Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage Articles Application Delivery Controllers - Bridging the Gap Between DevOps and Network Planning

Application Delivery Controllers - Bridging the Gap Between DevOps and Network Planning


Whether an organization has established a dedicated DevOps department or implemented DevOps best practices, the goal is the same: to ensure new software releases function properly over the Internet to an entire end-user community.

In addition to tasks such as configuration management, indexing and scripting, DevOps are collaborating in the area of network planning. Because Software-as-a-Service (SaaS) applications and cloud-based Web properties add new users at an incredible pace and maintain competitive advantage through rapid release cycles, it is essential that operations and infrastructure teams deploy networking solutions that are both scalable and adaptable. As a result, application delivery controllers (ADCs) are evolving in order to help simplify network planning and help DevOps pave the road for future releases with sufficient capacity and application networking functionality.

This article will examine the attributes needed to make an application delivery controller suited for SaaS and cloud-based Web properties and how these attributes map to the unique requirements of cloud-based application service providers.

Application Delivery for SaaS

Perhaps the best way to illustrate the unique requirements of SaaS and cloud environments is to draw a comparison between external-facing Web applications and a more traditional internal enterprise use case.
The two profiles are very different. Whereas enterprise IT will value deployment guides and templates for a wide cross section of common applications, a SaaS provider will only care about what networking products can do for its particular application. While an enterprise may configure an application and not revisit it for a year, a SaaS provider will need new features and continuous tuning. For enterprises with a stable user base, scalability means picking a right-sized solution; for a SaaS provider with a user base that is expected to grow exponentially, scalability means selecting a solution that cost-effectively meets changing requirements both today and in the future. Finally, SaaS providers are also leading the way in adopting cloud principles for the purpose of automating the management of network infrastructure.

In summary, ADCs deployed for SaaS and cloud-based Web applications must excel in the areas of scalability, adaptability, simplicity, manageability and price-performance:

  • Scalability – A SaaS provider’s business plan calls for outsized growth. ADCs selected for SaaS environments need to take in to account future requirements, especially as they pertain to demanding networking tasks such as SSL encryption.
  • Adaptability – Developers sometimes operate in a vacuum, having no idea whether existing infrastructure is capable of supporting their latest creation. ADCs used for SaaS applications must be able to rapidly support new features at full performance.
  • Simplicity – There are no pre-existing deployment guides for proprietary SaaS applications. ADCs selected for SaaS environments must be capable of implementing necessary Layer-7 policies without the complexities of custom scripting.
  • Manageability – SaaS providers do not have the benefits (or burdens) of large IT departments. Management automation is becoming increasingly essential to controlling costs and rapidly adapting to changing application requirements.
  • Price-Performance – Supporting millions of users costs more than supporting thousands. ADCs that may be affordable at an enterprise scale may not be affordable in the Web-scale or hyper-scale world of SaaS providers.


At the most basic level, the job of the ADC is to distribute Layer-7 application requests between a pool of servers to provide availability and prevent any one server from becoming overloaded. However, in modern SaaS environments, ADCs are now relied upon to provide traffic management functions and manipulate Layer-7 header content. The reasons range from optimizing application performance for an existing network infrastructure to creating delivery algorithms for geographically disbursed users, or even acting as a stop-gap – providing features and functionality that will eventually make their way into the application itself.

Regardless of the nature or complexity of the Layer-7 functionality needed, the ADC needs to be able to operate at full performance and scale. Traditionally, ADCs use scripting to enable Layer-7 policies. While scripting allows desired functionality to be created, it is not optimal in SaaS environments for a number of reasons. Scripting is time-consuming, error-prone and requires either professional services or a resource that is highly skilled.

More importantly, scripts are process-intensive. The more complex the policies are, the greater the burden on the ADC will be. This creates a dilemma for SaaS providers that need both Layer-7 agility and the performance and scalability to support a large and growing end-user community. Hence, ADCs that operate in SaaS environments need to provide the traffic management functionality that DevOps needs in a manner that does not impact performance or scalability.

In selecting an ADC, infrastructure teams supporting SaaS and cloud-based applications should look for ADCs with the largest possible library of built-in Layer-7 commands and ensure that the ADC supports a large number of Layer-7 policies with the ability to combine and nest policies. ADCs that demonstrate these capabilities will allow DevOps and infrastructure teams to configure advanced and custom functionality without the need for scripting. Because ADCs do not need scripting or to use an associated interpreter, advanced functionality will not impact the ADC’s ability to scale.

Within SaaS environments, scalable 2048-bit SSL encryption is just as essential as scalable Layer-7 performance. The reason is two-fold; first, the majority of cloud-based services are either business applications or consumer applications that incorporate personal account information. Second, 2048-bit encryption is five times as compute-intensive as the previous standard, and future standards will be even more intensive. Factor in a growing user base common to SaaS and cloud-based applications and the need to select the most scalable and efficient solution for SSL becomes critical.

