Depending on where it is placed in the data center, the ADC serves as the gateway to the organization’s applications. As such, next-generation application delivery controllers are strategically placed to be a single control point that can determine the security needs of applications and provide simplified Authentication, Authorization and Accounting (AAA), application control and monitoring.
One of the more recent challenges facing IT organizations is the need to support a workforce that is increasingly mobile and uses multiple devices for communications. Because an ADC intrinsically understands the difference between applications as well as traffic from Layer 2 to Layer 7, it is in the position to provide security functionality that can change dynamically based on the user, device, network, application and even the traffic itself.
For example, the intelligence provided by next-generation application delivery controllers allows an IT organization to apply a security policy to a user accessing an application from a mobile phone that is different from the security policy that is applied to the same user accessing an application from a laptop. An IT organization could also apply a policy to a particular user accessing an application from a mobile device that is different from the security policy applied to another user who is accessing the same application from the same type of mobile device.
Virtual ADCs play a role in cloud balancing
Another new challenge facing IT organizations is cloud computing, and cloud balancing in particular. Cloud balancing refers to routing service requests across multiple data centers as a way to save money, improve performance, increase availability or conform to regulatory requirements. Typically one or more of the data centers are under the control of the enterprise IT organization, and one or more of the data centers are controlled by one or more cloud computing providers.
Cloud balancing can be thought of as the logical extension of global server load balancing (GSLB). The goal of a GSLB solution is to support high availability and maximum performance. A cloud balancing solution may make routing decisions in part based on the same criteria as used by a GSLB solution. However, a cloud balancing solution extends the focus of a GSLB to a solution with more of a business focus. A cloud balancing solution may also make routing decisions based on criteria such as the cost to execute a transaction in a given cloud.
Cloud balancing is more likely to work seamlessly if there is a consistent architecture across all of the cloud data centers. One way to maintain a consistent architecture across private and public clouds is to use a virtual ADC (vADC) as described in the last chapter. These virtual appliances can be installed in virtual machines in the various clouds that comprise the global hybrid cloud infrastructure. This allows the enterprise to standardize on a single architecture across the entire cloud balancing environment as long as the virtual appliances support the hypervisors employed by the relevant Infrastructure as a Service (IaaS) providers. One of the advantages of this architectural consistency is that it ensures that each cloud site will be able to provide the information needed to make global cloud balancing routing decisions.
Over the last several years, ADCs have played a major role in securing, monitoring and optimizing the performance of Web-based applications. The importance of next-generation application delivery controllers will continue to grow in part because ADCs make it easier for IT organizations to implement granular security policies relative to which users, using which devices, can access which applications. The recent introduction of vADCs will grow the deployment of ADCs in part because they will make it easier and potentially more cost-effective to deploy ADC functionality. Virtual ADCs will also be popular because they can be easily deployed in a public cloud computing environment where it might be either difficult or impossible to deploy an appliance-based ADC. Once deployed in that environment, the vADC can provide monitoring functionality that otherwise may not have been available.