ImplementationBy David F. Carr | Posted 04-01-2008
Maximizing Network Performance
CRISIS AND OPPORTUNITY
If the pitch for application networking or application delivery networking sounds familiar, that's because you've heard it before: A few years ago, these technologies were marketed under the banners of load balancing, Web caching, proxy services, wide-area network (WAN) acceleration or quality of service (QOS) network traffic prioritization.
Today, however, they are being combined in more sophisticated ways. Application acceleration products that were once specific to Web site operations are more relevant to enterprise applications. That's partly because so many applications are Web-based and the latest generation of acceleration appliances supports a wider spectrum of protocols.
CIOs and executives overseeing corporate IT strategy don't need to know how to install or configure these devices, but they should understand the potential of the technologies and the difference they can make in the performance of key business systems and user satisfaction. Getting the best results also hinges on understanding the characteristics of corporate networks and applications well enough to choose the right vendors and deploy the technology to the right places. Achieving success also requires understanding the staffing implications for network and data center management, given that the people who configure and administer these devices need to have a more application-oriented skill set than the people traditionally charged with the care of routers and switches.
The convergence of the words application and networking reflects an overarching goal to make network devices application-fluent, meaning that they go beyond routing and switching individual packets to applying optimizations that are specific to a particular application.
For example, WAN acceleration vendor Riverbed says Windows file sharing is one of the applications in which it delivers the most value to its clients. Because it was designed for fast LANs, Microsoft's file-sharing protocol typically uses more than a thousand network round-trips for simple operations like retrieving a directory listing. That's a slow process over a trans-Atlantic network connection where the speed of light puts an upper limit on how fast each signal can travel. But because the sequence of these transactions is predictable, Riverbed's Steelhead appliances can intercept network directory and file copy requests and stream them across the network more efficiently.
Similar techniques can be applied to speed up Web applications, which require multiple network round-trips to retrieve the HTML for a page and its other components, such as images and style sheets. Web applications also benefit from compression to speed the transmission of the Web's text-based data formats.
These technologies have matured just in time to match a spike in demand for network performance, driven by the centralization of data centers, proliferation of bandwidth-hungry applications, and verbose data formats used by XML Web services and business-to-business integration.
Application delivery networking can be either the solution to the crisis of an overloaded network or an opportunity to stretch the network to support new applications at a lower cost in money and bandwidth than would be possible otherwise.
"When I heard the pitch from the QOS vendors a few years ago, my question was always, 'What is this solving for me that I can't put off for a year or two?'" says Robert Whiteley, senior analyst for network operations and architecture at Forrester Research. "But now there's a real sense of urgency. Workers and applications are evolving to become more network-dependent than ever. That's driven by Web 2.0 or service-oriented architecture--if you're going down either of those roads--or by the fact that workers are becoming more mobile."
Gartner analyst Joe Skorupa echoes this theme, arguing that today's application networking technology has become "a beneficiary of an unintended consequence of Sarbanes-Oxley compliance." Because so many of those controls are embedded in computer systems, the law has driven large corporations to consolidate their information systems in centralized locations, rather than distributing data and applications to regional data centers.
Now an employee in a branch office--or even an overseas office--who accesses corporate financial applications is increasingly likely to do so over a WAN. CIOs and network managers are learning to proactively maximize network performance for those applications if they do not want to be buried in an avalanche of complaints, Skorupa says.
The processors embedded in network appliances are now much faster, making it practical to execute more elaborate rules without bogging down the basic network functions of routing packets. That wasn't necessarily the case when the first differentiated QOS products debuted in the 1990s.
Another change is that application vendors have stopped claiming that their applications work just fine without any changes to the corporate network. "Now you'll see things like best-practices guidelines written jointly by SAP and F5," Skorupa says.
"This technology has made the jump from being a nice-to-have solution--or a Band-Aid--to being architected in from day one," adds Cindy Borovick, research vice president for datacenter networks at IDC.
Ask your CEO and CFO: Is it likely that we will need to consolidate IT operations even further during the next several years?
Ask your branch office managers: Which corporate applications run out of our central data center are experiencing performance problems? If we could improve the performance of those apps, would it have a measurable impact on productivity?
Devising an application networking strategy starts with sorting through the options and determining which ones are most important to your organization.
Application networking spans at least two big product categories. They are:
- Asymmetric application acceleration at the server level: This speeds performance through load balancing, caching and offloading tasks such as Secure Sockets Layer (SSL) encryption. F5 first gained fame helping large Web sites balance the workload for huge numbers of users and transactions across multiple servers. Citrix, with its NetScaler product line, is another major player in this market.
- WAN performance optimization: This typically requires a matched pair of devices from the same vendor at each end of the WAN connection. Vendors include Riverbed, F5 Networks and many others.
And then there's Cisco, which in January announced improvements to its application networking services portfolio, including a model in its application control engine appliance line, a mobile client for its wide-area application services (WAAS), its WAN acceleration system, and a testing and validation partnership with application vendors. While Cisco claims the greatest breadth by also providing so much of the basic routing and switching infrastructure for corporate networks, it's not as dominant in application networking.
"Cisco enjoys significant market share, but almost all of it is the old load-balancer market," Gartner's Skorupa says. Enterprises that aggressively employ the most sophisticated application networking techniques typically supplement whatever they get from Cisco with specialized products from other vendors, he adds.
Still, many Cisco customers put a premium on the network management advantages that come from using the vendor's products when possible. "It's always been our goal to limit the number of vendors we have," says Richard Bell, the manager of network engineering at auto brokerage service AutoByTel.
