Posted tagged ‘Application Delivery Controller’

Navigating the ‘crossroads’ with open source firewalls.

November 21, 2009

Firewalls have been around in some form or another, from the early days of networks.  A typical firewall protects the ‘trusted’ internal network from those who are on the ‘untrusted’ outside.  Things have changed since the early days.  The exploits make it all the way to applications through open ports on the firewall.  Requirements to give access to partners, contractors, guests, and customers accessing self service portals, deem the notions of ‘trusted’ and ‘untrusted’  portions of the network useless.   Today we stand at a crossroad between installed legacy infrastructure, that does not satisfy even present day security needs, and emerging technologies.  Emerging technologies don’t focus on networks and hosts, but on protecting the ‘data’ and the ‘content’. Wisdom of the day is to let the traditional firewalls keep the riff-raff out by only allowing traffic to appropriate ip addresses and ports in, and let the more application specific techniques protect the ‘data’ and defend against application level denial of service attacks.

The cost of the switch from legacy to emerging technology will be large, but the balance is tipping such that the cost of not making the switch will be even larger. Open source can help with the costs by offering the emerging techniques developed by a community of cooperative experts.  OpenADC will allow network security experts to write cost effective traditional firewalls that face the internet, and application developers to write the application specific firewalls that sit just in front of the application, such that the two work in unison to provide best protection for the application.

In rest of the posts in this category, I will survey existing open source firewalls — both the traditional network level firewalls, and application specific ones. 

What has your experience been with open source firewalls?  Let me know in your comments.


Open ADC is good news for service providers.

October 21, 2009

Service providers have been locked in to the feature set offered by vendors as they try to satisfy varied needs of different customers.  With an open source application delivery platform, they are able to monetize their knowledge of specific customer needs, by easily writing services that will run on the multi-service and multi-tenant platform.  For starters, offering same services that are offered by current ADC product vendors, becomes much easier on the Open ADC platform due to the following reasons:

1. Capital expense goes through the roof  as Service Providers deploy stand alone ADCs, from current vendors, for each customer.  Open ADC platform allows them to deploy a soft ADC per customer, or deploy multiple customers on Open ADC running on specialized hardware with total isolation amongst customers.  This cuts the cost of running the environment tremendously, increasing service provider’s margins.

2. Service providers are able to sell ‘On Demand services’ with Open ADC. For example, if a customer needs SSL encryption offload during peak selling time for an e-commerce application, and not at other times, this need can be easily met with Soft Open ADC.  Meeting  this need with current ADC products is not possible as the service provider has to buy physical hardware for offering services.

3. Service providers can easily up sell new services.  If a customers’ services are deployed on an Open ADC platform, adding another service in the ‘service chain’ for that customer does not cost much.  Therefore, service providers can offer services on a trial basis, as they look for new revenue streams.

4. Service providers will have more services to offer as independent developers will write niche services for specific customer segments.

Why do we need an Open Source Application Delivery Controller?

October 18, 2009

Organizations of all sizes deploying ‘Applications’ which allow their members to complete business work flows, are spending a lot of money on network services.  They face several challenges as they depend on network services solutions from established vendors in the space.  Many of these challenges are addressed by an Open ADC platform as discussed below.

1. Vendors can not produce special features for disparate specific needs of all organizations.

Many organizations have very specific needs, but it is not profitable for vendors to consider their features, as vendors try to address the needs of the general market.  No body is at fault here as vendors have to consider the cost of developing a feature against revenue potential. Niche portion of the market can not yield enough revenue to justify developing the feature.  However the organizations do have a real need.  Where do they go to get their needs met?  Open ADC comes to the rescue!  Smaller independent teams will emerge and will write services on the Open ADC platform to service the niche market.

2. Users end up paying for what they don’t need.

Several users end up paying for features they don’t use since network services products are delivered as a bundle.  Many pay for performance they don’t need as vendors supply fixed form factors.  Once again, Open ADC comes to the rescue, as users will be able to deploy only the services they want on the platform.  Furthermore, Open ADC platform will give them the choice to deploy their services in a virtual machine or on a standalone system or an ATCA chassis with acceleration technology.

What is an Open Source Application Delivery Controller Platform?

October 18, 2009
OpenADC will provide an open source multi-service, multi-tenant application delivery controller platform. Community of developers can write cool services that the user community needs, with a much lower barrier to entry, thus monetizing their niche knowledge. Developers don’t have to worry about the low level packet processing, but can focus on the logic of their services.  The Open ADC platform will take care of the low level packet processing and optimizations.  The platform will be able to host services from independent developers and optimally apply logic of each service to packets of every session.
User community, responsible for application delivery, can deploy the OpenADC platform, and with mouse clicks deploy only services they need. User community no longer needs to pay high premiums for features they don’t use or performance they don’t need.

Introducing the concept of an Application Delivery Controller

October 15, 2009

Every IT professional knows that all the work they do is focussed on keeping  business applications running well, such that users are able to perform business work flows.  If revenue generating applications malfunction, the enterprise loses customers to their competition.  How many times have you gone on to purchase an item from a different vendor, because the initial vendor’s web based ordering site was responding too slowly?  Backend applications must also work well in order for the enterprise to be competitive. So, in the new brave world of IT is all about ‘application delivery’.

In order to keep applications running smoothly, IT teams use various tools to perform several important functions.  These include use of network services that help to secure applications and optimize their performance, as well as monitoring systems which help with proactive alerts or reactive debugging activity.  Examples of some of the popular network services related to security are ‘firewall’, ‘web application firewall’, ‘intrusion detection and prevention system’, ‘encryption and decryption system’ etc.  For performance optimization, the well known examples are ‘load balancer’, ‘web cache’, ‘compression’ etc.  Examples of emerging services that help secure, optimize and visualize application include use of deep packet inspection across multiple packets to mitigate data leakage, defend against application semantic based attacks, offer quality of service based on application communication characteristics etc.

An application delivery controller is a system that can host many of the services required by an application.  This system can be implemented as software that runs on any general purpose hardware, or as a device specially built to run the services software.

In the posts that follow, I will discuss several aspects of ‘application delivery controllers (adc) ‘ including the ever changing definition that the vendor community imposes.  I will define an ‘adc’ from the user or the customer’s point of view.  My hope is that the discussion that follows will clarify the concept of an ADC, allow user community to state what services they would like to see implemented, and charge the vendor community to deliver relevant and appropriate features.