Apps are On the Move, What’s a CIO to Do?
by George McGregor
People have been on the move for a while – workspaces, applications and data are increasingly accessed from mobile devices. This has had a big impact on application delivery. For any business these days, its all about apps and its all about the customer experience delivered by these apps.
Now applications are on the move too, to the cloud. The critical applications which businesses depend on are increasingly delivered from the cloud and there are clear economic benefits driving this transformation.
Not only are applications moving to the cloud but the components which make up applications are getting more numerous, more distributed and need to be dynamically managed. Micro-service architectures are driving this transformation.
In addition, as Nick Lippis pointed out in a blog here, there is no single cloud that fits all needs: in order to maximize the economic benefits and flexibility promised by this transformation, the cloud will be hybrid.
In addition, applications are increasingly being assembled with components which are deployed between on premise datacenters, private clouds and public clouds. All this must be integrated into one digital business platform which can be managed dynamically. In fact, the ONUG community and working groups are driving towards that software-defined vision of the future.
Application components have been deployed traditionally using what Gartner called an application delivery network (ADN), which was defined as “a suite of technologies that, when deployed together, provide application availability, security, visibility, and acceleration.” This concept of deploying a robust and flexible application delivery infrastructure is even more relevant as applications move to micro-services and hybrid cloud deployments.
The ADN as originally defined, consisted of an Application Delivery Controller (ADC) to distribute traffic between data-centers and applications and a WAN optimization solution to manage application traffic between the branch and datacenter. This needs an update for the cloud era, to include five key functions all working seamlessly together:
- An application delivery controller (ADC) which secures, distributes and optimizes application traffic
- A security function to manage security threats
- An access gateway function to manage access to apps by users and things
- A WAN optimization and virtualization solution
- Management and analytics software to provide visibility and automation across the whole application infrastructure.
There are some key points to consider as you evaluate the application delivery infrastructure you need to assist your journey to the hybrid cloud:
One to Any: First the basics. All the elements of your application delivery infrastructure must be available on any cloud. You need the assurance that you won’t be locked in by a choice which could lead to migrations and future costs. Identical functionality must be available on any of the clouds you use. In fact, the same feature-set should be available on any hypervisor or even in a container. This way you can support the app development lifecycle as well. The only way this can be ensured is by selecting software which has an identical code base, feature set, APIs and management, irrespective of where it is deployed.
Automation, Visibility and Analytics: Because of the increasing complexity of the app deployment landscape, you must be able to automate critical provisioning, configuration and management tasks. Management must be consistent across the hybrid cloud. App workloads will need to scale up and scale down, not just in one cloud environment but across your hybrid cloud environment. You need a powerful and flexible way of managing and correlating events from all corners of your hybrid cloud.
The application delivery environment can provide a rich set of data about apps, users and devices. You need to harness this data for application performance management, troubleshooting and security threat mitigation. Individual cloud environments provide specific tools to provide some degree of visibility, but what you need is end-to-end visibility of all the components of all your apps wherever they are deployed. You will also need powerful analytics tools and anomaly detection to enable you to proactively identify and address issues across your hybrid cloud. Finally, all of this needs to be app-centric: making it easy for app developers to deploy “hybrid cloud ready” apps as well as providing role-based access to application based performance management and troubleshooting information. Finally, open APIs and the ability to integrate easily with orchestration systems, SDN controllers and other tools and systems are key requirements.
Security: In the hybrid model, the security perimeter is no longer the DMZ on the edge of your data-center, so keeping your apps and data secure is even more of a challenge. Your application delivery infrastructure needs to provide network and infrastructure oriented security capabilities such as SSL-based encryption, DNS security and comprehensive Layer 4 attack protection. You also need a comprehensive application firewall function in order to identify application layer threats and manage them. A key requirement is to be able to enforce security policies consistently across the hybrid cloud environment.
Flexible Licensing: Another critical element is to do with ensuring that the solution elements you need can be purchased in a way which aligns with the hybrid-cloud business model. For the components of your application delivery environment you should be able to simply buy the capacity you need and then be able to deploy it where you wish: on any cloud, any “form factor”, physical or virtual. This makes sure that your investment is protected. In fact, you should be able to pay for capacity on demand and in a fully automated scenario, move licenses around dynamically as capacity requirements shift.
Reliability and Availability: Your choice of a hybrid cloud delivery model should allow you to create a cost-effective resiliency model between clouds. The concept of global server load balancing can be used to assess the health of applications and route traffic to an alternative cloud in case of issues. In fact, with a well-integrated automation solution it is possible to automatically spin up new workloads as well. Again, it is key that this isn’t tied to just one cloud, and works seamlessly between on-premise and cloud deployments.
Secure Access and Single-Sign On: Another key function which must be provided by the application delivery infrastructure is user authentication and single sign-on access to any applications, irrespective of where in the hybrid cloud environment those apps are deployed, or whether they are on-prem, SaaS or web apps. In fact, as part of the move to a hybrid cloud environment there is an opportunity to both enhance security dramatically and reduce costs by replacing existing remote access and AAA solutions with a well architected gateway function in the application delivery infrastructure.
Accessing the Apps: The way users access apps and data needs a rethink also. As applications and desktops were migrated to the data-center, the bandwidth required between the branch and the data-center grew rapidly and the WAN became very important. But now as more applications are delivered from the cloud, the traffic needs to be managed much more intelligently, application by application. Application level policies must be applied in real time to avoid “tromboning” cloud or internet bound traffic through the data-center and ensure optimal path selection, while all the time ensuring end-to-end QoS and security. A fully integrated SD-WAN solution must be deployed to manage the branch connectivity.
In conclusion, the journey to the world of hybrid-cloud is underway and we believe a careful choice of a unified and powerful application delivery environment is the way to achieve consistently high levels of customer-experience, performance, and security, both for cloud-native applications and traditional applications which are being migrated. This approach avoids the costs and restrictions of using cloud-specific or fragmented tools and unlocks the true value and flexibility of a hybrid-cloud application environment.
Citrix is participating in ONUG Spring 2017 in San Francisco and we look forward to discussing these issues and challenges with the community as we all navigate our way to the hybrid cloud. Come and see us if you are planning to attend!
George McGregor is Senior Director of Marketing at Citrix, based in California, currently leading service-provider and cloud marketing for the NetScaler business. His career has focused on software and communications technology, both in the USA and Europe. He has held product and consulting GM roles as well as senior sales, product management, and marketing positions. Prior to joining Citrix in 2013 he worked at both Juniper Networks and HP.