Among the announcements at last week's VMworld came news that F5 is joining the VMware Ready Program for Networking and Security and will integrate its Big-IP with VMware's vCloud product suite. The company has also made two small but vital enhancements that ensure a seamless and consistent VMware View experience, all of which showcase VMware's ability to rely on partners to provide necessary functions that its products lack.
Getting to a private cloud means automating the configuration and management of all the elements required to deploy and manage an application. Early attempts at adding load-balancing features via orchestration software have been limited to selecting an application pool or virtual IP. Automatically configuring network devices like load balancers and firewalls often means configuring devices in preparation for an application deployment--a manual process that stops automated deployment in its tracks.
When Microsoft announced its Azure Private Cloud software, the company also announced F5's support for load balancing Azure Private cloud instances. However, that support is limited to merely adding a host to a server pool in System Center 2012, and meant Big-IP administrators had to ensure that configurations were preset in its appliances. We got the sense at the time that F5 was frustrated with Microsoft relegating Big-IP to simple load balancing. In contrast, the partnership with VMware makes 100% of the Big-IP programmable features available to vCloud Director, such as load balancing, application delivery, SSL VPN, SSL offload and Web application firewall.
Application policies using Big-IP's ADC features are defined in F5's centralized management application Enterprise Manager as iApps. The iApps are presented to vCloud Director in a catalog; when a new application is created on vCloud, the user selects the iApp from the catalog and it will be applied to any physical or virtual Big-IP appliance. As applications move from location to location, such as between data centers, the iApp policy is applied to the Big-IPs that will be serving the application. IT no longer needs to maintain consistent policies across Big-IP appliances because the iApps will be applied on demand.
The next step is for VMware, or some other vendor, to provide an abstraction layer that ensures that an application policy can be applied to network appliances, regardless of which product actually executes the policy. If VMware can get network device vendors that make firewalls, content managers, load balancers, etc., to provide similar template-based configurations, the resulting combination of vCloud and integrated products will let customers swap appliances without disrupting the applications that rely on them. For example, both F5's Big-IP and Citrix's NetScaler offer similar ADC features, and an application policy could be carried out by either one. Obviously, different products have unique features, so 100% feature parity won't happen--but there is a lot of commonality that can be leveraged.
Next: Getting a Better View of VMware