The Zeus Blog: Application Delivery, Cloud Computing, Load Balancing, Virtualization

Hasbro yesterday launched an online version of the perenial favorite Monolopy, MonopolyCityStreets, using the GoogleMaps API. Unfortunately, at launch it all came to a grinding halt.

It would appear reading Mr Monopoly's blog (I assume that's him in the top hat), that the 1.7 million unique visitors on day one! Was a bit more than anticipated.

Details are a little sketchy on quite how the game is hosted, though there are reports of a CDN being involved for the static content. Even with this however, performance today (15 hours or so after kick-off) is still patchy and generally poor.

There has been quite a bit of coverage of this "epic fail", so possibly the "any publicity..." adage could be called into use. But from a personal perspective (and from the majority of people I have read/talked to), this is an example of the 6Ps not being applied.

Ok, the 5Ps? Whilst I was a member of Her Majesties Armed Forces (100% success rate of protecting Britain from invasion, is the quote on my CV), the 6Ps were an often used reminder when things did not go right. The 6Ps in question are "Prior Planning Prevents P*** Poor Performance", apologies for the asterisks this was used in the Army after all!

I realise there is a balance to be struck between the amount of investment in an application's architecture, and the expected revenue to be made from the site (this game seems to be a marketing ploy, so we can guess that the budget was not infinite). However, with the recent arrival (relatively) of Cloud Computing, and the intelligence available in Application Delivery products (oh I don't know, what about that nice one from Zeus Technology), it would not be beyond the realms of feasibility to create a self-scaling environment that could grow to meet any demand. The important bit is that it could also be designed to gracefully scale back down again (probably pretty quickly after the initial deluge of land grabbers!).

One could also build in some limiting factors to restrict the number of users hitting any element within the infrastructure, to a threshold it could handle. So that when it gets too busy, those already using the application do not suffer poor performance due to the large numbers of people trying to also use the application!

By having a really slow application, it takes longer for people to get their tasks done, which has the knock on effect of increasing the size of the crowd using the application i.e. if users can get in, do their task, and get out quickly there is less chance of an application becoming overloaded and not working for anyone!

Simply monitoring the response of the nodes being managed, then just before the weight of traffic brings them crashing down, redirecting further requests to either a waiting page/zone (not ideal), or better to extra resource spun up on the fly to meet demand would be a more elegant way of approaching things.

I am now off to buy up more of the streets in Frinton-on-Sea, a very desirable area of MonopolyCityStreets...

Nick Bond

A chap on Twitter was asking for this type of article, we did not have one, and neither did our competition. In fact I could not find a good example anywhere. The result is that I have written this, I won’t claim it is very good, but it is a little better than nothing (or out of date items).

Load Balancing is a generic term used to describe a set of practices with the aim of achieving resiliency/redundancy/scale in a farm of similar application servers.

Most commonly, this terminology is used in connection to web or Internet facing servers (though any application is a candidate for load balancing). Which raises the most important question, what is it you want to achieve?

In a lot of cases this will be simply, failover (or redundancy). This is where you have an automatic capability that should your application fail on one server, a second server takes over the task. In this scenario, work or session information may be lost, but users are able to continue/restart with the minimum of downtime (i.e. time in which they cannot do anything).

Failover is nearly interchangeable with the terms resilience and clustering, it is simply down to the preference of the person talking about this space what terminology they use. I tend to use redundancy/failover to mean an active/standby scenario. This is where you have one instance of the application running at any one time, with the capability of switching which is active automatically and/or by an operator’s intervention.

I use cluster when we are talking about multiple instances running at the same time with the work load being spread across them, this is true load balancing. The advantage of this type of operation is that it also allows your applications to scale to deal with numbers of users that would be greater than one server could manage.

So how do you do all the above? Or more importantly, where do you do this work? There are two places, internally to the application and externally. Many modern applications have a concept of failover or redundancy, and a few are able to cluster themselves. There are also third party products (often in the form of a plug-in) that can achieve this.

