Consolidation without compromise.

Transcription

1 Consolidation without compromise

2 Executive summary Virtualization of compute, storage and infrastructure is enabling the transformation of enterprise datacenters into private clouds. The impact is an unprecedented ability to consolidate infrastructure without compromise: no change to service level agreements (SLAs), no loss of performance or scale, and no regression in the organization s overall security posture. Such wholesale consolidation drives meaningful reduction in operating and capital costs, and allows datacenter managers to demonstrate a dramatic ROI for a myriad of virtualization technologies within the datacenter. While server and storage virtualization have become mainstream elements of modern datacenter designs, emerging virtual application delivery controllers (ADC) promise to extend the benefits of virtualization into the core of the networking infrastructure. Citrix Systems is leading the way in virtualizing ADCs with its NetScaler product line, including its new NetScaler SDX service delivery platform. This paper outlines the compelling benefits of consolidating networking services, and explains how NetScaler SDX offers a superior ADC consolidation platform compared to competing solutions. Significant advantages for NetScaler SDX span key deployment criteria, including: 2.5x Density NetScaler SDX enables up to 40 ADC instances to run concurrently on a single platform, providing 2.5 times greater consolidation than the competition. Complete ADC Isolation NetScaler SDX solutions fully isolate ADC system resources per instance including SSL and compression processing so that one instance never impacts the performance of another. 100% ADC Functionality Only NetScaler supports all ADC features so that ADC devices can be consolidated without a loss of functionality. Pay-As-You-Grow Scaling NetScaler SDX can uniquely increase overall ADC capacity without having to add additional hardware. Transforming datacenters and enabling consolidation The value of virtualization derives primarily from two core capabilities: Consolidation reduces costs Virtualization enables consolidation NetScaler leads in ADC virtualization 1. Abstraction provides deployment flexibility and portability by enabling higher-layer services to be de-coupled from underlying resources. 2. Multi-tenancy provides more efficient utilization and consolidation of resources by enabling a single physical instance of a resource to be shared simultaneously by multiple consumers. For example, with server virtualization, it is abstraction that allows decoupling of the operating system from hardware, enabling virtual servers to be migrated from one physical server to another. The related capability, multi-tenancy, is what makes it possible for a single physical server to run multiple virtual servers at once. 2

3 It is the presence of one or both of these capabilities across a range of technologies and solutions that provides organizations with a multitude of attractive consolidation benefits when transforming their enterprise datacenter into a private cloud. For server infrastructure: Extensive consolidation can be achieved with server virtualization since robust isolation and resource allocation capabilities enable workloads for different tenants to securely and efficiently run on the same physical server. Further simplification of datacenter infrastructure is made possible as leading server virtualization solutions enable virtual pools of server resources to be used for high availability, disaster recovery and automatic workload scaling. Unified computing platforms that leverage virtualization technology to enable integrated server, switch and storage modules provide another option for architecting the access layer and achieving yet another degree of physical consolidation. For storage infrastructure: Storage area network solutions eliminate the need for dedicated disks or direct-attached storage. Unified communications fabrics enable convergence of LAN data and storage protocols, thereby reducing the need for a completely separate set of network infrastructure for storage (i.e., adapters, links and switches). For network infrastructure: 3 Decouple services from physical Must support multi-tenancy Server virtualization is only a starting point Virtual switches that run as virtual machines (VM), or as an integral feature of a hypervisor, introduce the potential to completely eliminate the access tier of conventional three-tier network designs, at least from a physical perspective. Alternatives to the Spanning Tree Protocol such as virtual PortChannel (vpc) technology from Cisco and IETF-TRILL are enabling a shift from highly scalable Layer 3 network designs to highly scalable Layer 2 networks that are better suited to meet the performance requirements of a virtualized computing infrastructure. Combined with the availability of high-capacity, non-blocking switches, this introduces the potential for flatter datacenter designs that do not include a distinct aggregation tier. The availability of virtual device instances for core switching platforms introduces the possibility of both vertical and horizontal consolidation. Vertical consolidation can be achieved by optionally replacing physical aggregation-tier switches with virtual instances running on a core switching device. Horizontal consolidation can be accomplished by absorbing into the core switching platform any separate switches that might otherwise operate in parallel. Switches may operate in parallel to accommodate testing and development, support a newly acquired business unit, or isolate a business unit that is being divested. VLANs and virtual routing tables can logically maintain isolation and individualized treatment for different tenants as physical boundaries are eliminated in favor of consolidation and simplification.

