Physical or Virtual ADC: An Either/Or Choice?

Are vADCs a wholesale replacements for pADCs? Can't these application delivery controllers co-exist?

By Alan Murphy, Senior Technical Marketing Manager, F5 Networks

Application delivery controllers (ADCs) are typically physical appliances -- pADCs -- located at the data center edge. They provide advanced application delivery and load balancing features to applications running on both physical and virtual machines. Regardless of where applications are running, those applications need security, acceleration, and availability, and ADCs provide these services.

As more IT organizations try to cut costs by virtualizing and consolidating infrastructure components, the application delivery network (ADN) -- which includes the components that deliver application security, acceleration, and availability -- is also being incorporated into the virtual infrastructure. This virtual replacement strategy is a growing trend to reduce costs in IT, but it doesn't necessarily hold that all physical devices or appliances should be ported to virtual machines and consolidated onto shared hardware servers. Despite evaluating the appropriate use cases, many ADC vendors have rushed to create virtual ADCs (vADCs) that, in theory, help to improve application mobility.

To date, vADCs have generally been considered replacements for pADCs in the data center but, unfortunately, the replacement strategy hasn't provided any new solutions or real benefits beyond that of reducing hardware. In some cases, deploying a vADC may actually be a detriment to the ADN. Many first­to­market vADCs have inferior application delivery features to their pADC counterparts -- that is, they're little more than simple software load balancers. Although vADCs can help reduce costs, the savings may not be worth the sacrifice in functionality. (Ideally, to be true replacements for pADCs that genuinely improve application mobility, vADCs would at a minimum need to be full-featured versions of pADCs and preferably include advanced features for added value.)

Physical or Virtual: Choose One or Use Both?

The quality and functionality of current vADC offerings begs the question whether replacement is really the right solution. Should IT be choosing between pADCs and vADCs? Is the decision only about CapEx? More important than asking which to choose, IT should be asking, "What is our final goal for deploying an ADC?" Depending on the answer, it may be that a hybrid solution is more appropriate than choosing one or the other. Each has its merits.

pADC: The Gatekeeping Workhorse

When evaluating ADC needs, the first and most important consideration is location. If the ADC will sit at the data center edge to provide application security, optimization, and availability to applications, chances are it's a mission-critical component for data center applications. As such, it will be expected to manage large amounts of application connections and data. For mission-critical roles such as these, it's usually best to deploy pADCs because they often run on purpose-built hardware and are finely tuned for features such as application delivery, SSL acceleration, and compression. In contrast, vADCs can't perform or scale application traffic to the levels a pADC can handle. Clearly, pADCs offer significant advantages for high-end performance and dedicated services, and for these reasons should not be replaced indiscriminately with vADCs.

After location, bandwidth and other networking requirements such as user connections, session management, and transactions per second are the most important considerations. High-end pADCs running on purpose-built hardware are able to scale up to speeds approaching nearly hundreds of gigabytes of sustained application throughput and manage hundreds of thousands of transactions per second. Unlike pADCs, vADCs are virtual machines running on commodity hardware and network cards with shared network drivers and therefore must compensate for the additional processing components in the hypervisor layer. The lack of purpose-built hardware limits how and where vADCs can be deployed. When speed and throughput are the primary goals, a pADC is the more appropriate choice.

vADC: Agility at its Best

The most obvious benefit of vADCs is their flexibility: they are portable, affordable, and easily deployed. This is particularly relevant in the application development environment. Typically, for both financial and logistical reasons, pADCs are not available at the evaluation, design, development, testing, QA, and staging phases of application deployment. Consequently, the ultimate use of an ADC is often not taken into account. A developer might, for example, build SSL traffic management features into an application only to learn later that SSL tasks will be offloaded to an ADC when the application is moved to production. Because applications are rarely built in a realistic user environment, they often don't work as expected when moved into production due to limited availability of pADCs during design and testing.

Full-featured vADCs have the potential to introduce an entirely new workflow in application deployment because their affordability and portability make them easy to deploy early in a project. When vADCs with the same configurations and settings are available to application, server, and network teams, they can help break down traditional barriers and provide an opportunity for these teams to build application delivery policies at any stage of application deployment.

If the vADC vendor has designed it as part of the entire ADN solution, then the vADC can open new architecture models not available with a pADC. If the vADC is designed simply as a software replacement for the pADC, then these models are not available because of the lack of flexibility in the vADC design. A vADC might never be appropriate as an "application gatekeeper," but it is well suited to work with application-specific services and virtualized workloads. For example, by adding a full-featured vADC to a pool of virtual Web servers running SharePoint, the vADC, which includes a SharePoint template and preconfigured application settings, can host that application template as part of an entire application service bundle. As application bundles move between data centers or clouds, the vADC moves with the applications, providing constant levels of optimization, security, and availability. Bundling applications with Web services provides more portability and agility.

Together, the Best of Both Worlds

Because each has its own merits, it would be a mistake to think of vADCs as wholesale replacements for pADCs. Rather, we should be thinking of vADCs as tools for extending the reach of the existing ADN to other data centers and to external clouds, as well as for offering new application deployment models -- models not available to either ADC solution when considered independently. A hybrid model -- where vADCs and pADCs co­exist as a unified solution -- offers a flexible and agile ADN and can improve application deployment. In short, vADCs have the potential to radically change application delivery.

Alan Murphy is a senior technical marketing manager at F5 Networks.