Objective 5.01 Describe the purpose, advantages, use cases, and challenges associated with hardware based application delivery platforms and virtual machines
Explain when a hardware based application deliver platform solution is appropriate
Hardware based platforms are generally more powerful, more stable, more scaleable, and may have specialized hardware capable of accelerating common tasks. The major drawback to hardware platforms is that they come in only a few sizes, meaning you always have to buy more than what you need. Additionally, because you are using hardware, you normally have to purchase the hardware up front.
Explain when a virtual machine solution is appropriate
Virtual based platforms are generally more flexible and can be better tailored for smaller environments. In environments where performance isn’t the top requirement, virtual platforms are often cheaper and more easily sized to fit.
Explain the purpose, advantages, and challenges associated with hardware based application deliver platform solutions / virtual machines
Virtual ADC Architectural Considerations
As a software solution, a vADC can be provisioned and ready for inclusion in the development process much quicker than a physical appliance.
Financial efficiency for specific workloads
Because the cost of a physical appliance can be high relative to certain application types, use, and deployment scenarios, organizations sometimes have to choose between doing nothing and running application infrastructure sub-optimally. With a v ADC, cost can be charged more easily to a specific application workload and the vADC can be dedicated to that workload.
In the event that the failure of a specific application configuration causes the failure of a physical device front- ending many applications, it will failover to the redundant unit. However, all applications could then be affected. By dedicating a vADC to specific application workloads better fault isolation is created.
Being part of the hypervisor vendor’s overall management framework can simplify the movement and management of the vADC. Coupling a vADC to specific applications makes it a more integral part of the overall ecosystem.
The same degree of high availability achieved with a purpose-built pADC cannot be realized by commodity server hardware.
Instead of a completely hardened system, a shared environment is used in which virtual appliance security is dependent upon the hypervisor vendor and the commodity server vendor.
Certain high performance offload services do not have direct access to hardware. Commodity servers also lack purpose-built ASICs for offload. Both impact the scale and throughput of a vADC.
Physical ADC Architectural Considerations
pADC hardware designs are carrier-hardened for rapid failover and reliability. Redundant components (power, fans, RAID, and hardware watchdogs) and serial-based failover make for extremely high up-times and MBTF numbers. Commodity hardware of this type is costly and will not be integrated with the ADC software.
Most pADC appliances and systems are security hardened and proprietary to the vendor. pADCs are not dependent on other vendors’ security implementation or lack thereof. With hypervisors, there are known and potentially unknown vulnerabilities. To a certain extent, virtual appliance security is thus dependent upon the hypervisor vendor.
Some pADCs have unique high-speed bridge and offload ASICs for such capabilities as high performance L4 processing, SSL, and compression, which enables them to be a cost-effective aggregation point for many applications or high-performance/throughput applications where latency matters a great deal.
A pADC has special lights-out management capabilities so regardless of a physical device issue it can still be accessed, diagnosed, and fixed. Management can be less complex because the application delivery functions are centralized in a single device instead of distributed across the data center.
Shipping a physical product, racking, stacking, and cabling takes time and adds cost to a deployment. It is also not well suited for agile development environments and QA labs.
In the event that the failure of a specific application configuration causes a physical device front-ending many applications to fail, it will failover to the redundant unit. However, all applications can then be affected. Thus a combination of both physical and virtual ADC can simultaneously provide both failure isolation and scale.
Given a list of environments/situations, determine which is appropriate for a hardware based application deliver platform solution
Given a list of environments/situations, determine which is appropriate for a virtual machine solution
Explain the advantages of dedicated hardware (SSL card, compression card)
SSL encryption and decryption can potentially place a heavy load on servers. By using dedicated hardware such as an SSL encryption card, this load can easily be migrated away from the servers, thereby allowing them to function faster and provide more services. Additionally, the dedicated hardware is normally capable of handling the workload for multiple servers, allowing the investment to be utilized by several services.
Objective 5.02 Describe the purpose of the various types of advanced acceleration techniques
Describe the purpose of TCP optimization
While there are near endless options when it comes to web acceleration, and we will explore many of them, it’s usually best to start from the beginning, as it were. In this case, as with almost anything on the wire, “the beginning” happens to be the TCP stack. While most may immediately want to jump to web server and browser settings when posed with the “how do you get more out of your application?” question, they would honestly be missing a fair quantity of possible gains. We will certainly tweak those things as well, but let’s work our way up to that. To begin with, we first want to ensure that we’re using optimized TCP settings. There numerous options at this layer that can be customized to suit your particular application needs. While each of these can absolutely be custom tweaked, we also offer profiles on the BIG-IP that are excellent starting points. Profiles allow you to configure a set of options for a particular scenario or application and re-use or apply it as desired easily. To start with we’ll be selecting the appropriate profiles for our application.
Describe the purpose of HTTP keepalives, caching, compression, and pipelining