In selecting an ADC, infrastructure teams supporting SaaS and cloud-based applications should look for SSL performance figures that provide sufficient headroom for anticipated growth in application traffic. In addition, SaaS providers should seek out vendors with a proprietary SSL stack (as opposed to OpenSSL), because a proprietary SSL stack gives ADC vendors the ability to remove extraneous protocols and functions that hamper performance and introduce the potential for bugs and vulnerabilities.


In addition to planning ahead for growth, SaaS providers and their DevOps and infrastructure teams must also be adaptable to changing requirements driven by application development. Because both networks and applications can be negatively affected by development teams that don’t know what the infrastructure can support, there needs to be an adaptable element in the overall architecture capable of bridging this gap.

In the event that new functionality or features are required to support the delivery of SaaS applications, ADCs must be able to rapidly add new capabilities at full scale and performance. As a consequence, DevOps and infrastructure teams should avoid ADCs with a heavy reliance on Application-Specific Integrated Circuits (ASICs) and instead favor ADCs with a more software-centric approach.

ADC solutions that rely on ASICs have no other option than to implement new features at much lower levels of performance until such time as the functionality can be spun into a future version of their custom hardware. In contrast, ADCs capable of supporting industry-leading levels of performance and scalability using optimized software and commercially available multi-processing technology can make new features available in upcoming software releases with full performance and at full scale.

Another key aspect of adaptability is the ability to provide the right appliance for the right task. Closer to the edge of the network, it is desirable to utilize a hardware appliance to handle the sheer volume of traffic arriving at the data center to meet the computational requirements of SSL and to provide a first line of defense for applications and servers. Closer to the applications, however, it may be desirable to deploy added Layer-7 traffic management functionality to service more granular requirements. In this case, it is beneficial to be able to use multiple virtual (software) ADCs that can be fine-tuned to meet the needs of smaller, more specific workloads.

To meet this requirement, DevOps and infrastructure teams should select ADCs that support the broadest possible range of platform options – including dedicated, multi-tenant and virtual appliances – each supporting the same ADC features and each within the same management framework functionality to provide the right tool for the job at each point in the application delivery architecture.


Because SaaS providers care about only one application or suite of applications, features that are not required to support the SaaS application, or features that compromise performance, scalability or reliability, may not be desirable. As described earlier, utilizing built-in Layer-7 commands is preferable to using scripting, which not only impacts performance but is also time-consuming, costly and complex. By selecting an ADC with a robust library of Layer-7 commands and a deep ability to combine and nest policies, SaaS providers can gain the following key advantages:

  • Speed – Scripting takes time, lots of it. By using a point-and-click WebUI or familiar Command-Line Interface (CLI) commands, policies can be combined and nested with minimal time and effort.
  • Accuracy – Scripting is error-prone. Hard-coded functions are the same, each time, every time.
  • Shared Knowledge – There are no pre-packaged scripts for SaaS applications. What happens when the one individual or a professional services organization that wrote the script is unavailable? With simple Layer-7 commands, configurations may be easily shared and understood among many members of the DevOps and infrastructure teams.
  • Performance – Simple, hard-coded policies are executed at the system level, providing adaptability without compromising performance or scalability.
  • Automation – Each and every hard-coded WebUI or CLI command is directly controllable via Application Programming Interfaces (APIs), greatly simplifying the process of bringing ADCs under the command of cloud management systems.


Cloud computing requires DevOps and infrastructure teams to manage thousands of servers and many different networking elements at the same time; as a result, there is a growing need for APIs capable of managing individual networking elements and the overall application delivery architecture. As such, SaaS providers should seek out ADCs with APIs and integrations to easily bring dedicated, multi-tenant or virtual ADCs under the control of almost any cloud management, automation or orchestration system. Common integrations to look for include:

  • XML-RPC and other APIs capable of integrating with proprietary cloud management systems
  • Integration with the OpenStack Forum’s Load Balancing-as-a-Service (LBaaS) API
  • The ability to create workflows using VMware VCO & Microsoft System Center


Whereas scalability and adaptability, along with simplicity and manageability, are key considerations in SaaS environments, controlling cost is always an underlying objective.

SaaS providers should seek out ADC vendors that excel in the attributes detailed in this article, but should also seek out an ADC vendor capable of delivering these attributes using commercial off-the-shelf components, passing on associated savings directly to customers.

More importantly, SaaS providers and operators of cloud-based and external-facing Web applications should seek out ADCs that deliver the lowest possible cost per SSL transaction per second (TPS).


Providing availability, performance, security and advanced application traffic management in SaaS environments is fundamentally different compared to traditional enterprise application delivery. Because SaaS business objectives center on achieving a large and rapidly-growing user community, and because maintaining a competitive advantage depends on continuous service improvement, DevOps and infrastructure teams require networking solutions that are more scalable and adaptable than ever before.

For SaaS providers and their DevOps and network infrastructure teams, now is the time to reevaluate networking solutions, and application delivery network solutions in particular, to ensure that the best possible choices are being made to support the business going forward.

About the Author

Paul Andersen is the Director of Marketing at Array Networks. He has over 15 years of experience in networking, and has served in various marketing capacities for Cisco Systems, Tasman Networks and Sun Microsystems. Andersen holds a Bachelor’s Degree in Marketing from San Jose State University.

Rate this Article