Linking the network and the virtual machine
Damian Reeves
Chief Technology Officer
Zeus Technology
Damian Reeves, CTO, Zeus Technology
Zeus develops Application Traffic Management Software that makesnetworked and web-enabled applications faster, more reliable, secureand easier to manage.
Founding member of VMware’s VDIMember of VMTNVMware Technical Alliance partner
Come and talk to us later, at booth #TODO
Introduction
Managing Application traffic
Web Servers:Apache, IIS, Zeus…
Web Application Servers:WebLogic, WebSphere, JBoss, .NET, OWA
Web Services:SOAP, XML-RPC
Remote desktopsRDP
Other TCP/UDP services:Mail (POP, IMAP, SMTP), DNS, Database, Media…
Manage traffic to clusters of machines to deliver reliability, scalability, manageability
Existing Solutions
F5: Big-IP 9 Local Traffic ManagerCitrix NetscalerCisco CSS and Catalyst devicesFoundry Server Iron
Have viewed application traffic management as a task for the networkAre ‘packaged’ as proprietary hardware appliances
The next generation of Application Traffic Managers
Drive to put more and more intelligence into the traffic management layer
Deep packet inspection, request and response processing, XML processing
Hardware and ASIC based solutions are inflexible
New generation of Software-based traffic managersF5, Netscaler and some others are on boardCisco is following with AON product line (most ambitious of all)
Zeus ZXTM Product
Software-based Application Traffic Manager.Uniquely deployable in Virtualized Environments, as well as traditional servers, blades and appliances.
Other unique capabilities:Powerful TrafficScript programming languageTrafficScript is fully XML-literate –XPath, XSLT, ValidationIntegration possible with SOAP-based Control API
SSL DecryptionService ProtectionRequest RulesTCP offloadReq. Rate Shaping
SSL DecryptionService ProtectionRequest RulesTCP offloadReq. Rate Shaping
SSL DecryptionService ProtectionRequest RulesTCP offloadReq. Rate Shaping
Load BalancingSession PersistenceSSL EncryptionBandwidth Mgmt.
Load BalancingSession PersistenceSSL EncryptionBandwidth Mgmt.
Node
Node
Node
Node
NodeNode
NodeNode
NodeNode
NodeNode
Response RulesContent CompressionHTTP CachingService Level MonitoringBandwidth ManagementTCP OffloadRequest Logging
Response RulesContent CompressionHTTP CachingService Level MonitoringBandwidth ManagementTCP OffloadRequest Logging
Response RulesContent CompressionHTTP CachingService Level MonitoringBandwidth ManagementTCP OffloadRequest Logging
VirtualServer
ZXTM
PoolPool
PoolVirtualServerVirtualServer
ZXTM
PoolPoolPoolPool
PoolPool
MonitorsMonitors
Monitors
MonitorsMonitorsMonitorsMonitors
MonitorsMonitors
ReportingWeb-based UISOAP Control API
ReportingWeb-based UISOAP Control API
FasterOffloading compute intensive tasks to specialised software• SSL• Content Compression• XML searching, preprocessing and
postprocessing• HTTP Response CachingProtocol OptimizationTCP Optimization
Problems that Application Traffic Managers solve
Accelerating SSL on Apache
http://news.netcraft.com/archives/2005/08/23/banks_shifting_logins_to_nonssl_pages.html
Sustained Request Rate - SSL (higher is better)
0
500
1000
1500
2000
2500
0 200 400 600 800 1000
Simultaneous Users
SSL
Tran
sact
ions
per
sec
ond
ApacheZXTM
Average Response Time - SSL (lower is better)
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
10000
0 200 400 600 800 1000
Simultaneous Users
Resp
onse
Tim
e (m
s)
ApacheZXTM
Error Rate - SSL (lower is better)
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
0 200 400 600 800 1000
Simultaneous Users
Erro
r Ra
te
ApacheZXTM
Apache’s performance under latency is poor
HTTP Transaction per Second (higher is better)
0
2000
4000
6000
8000
10000
12000
0 20 50 100 200 400
Round Trip Latency (ms)
TPS
APACHEZXTMZXTM-CACHE
HTTP Transaction Time (lower is better)
0
0.5
1
1.5
2
2.5
3
3.5
4
0 20 50 100 200 400
Round Trip Latency (ms)
Tran
sact
ion
Tim
e (s
)
APACHEZXTMZXTM-CACHE
Problems that Application Traffic Managers solve
More reliableCan scale services so that they still function under loadCan detect service failures and route around them
More secureSingle point of entry; isolates servers from remote, untrusted clientsProtocol securing• Application Traffic Inspection• Example: ZXTM made servers immune from HTTP Smuggling
attacks
Problems that Application Traffic Managers solve
Easier to Manage:Visualisation tools for the infrastructure:• Diagnostics for performance or availability problems• Faster time-to-fix• Critical path analysis
Manage your traffic• Application sensitive traffic authentication, transformation and
routing
Intelligent Traffic Routing in an RDP Environment
Imagine a remote desktop scenario:Datacenter in one location, call center staff in anotherMobile desktop users
Current SolutionsCitrix/Terminal Server/ICAVDI-style RDP based
First Generation Solutions
Alice’s Desktop192.168.28.104
Bob’s Desktop192.168.28.176
Chris’ Desktop192.168.28.211
Deploy intelligent connection manager, ZXTM, between clients anddesktopsEnables single point of contact – easier to manage and deploy
ZXTM identifies users during login Connects user to their own desktopTells VMware to resume desktop first if need beUse pools of VMs for access to generic applicationsReduce hardware required by another factor of ~ 3Easier, cheaper maintenanceAutomated recovery from server/VM failures
Next Generation Solution – Connection Manager
Schematic
Remember TrafficScript?
