Linking the network and the virtual machine

Damian Reeves

Chief Technology Officer

Zeus Technology

Damian Reeves, CTO, Zeus Technology

Zeus develops Application Traffic Management Software that makesnetworked and web-enabled applications faster, more reliable, secureand easier to manage.

Founding member of VMware’s VDIMember of VMTNVMware Technical Alliance partner

Come and talk to us later, at booth #TODO

Introduction

Managing Application traffic

Web Servers:Apache, IIS, Zeus…

Web Application Servers:WebLogic, WebSphere, JBoss, .NET, OWA

Web Services:SOAP, XML-RPC

Remote desktopsRDP

Other TCP/UDP services:Mail (POP, IMAP, SMTP), DNS, Database, Media…

Manage traffic to clusters of machines to deliver reliability, scalability, manageability

Existing Solutions

F5: Big-IP 9 Local Traffic ManagerCitrix NetscalerCisco CSS and Catalyst devicesFoundry Server Iron

Have viewed application traffic management as a task for the networkAre ‘packaged’ as proprietary hardware appliances

The next generation of Application Traffic Managers

Drive to put more and more intelligence into the traffic management layer

Deep packet inspection, request and response processing, XML processing

Hardware and ASIC based solutions are inflexible

New generation of Software-based traffic managersF5, Netscaler and some others are on boardCisco is following with AON product line (most ambitious of all)

Zeus ZXTM Product

Software-based Application Traffic Manager.Uniquely deployable in Virtualized Environments, as well as traditional servers, blades and appliances.

Other unique capabilities:Powerful TrafficScript programming languageTrafficScript is fully XML-literate –XPath, XSLT, ValidationIntegration possible with SOAP-based Control API

SSL DecryptionService ProtectionRequest RulesTCP offloadReq. Rate Shaping

SSL DecryptionService ProtectionRequest RulesTCP offloadReq. Rate Shaping

SSL DecryptionService ProtectionRequest RulesTCP offloadReq. Rate Shaping

Load BalancingSession PersistenceSSL EncryptionBandwidth Mgmt.

Load BalancingSession PersistenceSSL EncryptionBandwidth Mgmt.

Node

Node

Node

Node

NodeNode

NodeNode

NodeNode

NodeNode

Response RulesContent CompressionHTTP CachingService Level MonitoringBandwidth ManagementTCP OffloadRequest Logging

Response RulesContent CompressionHTTP CachingService Level MonitoringBandwidth ManagementTCP OffloadRequest Logging

Response RulesContent CompressionHTTP CachingService Level MonitoringBandwidth ManagementTCP OffloadRequest Logging

VirtualServer

ZXTM

PoolPool

PoolVirtualServerVirtualServer

ZXTM

PoolPoolPoolPool

PoolPool

MonitorsMonitors

Monitors

MonitorsMonitorsMonitorsMonitors

MonitorsMonitors

ReportingWeb-based UISOAP Control API

ReportingWeb-based UISOAP Control API

FasterOffloading compute intensive tasks to specialised software• SSL• Content Compression• XML searching, preprocessing and

postprocessing• HTTP Response CachingProtocol OptimizationTCP Optimization

Problems that Application Traffic Managers solve

Accelerating SSL on Apache

http://news.netcraft.com/archives/2005/08/23/banks_shifting_logins_to_nonssl_pages.html

Sustained Request Rate - SSL (higher is better)

0

500

1000

1500

2000

2500

0 200 400 600 800 1000

Simultaneous Users

SSL

Tran

sact

ions

per

sec

ond

ApacheZXTM

Average Response Time - SSL (lower is better)

0

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

0 200 400 600 800 1000

Simultaneous Users

Resp

onse

Tim

e (m

s)

ApacheZXTM

Error Rate - SSL (lower is better)

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

0 200 400 600 800 1000

Simultaneous Users

Erro

r Ra

te

ApacheZXTM

Apache’s performance under latency is poor

HTTP Transaction per Second (higher is better)

0

2000

4000

6000

8000

10000

12000

0 20 50 100 200 400

Round Trip Latency (ms)

TPS

APACHEZXTMZXTM-CACHE

HTTP Transaction Time (lower is better)

0

0.5

1

1.5

2

2.5

3

3.5

4

0 20 50 100 200 400

Round Trip Latency (ms)

Tran

sact

ion

Tim

e (s

)

APACHEZXTMZXTM-CACHE

Problems that Application Traffic Managers solve

More reliableCan scale services so that they still function under loadCan detect service failures and route around them

More secureSingle point of entry; isolates servers from remote, untrusted clientsProtocol securing• Application Traffic Inspection• Example: ZXTM made servers immune from HTTP Smuggling

attacks

Problems that Application Traffic Managers solve

Easier to Manage:Visualisation tools for the infrastructure:• Diagnostics for performance or availability problems• Faster time-to-fix• Critical path analysis