4 A major impetus for organizations to embrace virtualization is the tremendous degree of consolidation it enables. The need for less infrastructure not only reduces equipment costs and demand for precious datacenter resources such as power, cooling, and space, it also helps trim a wide range of operational expenses including those associated with initial deployment and integration, ongoing administration, and maintenance and support contracts. Add in the strategic advantages of better application performance, improved reliability, and superior responsiveness to changing business conditions and it s easy to understand why it is only a matter of time before the vast majority organizations transform their datacenters using virtualization technologies. The need to virtualize other datacenter services What IT managers need to realize, however, is that other important pieces to the datacenter virtualization puzzle remain. Specifically, the deployment flexibility and multi-tenancy capabilities enabled by virtualization must be supported for more than just server, storage and networking infrastructure. To truly maximize available gains, similar capabilities should also be present for other key elements of datacenter infrastructure, including ADCs. Further, it is imperative these capabilities be available in sufficient variety and capacity to support the broadest spectrum of potential datacenter designs. Virtualizing ADCs Successful ADC virtualization encompasses multiple technologies and methods. First, the basic configurations for individual ADC tenants require that traffic flows are completely isolated to ensure data and network security. An inability to separate and isolate traffic between tenants will fail to meet even the most lenient security requirements. Additionally, as ADCs themselves get virtualized into software-based virtual appliances, the resulting virtual form factors must deliver the same feature set, performance and configuration flexibility as their physical counterparts. Feature parity is an absolute must since it gives organizations the freedom to shift ADC policies and workloads between physical and virtual appliances. Finally, new generations of multi-tenant ADCs with native virtualization complete this continuum by delivering an integrated platform to effectively consolidate multiple discrete ADC devices. When investigating emerging technologies, enterprise IT professionals are well advised to develop a strict set of evaluation criteria in order to select the most suitable solution for the organization. For virtualized multitenant ADCs, datacenter managers should establish the following as hard requirements: 4 Data center transformation is underway ADCs should be consolidated Meet strict consolidation requirements High consolidation density Enabling a large number of ADC instances to run on a single platform, each with its own policy, configuration and dedicated system resources. Complete isolation of ADC resources 100% isolation of compute, memory and ADC processing resources (including SSL acceleration and data compression) ensures that the performance of one ADC instance never impacts another. Full ADC feature support Consolidation requires that all existing ADC footprints can be consolidated without a loss of functionality.

5 Pay-As-You-Grow Scalability Datacenter managers must have the ability to scale overall ADC capacity on-demand without adding additional hardware. How NetScaler provides a superior consolidation solution Citrix NetScaler is a fully integrated ADC that is deployed in front of web and database servers. It optimizes application availability through advanced layer 4-7 (L4-7) load balancing and traffic management, accelerates performance, increases security with an integrated application firewall and substantially lowers costs by increasing server efficiency. NetScaler Virtualization Keenly aware of both the trend toward highly virtualized datacenters and the inevitable diversity of resulting datacenter designs, Citrix is leading the way in the ADC market with three powerful options for meeting multitenancy, virtualization and consolidation requirements. NetScaler Traffic Domains. NetScaler has long offered the ability to associate different sets of policies for load balancing, traffic management and other application delivery functions with different virtual IP addresses (VIPs). All NetScaler solutions support Traffic Domains., which builds on this capability by supporting multiple tenants on an ADC platform so that communication traffic is prevented from illegally crossing one tenant s domain to another, unless it is first routed to an external gateway and evaluated by an appropriate security policy. This eliminates the need to create and maintain static routes for each domain. NetScaler VPX. A second option supported by Citrix is virtualization of the ADC itself. NetScaler VPX was the one of the industry s first ADC virtual appliances and has become the clear leader in both public and private cloud architectures. Since NetScaler VPX leverages the same software as Citrix s popular NetScaler MPX networking appliances, the two solutions maintain 100% functional parity. Unlike many competing virtual appliance implementations, NetScaler VPX is: A full-featured solution incorporating all ADC functionality, including L4-7 load balancing, application firewall security, dynamic content caching, application performance monitoring and a robust SSL VPN capability A high-performance solution capable of handling traffic up to 3 Gbps or more NetScaler embodies virtualization Native support for multi-tenancy Leading NetScaler VPX appliance An open solution capable of operating not only on Citrix XenServer, but also on Microsoft Hyper-V and VMware ESX/ESXi NetScaler SDX. NetScaler Traffic Domains and NetScaler VPX are essential because they enable ADCs to support datacenters with a high degree of virtualization and consolidation of other infrastructure 5

