Hardware Today: Joining Applications to the Network
May 3, 2004
Previously, when we looked at server room components, we focused on storage. First, we looked at NAS and SANs and then at RAID controllers. This week, Hardware Today turns its attention to application delivery server components, which are typically called application switches.
At their most basic, application switches bolster performance, security, and availability for business-critical applications. Application switches reside where the network and applications intersect. They handle performance problems inherent to integrated software suites, such as those from PeopleSoft, SAP, or Siebel.
Application delivery is a relatively new area of focus that began with load balancers in the mid-1990s. Load balancers were designed to bolster Web site availability. They routed requests by IP address based solely on Level 4 (L4), the TCP/IP level of the network stack.
Today, "The typical application world isn't getting any better, if anything it's getting worse, in terms of acknowledging the fact that users do connect in different ways," Gartner Vice President of Enterprise Communications Mark Fabbi told ServerWatch.
Enter application switches. Application switches don't just load balance, they also monitor Level 7 (L7), the HTTP portion of the data stack, enabling them to parse traffic based on URI information. For example, the URI "application1.jsp" can be routed to one set of servers, and "application2.jsp" can be routed to another set. Parsing on the L7 stack obviates the need for TCP-level (L4) parsing of HTTP packets.
"This allows companies [to] multiplex HTTP requests on fewer TCP connections when sending them to a server," Steve Shah, director of product management for NetScaler, told ServerWatch. "The load balancer piece handles the TCP connectivity for L7 traffic and L4 balancing for non-Web traffic," he said. This technique, called L4-L7 switching, bolsters performance and offloads work from servers, freeing them up for other tasks.
Switch Leaders Focus on Applications
Today's application switches offer these and a slew of other data optimization techniques. "It's all about, how do you make the application work better," Fabbi said.
Ignoring this functionality has its perils. Fabbi sees load balancer standbys, like Cisco, Nortel, and Foundry, struggling against the more innovative vendors. For these golden-oldies, the burgeoning application delivery space may not currently drive enough sales volume to be tempting. But this is changing. Although Gartner does not yet break out sales figures for the application delivery market, Fabbi has penned a Magic Quadrant, a Gartner-derived matrix that offers a graphical representation of a particular marketplace.
>> Market Leaders He also noted the four vendors currently making the space profitable.
He also noted the four vendors currently making the space profitable.
To bolster performance, most application switches have an eye on security. "Firewalls are frequently not enough, as they lack visibility into L7 traffic and cannot decrypt SSL traffic," NetScaler's Shah said. "An applications switch is able to terminate application requests, decrypt them, apply policies and filters to each request, and then pass them onto the server." This prevents floods and malicious HTTP attacks.
Radware's products also do this, and more. "We're providing you updated signatures on a regular basis, but we're also looking for things like anomaly detection," Rothchild said. He cites attacks, like SQL Slammer, as one example, "where I might not have a signature for initially, I'm able to see that my SQL queries are up over 700 percent maybe that's cause for concern."
Application switches perform so many functions that they are occasionally called "god boxes," suggesting potential overwork. Radware has gone for polytheism, breaking application delivery functions into separate modules. "If I could have a pocketknife doing everything, that's great. It's easy, it's one box, it's manageable, you're all done," Rothchild says. "But let's say you go to a picnic and you bring a pocket knife with you well, it's not a particularly elegant way of being able to eat that food."
Fabbi sees this modularity as a potential weakness. "Radware is pushing against the market by maintaining separate boxes," he says. "To my mind, that is their one liability, they don't give you a solution if you just want to put that god box into your network and have it do everything."
Planning the Purchase
Purchasing an application switch requires careful planning. As application switches join applications with the network, they require close interdepartmental coordination. "They're not plug and play," Fabbi said some assembly is required. "It's not something that just a networking person or an application person can do alone," he adds.
Intelligent deployment, Rothchild asserts, involves identifying organizational pain points, then finding a vendor up to the task of salving them, so that "when additional challenges do pop up, and they invariably do, [the vendor] is going to be there for you because otherwise you're just deploying point solutions," he said.
Fabbi stresses the importance of identifying potential pain points before undergoing Sisyphean business application deployment. "The typical call I get is, 'Oh, I just spent millions of dollars on a Peoplesoft application, and it doesn't work very well,'" he said. "Think about it architecturally," Fabbi advises, not as "just a tactical solution for one specific app."