performance Center flagship software is used by network professionals to determine how and where to optimise network resources, by detecting bottlenecks and identify where a problem is and if it is with the network, with a server or with an application.
The market is relatively early stage with different clusters of vendors offering competing products in different parts of the market. Sales of acceleration and optimisation software and appliances, where Blue Coat, Riverbed and Cisco compete, is worth anywhere up to $1.3 billion currently. Secure web gateway product sales, where Blue Coat and Cisco pitches in against the likes of McAfee and Websense, currently stretches up to $1.5 billion according to Blue Coat, which has a run rate of around $460 million this year.
Market demand looks set to continue. There are many emerging scenarios where the technology could come into play.
VDI (virtual desktop infrastructure), where hosted virtualised instances of a PC operating system are streamed from data centre to thin clients out on the network, is one. The initial desktop download which might be 1 – 2 GB in size and happens at the start of each session could see the network stretched to accommodate the massive amounts of data involved in preparing the virtual desktop for use. Similarly, managing remote keystrokes or screen-scraping across the WAN, although involving only very small amounts of information, has to be handled in real-time if the routine is not to interrupt the user experience.
These are two very different events in terms of network resource, so there is a need to be able to distinguish the different activities to apply different policies, but application delivery network appliances can be used to speed delivery of the image down load, as they can be configured to accelerate the key strokes.
The appliances are also particularly relevant for organisations turning on video or voice over IP systems. Application delivery network technology improves the capability to deliver live and on-demand streaming of media content across the enterprise network, by splitting unicast streams and by pre-positioning content in the cache.
Both VDI and Voice and Video-over-IP are very sensitive to latency, which can cause echoes, line drops or jumpy mouse movements.
In the arena of remote mobile access workers have come to expect the same consistently fast, LAN-like experience no matter what method they are using to access the network and no matter where they are in the world. It’s an area both Blue Coat and its rival Riverbed target with client-side software which provides application-level latency optimisation for the mobile user. According to Mark Lewis of Riverbed, “Effectively, we have a software version of our appliance that sits on a laptop and will vastly improve access performance for people working over a 3G card, from a hotel room or across an extranet.”
The vendor claims performance improvements of five and up to fifty times, dependent on the application being access remotely. Importantly, no changes are required to the applications or the processes that workers are used to, and IT managers do not need to make any changes to routers, the VPN infrastructure, SSL/HTTPS servers, or any of the other key technology in their enterprise. Riverbed has however introduced some application-specific modules for its mobile solution, to further enhance the user experience for some popular office applications.
In theory, it’s said that this sort of optimisation technology makes more efficient use of the wide area network to the point that businesses can actually reduce bandwidth or at least defer the need to buy more. Blue Coat suggests customers can reclaim between 30% and 60% of bandwidth for new applications, but that really rather misses the point, says NeSmith.
“The idea we are trying to highlight is that once you have built out your network and everyone has great connectivity, what you have is a situation where everything and everybody is treated exactly the same. Good app or bad app, good user or bad user, they are all treated the same. In the end what is needed is a way to control everything and everyone on the network. That’s what the application delivery network is all about. It starts with knowing what applications are running on the network and how they are behaving. Then you can choose how they should be treated. It’s about getting the network under control. That’s what it brings. Then the benefits start to fall out. You don’t waste network capacity, you deliver high quality services safe from malware, and sure you get better utilisation of network assets and can start to reclaim lost bandwidth.”