The problem is that they are often simplistic, and that they add more compute load onto the servers (they are having to work out and manage the distribution of load, as well as working on the actual task they are there for).

Therefore it has become almost standard to deploy an external load balancing product in applications that have a large audience. With the advent of Cloud Computing however, there has been a bit of step backward in this respect, due to the smaller scale of many deployments and the limitations of the clouds themselves. But this is changing rapidly, as the functionality is added by cloud vendors and the “deployers” of these applications become more aware of the possibilities of load balancing.

So let’s focus on external load balancing. This is a product space that has been around for quite a few years now and has undergone a couple of dramatic evolutionary leaps.

Before load balancing by a dedicated device or application, we had DNS round robin (though this is probably better described as load sharing as no measurement of the load is taken into account). DNS round robin is still a valid method and there are companies that are willing to do this for you as a service (even adding intelligence in terms of availability of the service).

The next step in the evolution of the load balancing space was to put “something” in front of the servers and have this make a decision on which server to send the traffic to. In their earliest forms these were pretty simple devices that sat in the path of the traffic “messing about with IP addresses”(tm)! What this meant was that the service was identified as IP1, which translated as the load balancer. The load balancer would forward connections aimed at this IP address, but changing the destination IP address to that of one of the servers (IP2, IP3 etc) configured for this service. On the way back the load balancer would change this IP address back to the original.

Functionality was added around this, such as health monitoring to ensure that the servers in the farm or pool were actually up and working. A huge number of other enhancements have occurred to this generation of the load balancing family, but this is the core behaviour. A good and bad point is that it enables applications to scale, by adding more servers to those available for a specific service. This is great as it allows scaling, it is bad as it engenders rather inefficient use of resource.

It was this problem that the second generation of the load balancing family tree first addressed. This was achieved by a dramatic re-architecting of the core behaviour. Rather than being a lump in the network passing through the connections, the products became application proxies (though most called themselves accelerators). What this change meant was that rather than passing on the connection, the proxy terminates it and initiates a new connection of it’s own for the communication between itself and the server. This means that individual requests from multiple clients can be sent down the same connection from the proxy to the server.

The result is that there can be dramatic improvements in the performance of the servers as they are not having to work as hard. For example, rather than trying to setup and tear down lots of TCP connections per second, there can be a much smaller number of long lasting connections that are reused again and again. Similarly, rather than coping with lots of high latency connections eating up processing and memory resource, all the servers see are fast local connections from the load balancer (accelerator).

Other performance improvements are also available by offloading SSL encryption/decryption work to the proxy and manipulating/inspecting XML on the proxy.

All of the above reduces the amount of work required from the servers behind the proxy, so much so that in most cases some of this server resource can be removed. So rather than adding servers to scale your applications it is possible to remove servers whilst still being able to handle larger amounts of traffic.

Along with the improvements in performance, a trend started in this generation of the family to add more intelligence to the products. Functionality such as the ability to inspect, modify, remove HTTP headers, and to make forwarding decisions based on the content of the traffic became common. It is this sort of functionality that causes these devices to sometimes be called content switches.

We now reach the third generation of this family (which is where we are today), basically take everything that has gone before i.e. all the load balancing and acceleration, but wrap around it a huge degree of intelligence to manage the application traffic on the network.

This generally means the addition of a scripting language and an API to the product to allow granular control of what happens to the application. I tend to talk about this type of functionality as a translation between how the business describes behaviour and how this is enabled on the network. For example when the CEO says it would be good to be able to differentiate between users (e.g. gold card holders and silver card holders) of the application, and ensure the high value users get a good service even during busy periods. The scripting language is the tool to make this happen with the application on the network, by (for example) identifying the users (by account number), monitoring the performance of the servers, and when this drops to a certain threshold slowing down the connections of the silver card users.

This generation is mostly labelled Application Delivery Controllers (ADCs), a term coined by Gartner a few years ago.

One word of warning, all the above descriptions and categories are not hard and fast rules. There is a lot of cross over and blurring of functionality. There are a couple of vendors who, though still selling what is in essence a load balancer (from my definition) albeit with a lot of functionality, call them ADCs.

