Load Balancing for security?
Load Balancing (LB), is now popping up on the corporate security agenda! LB is no longer just about managing traffic flows across enterprise routers and servers. In the age of the cloud and software defined networking (SDN), the LB off-loading function has serious possibilities for deflecting DDOS attacks by shifting attack traffic from the corporate server to a public cloud provider. Next generation software load balancers with advanced dashboard capabilities can also provide deep analytics down to the individual application. This is exemplified in the next-generation SDN load balancing just announced by AVI Networks.
Companies increasingly rely on their WAN access for business-critical application performance, and servicing their on-line customers. Previously, that would indicate the need for specialised hardware and significant redundant capacity – just think of retail traffic spikes on Black Fridays! It would also be expensive to upgrade. With SDN, this all becomes a software issue on standardised X86 hardware.
We also continue to see increases in the number and size of DDOS (Distributed Denial Of Service) attacks, with the heaviest attacks now surpassing 600GBps, according to Akamai. This type of cybercrime represents about 25% of corporate cybercrime costs. Building significant hardware-based DDOS avoidance capacity is very costly, and requires high maintenance levels. Software load balancers with cloud offload can provide a much lower cost and elastic protection. To demonstrate scalability in software, AVI Systems recently scaled applications from zero to one million SSL transactions per second in under ten minutes on the Google cloud.SDN in the data centre
With SDN, enterprise data centres can rely on a converged X86 server base. They can virtualise their WAN access channels by bonding fixed and wireless connections using SDWAN routers (see http://www.computerweekly.com/blog/Quocirca-Insights/Dismantling-data-centre-and-WAN-silos). And now they can deploy software defined load balancing to ensure their application performance, as well as elastically expand (or contract) network capacity as needed.
To do that requires data centre integration, virtualisation and convergence, as well as hybrid cloud management. Furthermore, to be on the leading edge, companies will want to containerise these functions to allow data centres to deploy business applications more rapidly, with reduced development overhead, lower costs, and increased business agility.
The diagram depicts load balancing across a hyper-converged infrastructure (source: AVI Networks).SDN in the converge data centre
The next generation data centre using products like Big Switch Networks, creates a distributed data centre architecture. This has bare metal hardware that is virtualised, uses containers and hybrid cloud extensions. SDN is still not one-size-fits-all! Inevitably IT departments looking at the next generation of SDN load balancers need to ensure:
- Compatibility with the major public cloud providers.
- Virtualisation presupposes compatibility with VMware and Openstack.
- For X86 compatibility, enterprises can use Intel Bare Metal.
- Automation, management and orchestration can align with Chef, Ansible, Puppet and others.
- SDN controller products are available from a range of providers like Cisco, HPE and Contrail.
- Then there is the container tech coming from Kubernetes, Red Hat OpenShift, Mesosphere DC/OS and Marathon.
- Finally, to manage and orchestrate the hybrid cloud environment will require REST API based dashboards.
IT departments stand and fall with their ability to deliver business continuity at still lower price points. They need to justify their own existence every day! Call it insurance in the broader sense. Providing elastic allocation of compute resources, and using the ability of major public clouds to suck up DDOS attacks to ensure business continuity, can be viewed as an insurance policy. IT faces line-of-business demands for more agility to support their DevOps plans, and the ability to provide different corporate constituencies with deeper analytics into individual apps performance, to determine where the delay bottlenecks are. Providing user-friendly and flexible business continuity options that deter lines-of-business from going off-piste, will also curry favour with the company board, as it attempts to implement Governance, Risk and Compliance (GRC) policies.