$body = request.get();
string.regexmatch( $body, "mstshash=(.*)\n" );$user = string.trim( $1 );
$body = http.request.get( "http://10.100.88.12/rdp/desktop.cgi?user=".$user, "" );
$code = $1;
if( $code != 200 ) connection.discard();
$desktop = string.trim( $body );log.info( "Mapped user ".$user." to desktop ".$desktop );
connection.setPersistenceClass( “desktop” );connection.setPersistenceKey( $desktop );
pool.use( “desktops” );
Managing traffic with agility
What do I mean by ‘agile’?
What enables this agility?
Common ‘agile’ way of managing changes:
Test, Deploy, Migrate, Reap
Customer Example: BT.com
Hosting complex BEA WebLogic-based applicationSeveral hours downtime for each application update!
Legacy Service Instance
Generation 31
Current ServiceInstance
Generation 32
Next version(in development)
Generation 33
Customer Example: BT.com
User
Developer
New User
Current Service Instance
Generation 31
Next version(in development)
Generation 32
Closing the Loop
A Traffic Manager like ZXTM has a unique overview of applicationstatus:
Performance: response times, errorsAvailabilityLogin and other events
ZXTM could then initiate a provisioning action
Reporting and alerting toadmin for manual interventionReporting and alerting to‘utility manager’
When managing Remote Desktops
Resource ReallocationZXTM can initiate resource reallocation (or work in sympathy with it)
User connection trackingWhen is it ‘safe’ to perform remote administration?
Security policiesZXTM is another place where security policies can be implemented
End-to-end SSL wrappingKnown man-in-the-middle attacks
The ‘Utility Manager’
Dynamic provisioning and migration of applications to meet business demandsZXTM is a complementary component:
Deployed within the virtualized environmentMonitors the performance of services within the virtualized environmentAs performance problems are detected, ZXTM alerts the Utility ManagerUtility Manager (VirtualCenter) provisions a new application instance and informs ZXTMZXTM intelligently routes and balance traffic across all the instances of the applicationAll communication and configuration takes place via VMware’s and ZXTM's SOAP APIs.
ZXTM can provide a fundamental monitoring and traffic management service within virtualized environments
Not quite like this…
More like this…
Using the Utility Manager: Examples
ZXTM detects that a service has failed1. ZXTM requests that Utility Manager restart VM from known good
snapshot
ZXTM detects that a service is underperforming1. ZXTM informs utility manager
• Utility manager decides to VMotion one or more VMs2. Utility manager tells ZXTM to ‘drain’ the VM3. VM is VMotioned (unavailable for 30 seconds or so…)
• ZXTM uses other VMs, or failpool returns ‘Too Busy’ message4. Utility manager tells ZXTM to ‘undrain’ the VM
Future Trends in Service Provision
Desktop provision will be a small part of the internal service provisionDistributed applications built from components (SOA model)This offers even greater technical challenges
Monolithic applications being replaced with service components
Point-to-point communications untenable as complexity / volume increases
Introduction of ESBs – a new bottleneck
Future Trends in Virtualization Integration
Today:Manage Virtual Machines?
or…Manage Entire Services?
Future Trends in Traffic Management
Available as software components, supported on VMware and other virtualization platforms
Zeus’ initiatives with Virtual Machines
Wrapping Up
Thank you for your time and attention.
Any questions?
http://knowledgehub.zeus.com/
Presentation Download
Please remember to complete yoursession evaluation form
and return it to the room monitorsas you exit the session
The presentation for this session can be downloaded at http://www.vmware.com/vmtn/vmworld/sessions/
Enter the following to download (case-sensitive):
Username: cbv_repPassword: cbvfor9v9r