F5 execs: We're blasting virtualisation beyond Layer 3
- 11 November, 2013 22:20
Cisco wasn't the only networking company making big virtualization news last week with the debut of its Insieme product line and Application Centric Infrastructure (ACI) strategy aimed at virtualizing the data center. F5 Networks, in addition to announcing that it will work hand-in-hand with Cisco on ACI integration, launched its own Synthesis Architecture for Software-Defined Application Services, which aims to virtualize networking functions above Layers 2/3.
In this interview with IDG Communications Chief Content Officer John Gallant, F5 CEO John McAdam and Manuel Rivelo, executive vice president of strategic solutions, talked about how Synthesis promises to speed application rollouts and simplify deployment of other Layer 4-7 services, even if customers haven't committed to software-defined networking (SDN). They also discussed their VMware and Cisco partnerships, which you can read about in the second part of this interview here.
I want to start off with the Synthesis announcement. What are the goals behind Synthesis and why did you undertake this?
Rivelo: When we talk to our customers, what we're seeing is there's a need for a much more dynamic, agile, flexible environment - an environment where applications can be deployed at a push of a button. There's been a lot of work done over the last decade around virtualizing the application space, virtualizing storage, virtualizing compute. But there's been almost no work around virtualization of the network. That work has started with things like SDN now, but what the customers have been telling us is that there's zero work being done in Layer 4 through Layer 7, and the virtualization of those services. To complete that vision of that flexible, software-defined data center, services also need to be provisioned that way. That's the space that we're targeting. It is the consolidation of Layer 4-7 services, helping customers move away from managing devices. And what I mean by that is a firewall and a load balancer, a point device, a physical piece of hardware, if you will, and instead managing services that enhance that user-to-application experience. So that's the premise.
John, why is this strategically important for F5?
McAdam: When we talk to customers a lot of them are aware that there still is some work to do to actually deliver something as elastic as this. But as we've been developing point products like TMOS and iRules and BIG-IQ - that's our orchestration automation system - we've also been integrating the whole thing around a complete value proposition. We can now offer that capability to the customer, that concept of being able to quickly deploy apps wherever, whether it's in a cloud, whether it's across global data centers, and secure them at the same time. We can actually do that now. It just fits so well with the fact that that's what the customers are looking for.
Orchestration is critical, so the BIG-IQ product was a critical stepping stone to that. We've also been introducing simplified business models and licensing as well, which is very much associated with the whole concept.
Which is one of the things I want to talk to you about as we go further along here. I read a piece that Zeus Kerravala did for Network World in which he said "The easiest way to think about Synthesis is to consider it a Layer 4-7 overlay fabric that sits on top of the software-defined network fabric." Is that an accurate description?
Rivelo: Yeah, that's perfect. We couldn't have asked for a more accurate article written.
So tell me -- I'm an IT leader: What does this allow me to do in the data center that I can't do today? Boil it down for people.
Rivelo: For example, whether you're using VMware's NSX environment or Microsoft's Hyper-V environment for network virtualization, or now Cisco's announcement that just came out, those are all different solutions in the market segment. You'll be able to orchestrate your environment. And what I mean by that is design your environment and instantly deploy all the application services tied to that application and the network. You're getting the environment up and running in minutes, whether it is running on your prem or in the cloud.
From a pure technology perspective, the other thing we do is consolidate the services. When you deploy our technology, we have multiple services inside that. We carry services around performance, availability, security, mobility, just to name a few. So depending on what service or services an application needs, we can automatically stitch them together in one instance, and that reduces device sprawl, if you will. You need fewer devices, instead you're managing services. And it reduces the cost of the infrastructure for the organization. We did some interesting TCO models that [show] depending on the solution you can get anywhere from 50% to 80% five-year total cost of ownership reductions.
[TECH TALK:IDG Enterprise CEO Interview Series]
It really comes down to four things. One is the business benefit of application velocity, helping customers deploy apps quickly. But obviously, that means that they have to be available, reliable, secure. They need to perform in all those characteristics. The second thing we do is really increasing IT capability. We give you a platform that is hardware, software and cloud, so that allows you to deploy your applications wherever you want and you're not making a hardware or software decision. You have a common platform, and you can deploy or let your apps sit, if you will, where they work best. We talked a little bit about the third benefit, which is reduced total cost of ownership. The fourth major benefit is really the future-proof environment. What I mean by that is we not only work with open industry standards and open technologies, but we are highly extensible. We open up our control plane, our data plane and our management plane. So if you need to do something, you need to build a service that doesn't exist, that a vendor hasn't delivered, we allow you to do that. One of the technologies we use is called iRules. Over a third of our customers tend to deploy iRules when we look at sample data. So that means you yourself can create business differentiation. Where the industry may not be doing it, you can do it for yourself.
John, does your direction with Synthesis speak to a hardware-less future for F5?
