Load balancer specialist Kemp Technologies revealed a new software architecture that allows engineers to conduct Layer 4-7 service insertion from any vendor through a single platform on a bare-metal server. The goal is to simplify network functions virtualization and service chaining in multi-tenant environments.
Dubbed Condor, the Kemp software is most comparable to Citrix Systems' SDX hardware platform, which allows customers to run third-party services like Palo Alto Networks' firewall on the same platform as a Citrix NetScaler application delivery controller, said Andrew Lerner, research director at Gartner.
Condor offers this same flexibility, but through software on a bare-metal server.
"Condor is to Layer 4-7 services as a hypervisor is to a server," Lerner said.
Today an enterprise or service provider might build a multi-service appliance on a hypervisor host with dedicated virtual machines (VMs) for each service, including firewalls, Web application firewalls (WAFs) and load balancers.
Condor removes the need for a hypervisor, which reduces complexity and cost, but also simplifies operations because engineers don't have to buy, install or maintain a middle layer of hypervisor software, Lerner said.
"Building up a virtual appliance with multiple virtual network functions in a single container is largely a manual process today," said Atchison Frazer, Kemp's chief marketing officer.
More on virtual Layer 4-7 services
Embrane pushes L 4-7 software-defined service chains
NetSocket introduces end-to-end network virtualization with layer 4-7 services
In mobile networks, SDN and NFV enable service orchestration
While Citrix's SDX relies on third-party partnerships, Condor is an open platform. In theory, customers can integrate virtual services from any third party into the platform on their own, although Kemp will offer to do this for customers. In fact, Condor is offered as free software, but Kemp will monetize the offering through its own load balancers and integration of other virtual network functions.
"Customers can say, 'I want to use a WAF from one vendor and an ADC [application delivery controller] from Kemp and a WOC [WAN optimization controller] from Elfiq. You import those instances into this platform, press a button and poof, you have service chained architecture," said Peter Melerud, Kemp executive vice president of product management.
Kemp intends to announce formal vendor partnerships around Condor at a later date.
"We've had conversations with WAF, next-generation firewall and intrusion detection vendors," Frazer said. "We're hoping that if we are successful seeding the market among those, there may be other third parties that customers will bring to our attention."
The initial use case for Condor will probably be around WAFs, since Kemp has no WAF capability on its load balancers, Gartner's Lerner said.
Condor is intended for both service providers and enterprises. While many service providers have already moved toward network infrastructure that allows for NFV and service insertion, enterprises are seeking a simpler path toward service chaining. Kemp is hoping enterprises will see the single platform as a simpler road in, Melerud said.
Condor also lends itself to a cloud-managed scenario for both enterprises and service providers.
"There is a large on-premises legacy [of Layer 4-7 services] that will move to the cloud or hosted model, and the ability to do all that in software is very attractive, [especially] to the service provider with deep expertise in application workloads," Frazer said.
For larger deployment with Condor running on multiple bare-metal servers, Kemp has also embedded OpenFlow support in the form of an Open Virtual Switch agent on Condor. The OpenFlow agent will allow a service provider to service chain NFV software with an OpenFlow controller.
Rivka Gewirtz Little contributed reporting to this story.