The firm uses Cisco's content services switch products as application accelerators for both its public Web site and its business-to-business network connections. The latter category includes XML messages the company exchanges with other brokerages to determine who can fill a particular order, and it's critical to eliminate any unnecessary delays in those transactions. "There has to be a response in two or three seconds, or they'll sell the lead to someone else," Bell explains.
Southco, which makes hinges, latches and other hardware, is another primarily Cisco shop, but it went with Riverbed for its WAN acceleration needs, says network security specialist Jesse Middleton. The evaluation team he led chose Riverbed because it had the best tools for measuring the impact on network performance.
"From a business perspective, it's always good if I can print out a report that says I increased bandwidth by X amount as of right now," Middleton says. Specifically, he could claim the technology had boosted the effective bandwidth of WAN links by about 3.5 times, while avoiding the need for costly network upgrades.
If you must choose where to put your money, or what to implement first, consider which applications in your organization are most in need of a performance boost. Do they fit into a WAN acceleration scenario, in which latency across long distances is a challenge and you control both ends of the network link? Or are they consumer-facing Web applications or business-to-business connections with partners whose networks you don't control?
One advantage of the application controller products that evolved out of load balancing and Web caching technologies is that they speed up application performance for everyone: public users of a Web site, mobile workers, employees within the firewall and business partners that connect over the Internet. Caching techniques that reduce the load on Web and application servers improve application responsiveness for everyone.
So does offloading the processing required for SSL encryption from the server onto a specialty network appliance built for that purpose. These techniques generally don't require anything special on the client side, other than some standard compression/decompression mechanisms built into modern Web browsers.
Though the performance benefits of application controllers extend to clients on the other end of a WAN link, they don't address all the same challenges as the WAN-specific acceleration appliances.
In addition to the branch-office scenario in which a WAN appliance makes sense, vendors such as Riverbed have extended their technology to cover mobile workers with a software-only client that can be installed on a laptop and link directly to a corporate network. The laptop acts as its own network acceleration appliance. Cisco's WAAS Mobile is its entry in that market.
Gartner's Skorupa believes that most enterprises have not developed the full potential of application networking in a strategic way. WAN acceleration appliances often can improve network utilization by 90 percent to 95 percent, he says, letting enterprises postpone bandwidth upgrades at a significant saving, while continuing their consolidation efforts. In addition, application controllers often serve a larger population of users with fewer servers.
"It's not uncommon to improve the efficiency of your application architecture by 20 percent to 50 percent, and when you reduce the number of servers, you also reduce the number of licenses you have to buy," Skorupa says. The latest generation of these products includes features that most companies haven't begun to tap, such as the ability to protect against security vulnerabilities at the network level, rather than by recoding software.
"That can mean the difference between getting a change made in three days versus three months," he says. "If you're talking about rewriting the application, it's hard to get anything done in less than a month."
Ask your IT staff: Does our default networking equipment vendor have the best products to address our needs? Do the advantages of sticking with a single-vendor solution outweigh the virtues of more specialized vendors?
Ask the vendors: Does your architecture encompass WAN acceleration and asymmetric application acceleration? If so, what advantage will I get from buying both from you?
Because most application networking products are delivered as appliances, implementation tends to be simple--up to a point.
"Plugging in the box was easy," says Southco's Middleton. "Deciding on the rollout of the project--and trying to decipher what the sales guy had to sell us versus what we really needed--was not."
Middleton's team ran the number of its employees and locations through the formula Riverbed provided for planning purposes, but it found that the projections didn't match Southco's actual environment, which included few multimedia applications and a Telnet-based business system with lean bandwidth requirements. "If we had followed the information they gave us in the beginning, we probably would have spent twice as much," he says.
Once installed, the appliances proved fairly simple to operate. "There's very little that can break," says Middleton. So far, Southco's IT staff hasn't needed to write a lot of custom rules to run on the appliance. The only exception was for one Lotus Domino database backup routine that was encrypted in such a way that it wasn't helped by the appliance's compression. "So the rule basically said, 'Don't mess with this port, this IP,'" he says.
Cindy Berry, a systems programming specialist at American Century Investments, says her company started using F5's BigIP appliances to improve the performance of its public Web site and gradually broadened its use to encompass internal applications and to execute more sophisticated rules. For instance, the devices periodically check one Java servlet on the company's IBM WebSphere application servers to verify that each server is operating properly. If the servlet doesn't respond, the load balancer stops sending traffic to that server until the problem is corrected.
"We have built in intelligence so we're able to see that not only is the application responding, but it's responding the way we expect it to," Berry says. Recently, American Century has started working with a performance monitoring product from F5 partner Symphoniq, which she hopes will provide a fuller picture of the performance experienced by users so her team can continue to improve on it.
There is a definite learning curve involved in using these devices to their fullest potential, Berry says, particularly in understanding the options for compression and caching and when it's appropriate to use them.
Gartner's Skorupa says CIOs must ensure that the right people are assigned to implement and manage these systems. "This isn't the traditional network plumbing," he points out. "It's more closely tied to applications than it is to switches and routers. So it needs to be assigned to application management groups, not the traditional switching and router guys.
"One of my clients has been complaining about this. He says, 'Senior management keeps giving me requisitions for network engineers, who are of little use to me. I can't hire the right people because it's the wrong requisition and the wrong salary grade.'
"The people assigned to these systems need to have broad backgrounds, including security and application performance management. And they have to be innately curious, because the market is developing so rapidly."
Ask your IT team: Do we have the right people on staff to manage this type of application networking infrastructure? Do we have application people who know enough about networking--or networking people who know enough about application requirements--to grow into this role?
Ask your technology evaluation team: Have we assessed where this technology will make the most difference and how much we need to spend on it?