Roy and I often are asked our opinion about what we think will be the killer NFV application or which will be the first to mass deployment. It’s still too early for anyone to say if any single app will be the killer NFV application, but we do have a unique perspective gleaned from customer interviews, consulting engagements, and trends on SDNCentral. The two most common locations in the network we hear about NFV applications are the cloud data center and the communications service provider (CSP) network.
In the cloud data center, we mostly hear about NFV applications, such as, virtual application delivery controllers (vADCs) with end customers and virtual firewalls (vFWs). In the CSP environment, NFV applications is mostly about virtual customer premises equipment (vCPE), and virtual evolved packet core (vEPC).
For this article, we will focus on the most popular NFV use cases in cloud data centers and outline what you should do this year to lay the groundwork for NFV (I’ll cover the CSP use cases in depth in a future article). We see vFWs and vADCs as the two main technologies driving use cases for NFV applications in the cloud data center because both provide key functionality in the cloud environment. However, vADCs in many ways look like the most likely candidate to be one of the first apps broadly deployed to customers.
The Case for vADCs
With vADCs, end customers are driving the two use cases where the technology is needed most: new applications developed and deployed on public and/or private cloud environments, and replicating a physical environment in a virtual environment.
For apps developed and deployed in cloud environments, the ADC is a critical piece of the entire application environment that needs to be virtualized as a system and have the ability to move the entire application environment to any data center of choice. Many of these applications use ADCs in multiple layers within the cloud application such as the application front-end (i.e., a web server or API front-end) or back-end (i.e., balancing requests to back-end data stores and third-party applications), which makes ADCs a key component of the overall application architecture.
Increasingly, we are hearing about situations that require a new environment to be spun up on a second’s notice. In this case, the ADC will need to be baked into the application stack with the ability for a cloud orchestration software tool (Puppet, Chef, JuJu, Salt, etc.) to provision and deploy the application with its embedded vADC(s), set up, and eventually, shut down.
While vADCs are not used or needed by everyone, I see them as a strong candidate to be one of the first apps to be broadly deployed to customers because of the important role of the ADC in modern scale-out, web-scale software architectures, and because of the expanding number of companies building these web-scale type applications due in part to the evolution of the Internet of Things.
What About NFV Firewalls?
Many of you may argue that vFWs will become a mainstream NFV application faster than vADCs, which is the debate Roy and I have been having for weeks.
Virtual firewalls offer critical services for cloud data center operators and were one of the earliest virtual features to be rolled out with cloud services. Operators and end customers use the technology for three primary use cases:
- Segregate traffic between customers
- Segregate traffic between customers and the open Internet
- Provided by the end customer to replicate physical-deployment security models currently in place
In the first two cases we see the cloud service provider as a customer who often looks at new or emerging vendors to deliver capabilities its legacy vendors do not. For the last use case, the end customer is simply replicating functionality and settings from the physical environment to the virtual environment.
The ability of vFWs to segregate customers from each other and protect customers from the open Internet — which is a logical place for scale-out vFW platforms — arguably could make vFWs a more compelling candidate for NFV app front leader. However, in the cloud data center we see vFW gaining broad adoption after vADCs due to the need for security changes to be “blessed” and approved by auditors and compliance requirements. Also, we see an increasing number of application developers building basic security functions into their applications and vADC vendors adding firewall capabilities to their vADCs — the latter of which may stimulate the vADC and vFW spaces to merge toward a single hybrid NFV element.
The debate will continue over which NFV app will achieve broad market adoption first, but no matter which one it is, here’s what should you do in your data center this year to be ready for NFV:
- End customers: Test your current ADC and firewall products in a virtual environment to understand your ability to migrate legacy applications from physical infrastructure to public or private cloud environments. Consider opening the doors to new or lesser-known entrants for your new applications. Make sure you identify an ADC that supports both KVM and VMware.
- Cloud service providers: Look at emerging vADC and vFW vendors to see if they can provide the scale, performance, and programmability you need for your environment (and to see if they support KVM and VMware environments).
- Vendors: Ensure your applications are optimized for x86 environments to add value in the cloud and further develop your hooks into cloud provisioning systems to automate the process of deploying your vADCs in cloud environments.
Do you have any experience with vADCs, vFWs, or other NFV technologies for the data center? We want to hear about it! Share your experiences in the comments to this post.