Application traffic flows have become less deterministic, and infrastructure architects can no longer rely solely on centralized appliances to provide necessary application delivery and security services. New deployment models are emerging to help enterprises with this transition, and Gartner predicts that by 2018, at least three consolidated network service offerings will emerge with feature sets that span application delivery, global traffic distribution, optimization and security functions.
Joe Skorupa, VP and Distinguished Analyst at Gartner, explains how new application architectures are changing network traffic patterns:
Traditional applications supported a model that placed the data center at the center of all traffic flows. All application access was via the data center, which made it easy to insert security and application delivery capabilities between the client and their applications. However, new application architectures are changing network traffic patterns, taking application delivery controllers (ADCs), wide-area network optimization controllers (WOCs) and application security devices out of the data flow, forcing infrastructure architects to rethink their application delivery strategy to include cloud-based services.
Three new traffic patterns have emerged for application access:
■ Remote users directly accessing cloud services, thereby, bypassing the corporate WAN (including WAN optimization controller [WOCs]) and data center (including ADCs and secure Web gateways [SWGs]).
■ Mobile devices and apps directly accessing the mobile service provider's network, bypassing the corporate WAN (including WOCs) and going to the enterprise data center or external services.
■ Browser-based applications directly accessing multiple data sources within and outside the corporate data center to aggregate content. As a result, these applications bypass the corporate WAN (WOCs and ADCs) for portions of the application data/content.
The first two patterns reflect traditional application architectures modified with direct-to-Internet access from branch office/mobile devices to improve performance and offload the corporate WAN.
The third traffic pattern reflects a new style of application, whereby the browser has absorbed much of the functionality of the Web server. In this new model, the browser, through use of HTML5 and JavaScript, now aggregates content. This development disaggregates the data center functions into distributed application components/data sources. Additionally, it may bypass SWG services, as the application logic in the browser becomes the point of attach, and may have persistent, trusted, long-lived connections deep to the external services.
These developments represent a worst-case scenario for application delivery professionals who now find themselves responsible for the security and performance of applications that access data centers, services and networks that are beyond their control. The Internet of Things will only exacerbate this problem.
Application delivery professionals should move from a model of physical devices allocated to specific applications, to one that takes advantage of physical, virtual and cloud resident service elements to support the new device-/browser-/cloud-centric environment. By shifting to a service mindset, application delivery capabilities can be inserted where and when they make sense.
Driving closer integration of security and application delivery teams is also important as deployment modes converge and functional consolidation continues. It is likely that over-the-top (OTT) security providers will add application delivery capabilities, and application delivery providers will continue to enhance their security capabilities. These enhancements may come via in-house efforts, partnerships or acquisition. A single consistent approach to evaluating these offerings is required to ensure the appropriate capabilities are acquired at the best price. Making the security and application delivery teams jointly responsible for the decision increases the chances of an appropriate outcome.