There are also two other ways in which the products in the family tree are differentiated. One is by commercial and open source versions, and the other is the split of the space into hardware appliance type products and software application products.

Historically the hardware appliance was King of this space for a couple of reasons. The first being that the majority of the commercial players came from a network hardware background and therefore this was the natural thing for them to do. Also, until fairly recently commodity hardware was not powerful enough to run these products. Custom ASICs and Network Processors were required to achieve the performance needed in these tasks. This has dramatically changed and it is fair to say that similar performance can be achieved whatever route (hardware or software) you take, and the decision is now more about features, ease of use and value for money than raw performance. Most devices can outperform the network connectivity of even the largest websites.

So what does the future hold for this family of products? For some time application delivery has become an integral part of how organisations take their services to market. More and more work that was previously done inside the application is being shifted to the ADC sitting on the network. This is especially true of tasks that need to be replicated across a number of services, e.g. authentication, geo-ip lookups, content translation (i.e. for mobile devices). This makes the ADC an essential part of the application.

Now with organisations looking at moving (or developing new) applications to Cloud infrastructures it is important to take this functionality into the Clouds. However, most cloud vendors are not in a position to offer more than simple load balancing. If you need the higher functionality that you have become used to, you need to deploy an ADC in your Cloud environment yourself.

The problem with this is that you obviously cannot float a hardware appliance in a virtual data centre. Therefore the future, almost by default, has to be in software ADCs. It is for this reason that Citrix recently announced their own virtual product, only 6 years after ZXTM became available as a software product. Other vendors will probably be following along later.

The following diagram is a snapshot of some of the players in this space and how they fit into the different functional generations of this space.

Nick Bond

A combination of inputs forced this blog post from me.

I read with real interest the Citrix release re VPX, their new (very new, just a preview) Software Application Delivery Controller. Our very own Owen Garrett’s response says a lot of what I would have said on the subject.

At about the same time as this release was hitting the streets (or should that be Tweets?), we were having a conversation in the office about the viability of open source or commercial software network infrastructure.

Obviously we were aware that it is possible, what was of more interest was the capability of the products that was our interest. On the security front, software was pretty much where the products started, and only later in the evolution of the space did the appliances start to appear. Now we have come round to the software products leading from the front again. The number and range of firewalls and VPNs alone is quite astounding.

There are now also commercial and open source routers, Matthew Nickasch over on the NetworkWorld site talks about these. What we are seeing is the coming of age of software products in the spaces once ruled by the hardware appliance. This movement is driven, in the main, by just how capable commodity hardware has become. The old proprietary appliance versus software arguments can surely now be put to bed.

In test after test, and customer quote after quote, we hear the same thing, that software can achieve the same performance as the appliance but (and here’s the important bit) at a fraction of the price (here’s a typical Zeus example).

Yes, the price issue.

Obviously the present economic state of the whole World, makes virtually every organisation somewhat more price sensitive than they may have been in the past. The price/performance double whammy is driving customers into the open arms of the software vendors. Here is our version of that particular story.

Analysts are also realising what is happening in these markets. In the market place that Zeus operate in, Gartner Research’s Joe Skorupa has been recent quoted as saying "SoftADCs will be an important component of the ADC market, serving customers from small to midsize enterprises, where price is critical, to large enterprise and cloud data centers, where flexibility and agility are paramount,". We will be watching this space with increased interest : )

Citrix, as a major software vendor, were always favourite to create a software version of their Netscaler products (especially with their virtualisation business). However, they seem to have been a little worried about killing the golden-egg-laying-goose and have pulled back slightly. How heavily Citrix will push their software version and with what success remains to be seen.

What is certain is that Virtualization technology is revolutionizing the legacy server-centric datacenter, and Cloud Computing (outsourced virtualization) promises to build on this further to deliver huge cost savings in both capital and operational expenditure. As organizations look to embrace the benefits that Virtualization can bring to their datacenter, software is really the only option as you move forward.