6 components such as servers, storage and switches. The next logical step, however, is a solution that also consolidates the ADC itself. NetScaler SDX represents the third option for meeting multi-tenancy, virtualization and consolidation requirements. It has long been common practice to deploy dedicated ADC appliances for each application in order to ensure maximum availability and avoid jeopardizing performance SLAs. Unfortunately, this approach also led to expensive and difficult to manage application silos. Now, as these silos crumble in favor of shared but logically isolated infrastructure, there is a distinct opportunity for horizontal consolidation of ADCs across multiple applications. This is particularly true for application delivery infrastructures that were intentionally over provisioned and that have ADCs operating well below their rated capacity. Also present is the opportunity for vertical consolidation. Facilitated by the steady dissolution of the network perimeter and widespread availability of numerous network-based isolation techniques, organizations might also decide to bring together ADCs used at different tiers of a multi-tier application. This way a single ADC can support the DMZ, web application and database tiers. DMZ Consolidated Services Delivery Platform Web / Application Servers NetScaler SDX Web / Application Servers Data Data Horizontal and vertical consolidation possibilities New NetScaler SDX platform Networking and virtualization expertise Figure 1: ADC consolidation opportunities Citrix s new NetScaler SDX is uniquely suited to accommodate either type of consolidation initiative. An innovative solution for consolidating ADCs, NetScaler SDX enables multiple, independent, full-featured NetScaler instances to run on a single physical appliance. NetScaler SDX is an optimized combination of two proven solutions in their own right, NetScaler VPX and Citrix XenServer. It enables today s organizations to reduce their ADC footprint and total cost of ownership (TCO) by pursuing opportunities for both horizontal and vertical consolidation of discrete, standalone ADC devices. NetScaler SDX squarely meets the four fundamental requirements for a natively virtualized ADC consolidation solution. 1. Density Up to 40 NetScaler ADC instances can run independently on a single NetScaler SDX platform. This impressive level of density supports the most ambitious consolidation projects. 6

7 2. Isolation All critical system resources, including memory, CPU and SSL processing capacity are assigned to individual NetScaler instances. This is essential to ensuring that resource demands made by one tenant do not negatively impact other tenants running on the same physical system. It also provides greater security for each ADC instance by providing full separation of traffic flows. 3. Full ADC Functionality NetScaler SDX supports 100 percent of the ADC functionality available with both hardware-based NetScaler MPX appliances and software-based NetScaler VPX virtual appliances. This enables NetScaler SDX to consolidate all existing ADC deployments without any policy constraints. 4. Pay-As-You-Grow The Pay-As-You-Grow option delivers on-demand elasticity enabling organizations to easily scale ADC capacity to keep pace with application traffic growth. And because it leverages a software-based architecture, NetScaler SDX can scale performance and capacity with a simple software key, eliminating expensive hardware purchases and upgrades. Form factor NetScaler MPX NetScaler VPX NetScaler SDX Hardened network appliance Software-based virtual appliance Hardened network appliance ADC density 1 1 Up to 40 Performance Up to 50 Gbps Up to 3 Gbps Up to 50 Gbps Full ADC functionality Pay-As-You-Grow Table 1: Comparative summary of NetScaler solutions How the competition stacks up Not surprisingly, others have also recognized the market need to consolidate ADC footprints. While the resulting platforms being offered definitely enable a degree of consolidation, however, the architectural approaches taken result in various deployment shortcomings. For example, in at least one instance, reliance on third-party virtualization technology that is both immature and lacking a proven track record in major cloud infrastructures significantly constrains the number of ADC instances that can run concurrently on a single platform. Other limitations customers are likely to encounter include: Consolidate up to 40 ADCs Maintain full isolation and functionality Scalability without additional hardware Availability of associated features only on chassis-based systems, a restriction that may put consolidation out of the reach of mainstream enterprise customers who prefer network appliance solutions. A lack of support for the full set of ADC modules available on other platforms, a characteristic that will inevitably limit the consolidation of new or existing ADC deployments. 7

8 Understanding the limitations of competing ADC consolidation solutions Short on ADC Density From the perspective of protecting an organization s investment, successful consolidation requires a platform that not only absorbs the existing number of ADC devices in the network, but also has the headroom to handle future needs. With competing solutions, customers are typically unable to consolidate more than 16 guests. In comparison, NetScaler SDX offers a 2.5x advantage by supporting a maximum of 40 guests. ADC Comsolidation Density (max) Maximum Number of ADCs per Platform Citrix NetScaler SDX Figure 2: Comparing ADC consolidation density Much of the NetScaler SDX advantage derives from the use of industrygrade XEN virtualization technology by Citrix, which powers cloud and data center infrastructures at massive scale. Leveraging proven virtualization technology is critical, as any issue occurring at the virtualization layer has the potential to impact all ADC tenants running on the platform. Competitive solutions are flawed Limited functionality reduces usefulness Incomplete isolation impacts performance Limited Functionality Alternate ADC consolidation solutions often fail to support the complete set of ADC functionality delivered on other appliances in the vendor s portfolio. Consider the situation where a core feature set for example, for web acceleration, or perhaps secure remote access is available for some ADC platforms, but not on a vendor s platform for ADC consolidation. In this case, guest ADCs on the consolidation platform will be unable to support essential functionality such as caching of dynamically generated web content or SSL VPN security. This limitation alone may prevent customers from consolidating existing ADC devices. At the very least, they may have to reduce their ADC policy to fit the resulting constraints. Incomplete ADC isolation Although competing solutions may isolate some system-level resources (e.g., CPU and memory) between guests, others (e.g., SSL processing) are often left as shared resources that are 8