McAdam: The short answer to that is yes. I think it's going to be an evolution, not a revolution. Obviously we will continue to use hardware. We just announced a DDoS service capability, where we've actually proved some of the DDoS prevention in hardware is much faster and DDoS is by definition a volume type scenario. Having said that, we've completely embraced the overall concept of software solutions on their own and as a hybrid. So if you look at the solutions we've got, we don't really care if the customer wants to just apply a software-only solution or use our appliances or does a hybrid. The key to that is the fact that we've got this technology called Scale-N that allows you to scale across software and hardware, so you can scale up and down, you can scale across. Even more important is the fact that our BIG-IQ orchestration engine will manage a software version of our product the same way as it manages a system version, and basically allow you to work either in a cloud or on-premises. We're really pretty flexible with that. But in terms of the actual question -- Yeah, I do think there's going to be more of a move. We're seeing that. If you look at the software solutions as part of our revenue, it's been growing pretty aggressively, but it's still a small part.
Talk about these reference architectures, which Zeus referred to as recipes for how people would deploy this. Explain how that works.
Rivelo: Let's give you an example. Because we have all these services, this catalog of services that we talked about, they can manifest themselves in lots of different ways. And because, as John pointed out, we can interconnect the fabric in different ways -- cloud, physical, virtual, etc. - we can solve lots of different problems in lots of different places inside a customer's network. So, for example, we can do DDoS mitigation or protection, and that's usually a perimeter service, somebody coming into the network. But we could also secure a web application, as an example, or we can provide intelligent DNS or even, for service providers, things like LTE roaming solutions. We created this concept of reference architectures because they're actually the real problems that customers are trying to solve. And they can solve all these problems using the same component. It's just how you enable the component and what services you decide to enable at that place inside the network. We launched 11 reference architectures. They come with what we call a bill of material, or BOM, that has nine components inside that. That's technical documentation, solution diagrams, architecture diagrams, etc., helping our sales organization and our channel partners take that message to the customer. They are recipes. That's a way to look at it, ways of cooking up, if you will, the Synthesis portfolio, and we will continue to keep these reference architectures up to date as well as build new ones. It isn't as if 11 was a magical number, it was just what we could take to market based on the work required in the first stage.
Most customers, certainly in the enterprise space, are not yet at the point where they're actually deploying SDN; SDN is a fairly emerging trend, although it gets a lot of press. Is there value for them in this Synthesis architecture before they even get to SDN?
McAdam: Oh, yeah, totally. Take the DDoS reference architecture that we're talking about. That doesn't need to be in an SDN world. I mean that can be basically in data centers today. The beauty about having that sitting on top of Synthesis is that it allows us to really talk to the customer in terms they understand, about things they have issues with and relate to. It also makes it easier to implement. We're not waiting on product being available from our partners to do this. This is stuff that can happen in the data center today. As customers deploy SDN, it gets even better, because it makes that deployment even easier from a customer perspective, because that extends into the Layer 2-3 world as well.
Rivelo: And just to put a little bit more context around it, since we abstract ourselves from the network, [it works] any which way you can get a network to us. That could be a physical port off of a switch, that could be a VLAN, or the new generations of software-defined networks. Any way you get a network to us, we provide the services on top. Remember, the network is just the means to move data or packets back and forth, but what we provide is the stuff sitting on top. So all of these reference architectures are available for traditional networking solutions.
And just real quickly, in terms of timeline, when does it roll out?
Rivelo: Synthesis is out, we launched it. What we've tried to do, because it was at our sales event, was not only to launch this concept and this architecture with the reference architectures, all the collateral associated with it for our sales force. So they're in training, they're learning, they're excited, and we're going to market with it right now.
Beyond Synthesis, are there any other burning F5 issues that we should be talking about?
McAdam: There's a lot on our plate right now. We're going to be doing some fairly significant announcements in a few weeks as well regarding some cloud solutions, but it's really not the time to talk about that.
Solutions targeted specifically to cloud buyers?
Rivelo: Correct. You'll see more in the coming months here.
McAdam: On a similar subject, we also did a small acquisition. I don't know if you noticed an announcement pretty recently, a small company called Versafe, a fraud detection capability. They have a security operation center, so it's sort of an as-a-service type solution. You'll see us doing more of that type of solution in the future as well, not just point products.
That reminded me, one of the critical things that we're seeing customers wrestle with is how they integrate their own data centers with the cloud. So how will Synthesis help them with that?
McAdam: Oh, wow. I mean that's one of the user cases. We have a module called Cloud Connector, and basically it works with our software-only solutions, allows you to bridge. Let's say you wanted to move to the cloud maybe for seasonal reasons at Christmas because you needed more processing power, we can do that. You can go to Amazon, you can go to VMware, you can spin up our modules to make sure that's secure using our application firewall. And meanwhile you could be also using your own data center. That's available today.
That's great. So John, Manny, anything else that I should know about?
Rivelo: The way to think about that is that we give our customers different options on the way they procure technology. There are the traditional perpetual licensing models that are out there where they just want to own the technology, there's the subscription model. Some of it's just utility, meaning by the minute, by the hour for cloud solutions. Then there are bundles, if you will, groupings of technologies. We've launched, as part of our simplified business model, all of those, some of them that have existed and some new ones, and one that we call Good-Better-Best. And the principle is really straightforward. It's groupings of technology that work well together. The goal would be to make it easier for customers to deploy those reference architectures across their environment and that's gotten good reception by our sales organization. It reduces the complexity of all the feature functionality and makes it just faster for both the customer and for us to transact.
Read more about lan and wan in Network World's LAN & WAN section.