This diagram below demonstrates the evolutionary process of moving from physical hardware in the datacenter to Virtualization technologies and beyond into the Cloud.

Nick Bond

I have been reading heavily the last few weeks, mainly about the various thoughts that are crystallising in individuals and groups minds around the world on the whole “Cloud” space.

The conversations on the Cloud Computing Interoperability Forum have been particularly interesting, and some of the comments and other blog posts they have generated got me thinking. Particularly ones from Lori MacVittie More on the Meta-data Menagerie, and from Mark Masterson RAIC – pronounce it “rake”, please.

Lori also linked to Rich Miller and his coining of the phrase “peripatetic workload computing”. All of these pieces (and probably a few other snippets from elsewhere) have just caused a critical mass in my head. Causing this outpouring of my second blog post!

I was, initially, in total agreement with Lori in her post. Where she talks about how difficult it could potentially be to create an exchange format for moving, not just your applications from one cloud to another, but also the supporting stuff. Lori and I have similar interests in the advanced application delivery functionality of our respective products.

However, I soon realised that the problem is only difficult if you look at it from a “legacy” hardware appliance point of view, i.e. that you expect this functionality to be embedded in and provided by the Cloud vendor/owner. Recent moves seem to indicate that this is probably not going to be the model that will survive, see these developments at Joyent.

What I believe we will see is that simple load balancing functionality will be built into the cloud, not going much beyond the capability to load balance across a number of IPs. See GoGrid’s current offering, and Amazon are planning similar functionality.

This leaves users having to provide their own advanced application delivery functionality, in the form of Virtual Appliances deployed into the Cloud in exactly the same way the application servers are. In fact many organisations are looking at this functionality as an extension of the applications they are building.

Therefore the actual transfer of this functionality is managed in exactly the same way as the transfer of the application. As long as a virtual machine of sufficient size/power is available (or there are pre-built virtual machines of your preferred application traffic manager), then there is no longer a problem.

Right ,so we have the data portability sorted (RAIC), and now the application delivery functionality portability sorted. What’s left?

Nick Bond

Those of us wishing to be fashionable are all talking about the Cloud phenomenon. So let’s jump on that bandwagon with a question.

The “how do I do it?” one seems a good place to start.

Firing up a couple of fluffy cloud servers, and loading up your web/application servers on them is easy. But how do you turn this initial proof of concept build, into a real business class application infrastructure?

In your real, physical (look I can touch it) data center, you have probably been worshipping at the altar of the Hardware Appliance for all those important jobs. It’s dedicated tin it must be faster. At least that’s what we in the network world have been told for a long time now, and yes it used to be true.

However, in the last few years this “fact” has become less true. With the rise of (relatively) cheap, multi-core, multi-processor generic servers, fast performance is in the grasp of any organization that chooses to deploy a software version of a hardware appliance. Especially for those complex tasks requiring high intelligence. Even in the big-tin-boxes this sort of work has never been done in the “custom” ASICs or network processors, or whatever else it is, that is claimed to make them fast. Those sorts of tasks are done in the CPUs, and generally those CPUs are a couple of generations behind the ones available in the generic servers.

Of course the most important distinction between a big-tin-box and a piece of software, is that one is big and heavy, and the other exists as a whole load of 1s and 0s (i.e. quite light really). This is a particularly important distinction when we talk about virtualization, of which Cloud Computing is an extension.

An organization going down the virtualization road will probably initially use their existing hardware network appliances. The problem with this is that one of the main reasons for virtualization in the first place, is to reduce the amount power used and heat generated. Therefore, it makes little sense to circle your consolidated servers with loads of power gobbling, heat generating pieces of tin.

This becomes an even more important aspect if you start to think about using a cloud service to deploy your applications in. Moving from a fully virtualized (i.e. with all the hardware appliances converted to virtual appliances), to the cloud is a lot easier than trying to float when you have physical boxes anchoring you to the data center.

Therefore, the answer to “how do I do it” is with software, not legacy hardware appliances. Start planning to use the cloud now, by virtualizing your applications (and the associated infrastructure), today.