9 consumed on a first-come, first-served basis. Consequently, with these solutions, a single guest can potentially starve adjacent tenants of essential resources, resulting in much higher application latency or dropped sessions. Limited Platform Options Consolidation of ADC functionality is attractive to organizations of all sizes. Putting this capability within reach of the broadest range of customers demands both affordability and choice of platforms. With NetScaler SDX, organizations can choose among nine different appliance platforms to best accommodate their price/performance requirements. In contrast, competing approaches to ADC consolidation typically require investment in relatively expensive chassis-based products. Multiple Price-Performance Options Density and Performance Pay-As-You-Grow 42 Gbps 36 Gbps 24 Gbps 18 Gbps 12 Gbps Pay-As-You-Grow 20 Gbps 35 Gbps 50 Gbps 8 Gbps Citrix NetScaler SDX Figure 3: Platform options for ADC consolidation No Pay-As-You-Grow With competing solutions, customers are unable to scale performance on-demand without the purchase of additional hardware. This complicates deployment decisions by unnecessarily making ADC density and performance interdependent. To add more ADC guests, for example, solutions designed this way require customers to purchase additional hardware blades the same way they would buy more blades to increase aggregate performance. A better-designed solution would enable customers to separate investments in density and overall performance. Real-world ADC consolidation A significant implication of all these limitations, as demonstrated by the following example, is that achieving ADC consolidation with competing solutions is also more costly than with NetScaler SDX. Multiple NetScaler deployment options Pay-As-You-Grow support NetScaler SDX is a cost effective solution 9

10 Customer Requirements: Consolidate eight (8) individual ADC appliances into a single platform. Provide 1 Gbps throughput and 500 Mbps SSL throughput per ADC. Citrix NetScaler SDX s Solution Appliance $90,000 $0 Chassis $0 $9,995 Additional hardware $0 Performance pack license Consolidation license (8 instance minimum) $119,990 (2 blades) $0 $59,995 $20,000 $19,995 Total solution cost $110,000 $ NetScaler savings advantage $99,975 savings 48% less expensive Table 2: Real-world consolidation example with NetScaler SDX and a leading competitor s solution Conclusion ADC consolidation within next-generation datacenter architectures brings step-function improvements in overall IT agility and drives lower operational and capital costs. For real-world ADC consolidation projects NetScaler SDX beats competing products technology in meeting key customer requirements. These advantages include: NetScaler SDX provides 2.5 times greater density to consolidate more ADC workloads. NetScaler SDX isolates key ADC processing resources for individual instances to ensure the performance of each ADC instance. Only NetScaler SDX is capable of consolidating 100% of ADC functionality offered in standalone appliances. NetScaler Pay-As-You-Grow provides a 5x capacity increase with no additional hardware. 10

11 Worldwide Headquarters Citrix Systems, Inc. 851 West Cypress Creek Road Fort Lauderdale, FL 33309, USA T T Americas Citrix Silicon Valley 4988 Great America Parkway Santa Clara, CA 95054, USA T Europe Citrix Systems International GmbH Rheinweg Schaffhausen, Switzerland T Asia Pacific Citrix Systems Hong Kong Ltd. Suite , 63rd Floor One Island East 18 Westland Road Island East, Hong Kong, China T Citrix Online Division 6500 Hollister Avenue Goleta, CA 93117, USA T About Citrix Citrix Systems, Inc. (NASDAQ:CTXS) is a leading provider of virtual computing solutions that help companies deliver IT as an on-demand service. Founded in 1989, Citrix combines virtualization, networking, and cloud computing technologies into a full portfolio of products that enable virtual workstyles for users and virtual datacenters for IT. More than 230,000 organizations worldwide rely on Citrix to help them build simpler and more cost-effective IT environments. Citrix partners with over 10,000 companies in more than 100 countries. Annual revenue in 2010 was $1.87 billion Citrix Systems, Inc. All rights reserved. Citrix, Citrix XenDesktop, Citrix XenApp, Citrix XenClient, Citrix GoToMeeting and Citrix GoToAssist are registered trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners. 1011/PDF