Manage your traffic• Application sensitive traffic authentication, transformation and

routing

Intelligent Traffic Routing in an RDP Environment

Imagine a remote desktop scenario:Datacenter in one location, call center staff in anotherMobile desktop users

Current SolutionsCitrix/Terminal Server/ICAVDI-style RDP based

First Generation Solutions

Alice’s Desktop192.168.28.104

Bob’s Desktop192.168.28.176

Chris’ Desktop192.168.28.211

Deploy intelligent connection manager, ZXTM, between clients anddesktopsEnables single point of contact – easier to manage and deploy

ZXTM identifies users during login Connects user to their own desktopTells VMware to resume desktop first if need beUse pools of VMs for access to generic applicationsReduce hardware required by another factor of ~ 3Easier, cheaper maintenanceAutomated recovery from server/VM failures

Next Generation Solution – Connection Manager

Schematic

Remember TrafficScript?

$body = request.get();

string.regexmatch( $body, "mstshash=(.*)\n" );$user = string.trim( $1 );

$body = http.request.get( "http://10.100.88.12/rdp/desktop.cgi?user=".$user, "" );

$code = $1;

if( $code != 200 ) connection.discard();

$desktop = string.trim( $body );log.info( "Mapped user ".$user." to desktop ".$desktop );

connection.setPersistenceClass( “desktop” );connection.setPersistenceKey( $desktop );

pool.use( “desktops” );

Managing traffic with agility

What do I mean by ‘agile’?

What enables this agility?

Common ‘agile’ way of managing changes:

Test, Deploy, Migrate, Reap

Customer Example: BT.com

Hosting complex BEA WebLogic-based applicationSeveral hours downtime for each application update!

Legacy Service Instance

Generation 31

Current ServiceInstance

Generation 32

Next version(in development)

Generation 33

Customer Example: BT.com

User

Developer

New User

Current Service Instance

Generation 31

Next version(in development)

Generation 32

Closing the Loop

A Traffic Manager like ZXTM has a unique overview of applicationstatus:

Performance: response times, errorsAvailabilityLogin and other events

ZXTM could then initiate a provisioning action

Reporting and alerting toadmin for manual interventionReporting and alerting to‘utility manager’

When managing Remote Desktops

Resource ReallocationZXTM can initiate resource reallocation (or work in sympathy with it)

User connection trackingWhen is it ‘safe’ to perform remote administration?

Security policiesZXTM is another place where security policies can be implemented

End-to-end SSL wrappingKnown man-in-the-middle attacks

The ‘Utility Manager’

Dynamic provisioning and migration of applications to meet business demandsZXTM is a complementary component:

Deployed within the virtualized environmentMonitors the performance of services within the virtualized environmentAs performance problems are detected, ZXTM alerts the Utility ManagerUtility Manager (VirtualCenter) provisions a new application instance and informs ZXTMZXTM intelligently routes and balance traffic across all the instances of the applicationAll communication and configuration takes place via VMware’s and ZXTM's SOAP APIs.

ZXTM can provide a fundamental monitoring and traffic management service within virtualized environments

Not quite like this…

More like this…

Using the Utility Manager: Examples

ZXTM detects that a service has failed1. ZXTM requests that Utility Manager restart VM from known good

snapshot

ZXTM detects that a service is underperforming1. ZXTM informs utility manager

• Utility manager decides to VMotion one or more VMs2. Utility manager tells ZXTM to ‘drain’ the VM3. VM is VMotioned (unavailable for 30 seconds or so…)

• ZXTM uses other VMs, or failpool returns ‘Too Busy’ message4. Utility manager tells ZXTM to ‘undrain’ the VM

Future Trends in Service Provision

Desktop provision will be a small part of the internal service provisionDistributed applications built from components (SOA model)This offers even greater technical challenges

Monolithic applications being replaced with service components

Point-to-point communications untenable as complexity / volume increases

Introduction of ESBs – a new bottleneck

Future Trends in Virtualization Integration

Today:Manage Virtual Machines?

or…Manage Entire Services?

Future Trends in Traffic Management

Available as software components, supported on VMware and other virtualization platforms

Zeus’ initiatives with Virtual Machines

Wrapping Up

Thank you for your time and attention.

Any questions?

http://knowledgehub.zeus.com/

Presentation Download

Please remember to complete yoursession evaluation form

and return it to the room monitorsas you exit the session

The presentation for this session can be downloaded at http://www.vmware.com/vmtn/vmworld/sessions/

Enter the following to download (case-sensitive):

Username: cbv_repPassword: cbvfor9v9r