Monday, August 31, 2015

F5-CA - Application Delivery Fundamentals - Application Delivery Platforms

Objective 5.01 Describe the purpose, advantages, use cases, and challenges associated with hardware based application delivery platforms and virtual machines

Explain when a hardware based application deliver platform solution is appropriate

Hardware based platforms are generally more powerful, more stable, more scaleable, and may have specialized hardware capable of accelerating common tasks.
The major drawback to hardware platforms is that they come in only a few sizes, meaning you always have to buy more than what you need. Additionally, because you are using hardware, you normally have to purchase the hardware up front.

Explain when a virtual machine solution is appropriate

Virtual based platforms are generally more flexible and can be better tailored for smaller environments. In environments where performance isn't the top requirement, virtual platforms are often cheaper and more easily sized to fit.

Explain the purpose, advantages, and challenges associated with hardware based application deliver platform solutions / virtual machines

Virtual ADC Architectural Considerations

ProsDescription
Rapid deploymentAs a software solution, a vADC can be provisioned and ready for inclusion in the development process much quicker than a physical appliance.
Financial efficiency for specific workloadsBecause the cost of a physical appliance can be high relative to certain application types, use, and deployment scenarios, organizations sometimes have to choose between doing nothing and running application infrastructure sub-optimally. With a v ADC, cost can be charged more easily to a specific application workload and the vADC can be dedicated to that workload.
Failure isolationIn the event that the failure of a specific application configuration causes the failure of a physical device front- ending many applications, it will failover to the redundant unit. However, all applications could then be affected. By dedicating a vADC to specific application workloads better fault isolation is created.
ManagementBeing part of the hypervisor vendor's overall management framework can simplify the movement and management of the vADC. Coupling a vADC to specific applications makes it a more integral part of the overall ecosystem.
ConsDescription
High availabilityThe same degree of high availability achieved with a purpose-built pADC cannot be realized by commodity server hardware.
SecurityInstead of a completely hardened system, a shared environment is used in which virtual appliance security is dependent upon the hypervisor vendor and the commodity server vendor.
ScalabilityCertain high performance offload services do not have direct access to hardware. Commodity servers also lack purpose-built ASICs for offload. Both impact the scale and throughput of a vADC.

Physical ADC Architectural Considerations

ProsDescription
High availabilitypADC hardware designs are carrier-hardened for rapid failover and reliability. Redundant components (power, fans, RAID, and hardware watchdogs) and serial-based failover make for extremely high up-times and MBTF numbers. Commodity hardware of this type is costly and will not be integrated with the ADC software.
SecurityMost pADC appliances and systems are security hardened and proprietary to the vendor. pADCs are not dependent on other vendors' security implementation or lack thereof. With hypervisors, there are known and potentially unknown vulnerabilities. To a certain extent, virtual appliance security is thus dependent upon the hypervisor vendor.
ScalabilitySome pADCs have unique high-speed bridge and offload ASICs for such capabilities as high performance L4 processing, SSL, and compression, which enables them to be a cost-effective aggregation point for many applications or high-performance/throughput applications where latency matters a great deal.
ManagementA pADC has special lights-out management capabilities so regardless of a physical device issue it can still be accessed, diagnosed, and fixed. Management can be less complex because the application delivery functions are centralized in a single device instead of distributed across the data center.
ConsDescription
Rapid deploymentShipping a physical product, racking, stacking, and cabling takes time and adds cost to a deployment. It is also not well suited for agile development environments and QA labs.
Failure isolationIn the event that the failure of a specific application configuration causes a physical device front-ending many applications to fail, it will failover to the redundant unit. However, all applications can then be affected. Thus a combination of both physical and virtual ADC can simultaneously provide both failure isolation and scale.

Given a list of environments/situations, determine which is appropriate for a hardware based application deliver platform solution

Given a list of environments/situations, determine which is appropriate for a virtual machine solution

Explain the advantages of dedicated hardware (SSL card, compression card)

SSL encryption and decryption can potentially place a heavy load on servers. By using dedicated hardware such as an SSL encryption card, this load can easily be migrated away from the servers, thereby allowing them to function faster and provide more services. Additionally, the dedicated hardware is normally capable of handling the workload for multiple servers, allowing the investment to be utilized by several services.

More Information:

Increase SSL Offload Performance
Creating a Hybrid ADN Architecture with both Virtual and Physical ADCs

Objective 5.02 Describe the purpose of the various types of advanced acceleration techniques

Describe the purpose of TCP optimization

While there are near endless options when it comes to web acceleration, and we will explore many of them, it’s usually best to start from the beginning, as it were. In this case, as with almost anything on the wire, “the beginning” happens to be the TCP stack. While most may immediately want to jump to web server and browser settings when posed with the “how do you get more out of your application?” question, they would honestly be missing a fair quantity of possible gains. We will certainly tweak those things as well, but let’s work our way up to that.
To begin with, we first want to ensure that we’re using optimized TCP settings. There numerous options at this layer that can be customized to suit your particular application needs. While each of these can absolutely be custom tweaked, we also offer profiles on the BIG-IP that are excellent starting points. Profiles allow you to configure a set of options for a particular scenario or application and re-use or apply it as desired easily. To start with we’ll be selecting the appropriate profiles for our application.

Describe the purpose of HTTP keepalives, caching, compression, and pipelining

Caching is the local storage of network data for re-use, to cut down on transfer time for future requests. With Web pages, static caching simply serves objects -- typically images, JavaScript, stylesheets -- as long as they haven't passed their expiration date. But static caching can generally only be used for about 30 percent of HTTP requests, and that does not typically include high-value dynamic data.

More Information:

Oneconnect
Compression
Pipelining
Application Acceleration
Application Acceleration Architecture
WAN Optimization Manager
TCP Optimization and Compression

No comments: