WHITE PAPER
Is Your Application Delivery Approach Optimized to Meet
the Needs of Your Globally Distributed User Base?
Sponsored by: Akamai Melanie Posey
December 2014
EXECUTIVE SUMMARY
The rapid growth of mobile device usage in the enterprise, global expansion, and cloud adoption are moving applications and their associated connectivity outside of traditional WAN-connected corporate sites.
This convergence of developments is taxing IT organizations' ability to provide the connectivity required to support access to corporate IT resources. As a result, today's IT organizations are challenged by the need to manage a diverse fabric of networks, and these networks are being called upon to perform as never before. They must address diverse end-user connectivity profiles (e.g., MPLS based, Internet based, and mobile) as well as various application origin scenarios (e.g., internal enterprise or external service provider datacenters, external public cloud infrastructure, and/or external software-as-a-service [SaaS] cloud-based apps).
Increasingly, application developers and enterprise IT architects must work together on decision making and planning related to application delivery architectures. Key areas for discussion include application sourcing, hosting platforms and locations, business continuity and disaster recovery (DR) plans, and end-user access, device, and experience requirements. IT organizations require application delivery solutions that are enterprise class and cloud ready; are able to deliver high performance, availability, and security; are simple to both consume and migrate; and can be effectively leveraged across a dynamic portfolio of applications and business processes.
These attributes take on heightened importance now that corporate application delivery networks must support Internet-based access to not only internally hosted applications but also business applications running on third-party cloud infrastructure (infrastructure as a service [IaaS] or platform as a service [PaaS]). Accordingly, it is critical to extend the enterprise network beyond the corporate WAN and enterprise datacenters to the "outside" (i.e., the public Internet) to optimize access to applications to all organizational stakeholders, regardless of where the end users are or where the applications are hosted.
IN THIS WHITE PAPER
This IDC White Paper addresses the challenges involved in ensuring cost-effective, performance-oriented delivery of Web-based corporate applications hosted in enterprise datacenters and, increasingly, in third-party cloud-based architectures. Akamai, a leading cloud-based application delivery provider, has successfully extended its familiar content delivery network (CDN) offering to the enterprise applications arena with a holistic solution that enables rapidly globalizing companies to provide "anytime, anywhere, any device" access to distributed business ecosystems of employees, suppliers, customers, and partners. Akamai's cloud-based offering accelerates performance
symmetrically, at both ends of Web-based application environments — at the enterprise edge near the datacenter (close to the application itself) and at the Internet edge (close to the application's end users, whether they are employees, customers, or business partners).
SITUATION OVERVIEW
Enterprise Networks and Application Delivery:
Reaching the Breaking Point
Enterprise networks are the lifeblood of business organizations, connecting distributed ecosystems of employees, partners, suppliers, and customers to increasingly centralized Web-based applications (e.g., enterprise resource planning [ERP], intranets, ecommerce sites) that drive business operations, productivity, sales, support, and ultimately revenue growth. However, the changing nature and velocity of business, the pace of technology innovation, and growing business adoption of Web-based,
Internet-delivered applications for internal- and external-facing functions have altered the shape of corporate network architectures and are converging in ways that test the limits of traditional application delivery frameworks.
Today's networks are being called upon to perform as never before because they must address diverse end-user connectivity profiles (e.g., MPLS based, Internet based, and mobile) as well as various application origin scenarios (e.g., internal enterprise or external service provider datacenters, external public cloud infrastructure, and/or external SaaS clouds). Furthermore, business
transformations such as globalized business operations, remote/mobile workforces, highly distributed supply and distribution chains, and applications delivered via the SaaS model create new challenges for IT managers tasked with providing dispersed communities of end users with secure, reliable, and optimized access to critical business applications and processes.
Application Delivery Challenges
Corporate WANs are now far from the sole delivery mechanism for critical business applications and content, and these resources are no longer confined to enterprise datacenters. Datacenter consolidation and IT centralization initiatives are moving applications further away from WAN-connected corporate sites, while growing end-user mobility and global expansion are extending the connectivity requirements for corporate IT resources (see Figure 1).
Furthermore, many enterprise applications were not designed with the remote user in mind. Applications designed to run on LANs often do not perform well over WANs, and those with long "think times" caused by tasks such as database lookups, calculations, and/or third-party API calls can hinder application performance on even best-in-class enterprise LAN and desktop deployments. Performance across the enterprise can be further impacted by the attributes of various end-user device types, LAN/WAN
configurations, connectivity methods, and the potentially variable requirements of end-user communities.
IT managers are also feeling the pressures brought on by the consumerization of IT as global end users who are accustomed to acquiring on-demand capabilities from the cloud outside of work start demanding the same type of instant access to applications and content in their work lives as well. The easy access/pay-per-use nature of cloud services will also enable considerable "rogue" cloud
purchasing, meaning that business consumption of IT/application resources has the potential to happen outside of the enterprise IT department's purview and control. Increasing levels of line-of-business "do it yourself" IT can have serious consequences for network security, regulatory
compliance, overall business process performance, and end-user satisfaction. If IT were able to easily satisfy the delivery needs of these application scenarios, it would help minimize the need for "rogue" cloud purchasing and, for many enterprises, enable IT to empower the business to innovate via the cloud while adhering to an IT-driven set of operational standards (e.g., performance, security, service-level agreements).
FIGURE 1
End-User Needs to Drive Next-Generation App Delivery
Source: IDC, 2014
Consistent app performance regardless of end user, device type, or app hosting location
Instant access — anywhere, anytime
Satisfaction across a global distributed business ecosystem of employees, suppliers, customers, and partners Expansion into new
geographies quickly and easily
High productivity requirements Fast and broad user adoption
of new applications
Access Diversity
The corporate WAN is no longer the primary delivery mechanism for critical business applications and content because the business' users are no longer exclusively tethered to it. Instead, the Internet is the only viable way to deliver applications to the distributed ecosystems that need to leverage them. Branch/remote-office employees and mobile users typically access centralized corporate applications via Internet-based IPSec or SSL VPNs. However, the user experience may be compromised by bandwidth limitations and distance from the origin service (i.e., latency), resulting in spotty availability, inconsistent performance, and other barriers to efficient use of productivity-enhancing applications. The cost and management advantages of centralized application infrastructures are lost if
performance is slow, unreliable, or unpredictable.
End users external to the organization (e.g., customers, suppliers, and partners) face similar challenges when using the public Internet or Internet-based connectivity to access store locators, support portals, ecommerce, order entry, inventory management, and other transaction-enabling systems. When application performance is suboptimal, productivity drops and end users become frustrated and may refuse to use the applications or circumvent IT and procure capabilities directly from third-party cloud providers. External end users may simply move on to other vendors or business partners.
While the public Internet provides a global, ubiquitous any-to-any medium for application and content delivery, the inherent limitations of this "network of networks" can degrade key enterprise application performance and resiliency. Erratic performance affects user adoption, satisfaction, productivity, revenue, and profitability.
Application Origin Diversity
IDC research shows that about 25% of U.S. businesses have adopted cloud computing, either developing and deploying their own applications and software on third-party IaaS or PaaS systems or sourcing application functionality directly from SaaS providers such as salesforce.com and NetSuite. As a result, enterprise datacenters are no longer the sole repository or origin for critical business applications and content. Therefore, corporate application delivery networks not only must support Internet-based access to internally hosted applications but also must enable optimized Web access to business applications running on and delivered from third-party cloud infrastructure.
Application origin diversity (along with network and Internet access) contributes to the growing
complexity of enterprise application ecosystems. When application delivery and access were confined to end users and private datacenter-centric IT stacks on the corporate WAN, IT departments could leverage traditional WAN optimization/application acceleration techniques to ensure the availability and performance of internal- and external-facing corporate applications. Now, however, easily scalable Internet- and cloud-native application delivery solutions are required.
Security, Visibility, and Control
The need for security, visibility, and control takes on heightened importance as business processes become Web enabled. Meeting this need was difficult enough when business processes took place within closed private corporate networks. Now that enterprise application delivery networks support Internet-based access to internally hosted applications and externally hosted applications and business processes, the potential for security issues and performance-related impacts increases exponentially.
As the network edge extends out to the public Internet, the corporate IT security perimeter must follow, with an enterprise IT demilitarized zone (DMZ) that provides authentication, Web filtering, antivirus, distributed denial-of-service (DDoS) mitigation, and intrusion prevention capabilities — as well as application acceleration — on the WAN and across the public Internet. Cyberthreats continue to rise and are constantly mutating and evolving in scale, so network security must be proactive and dynamic. Disruptions in application availability and integrity can result in decreased employee productivity, lost revenue, unauthorized access to critical corporate and customer data, customer dissatisfaction, and adverse impact on the corporate brand.
In addition, IT managers require visibility into the "inside out" and "outside in" application traffic flows to monitor the end-user experience end to end and edge to edge. This capability makes it possible to adjust security or performance measures as needed in response to changing conditions such as peak-load or demand-spike application usage scenarios and Internet backbone route congestion.
Enterprises must change the way they think about their network/IT architectures and develop new strategies that address new application delivery requirements. These requirements include support of globalized operations, pursuit of market opportunities in new geographies, and optimizing the
performance of employee-facing back-end business processes and customer-facing services and applications. Given that applications and end users are increasingly location agnostic, enterprises must ensure that applications perform (regardless of where they are hosted) for employees, partners, and customers (regardless of where they are located).
Next-Generation Application Delivery
The growing complexity of enterprise application ecosystems requires a holistic delivery approach that embraces the Internet. This type of framework would support multiple connectivity scenarios (public Internet, private IP, and mobile), various application hosting models (internal/external, IaaS, and SaaS), application performance profiles, and security profiles. Such a unified approach to application delivery offers a flexible environment that enables anytime, anywhere, any device access to key applications and resources used by increasingly distributed business ecosystems of employees, suppliers, customers, and partners.
This approach provides the performance, resiliency, and security needed to drive end-user productivity and customer satisfaction as well as cost/operational efficiency and improved revenue generation for the enterprise. To get there, IT organizations must change the way they think about their IT architectures and develop new application delivery strategies that accommodate end users accessing applications via not only the public Internet but also external/public cloud resources, which nearly 30% of U.S. businesses leverage on a regular basis, according to IDC's 2014 U.S. Enterprise Communications Survey. U.S. businesses polled in IDC's 2013 CloudTrack Survey reported plans to shift 38% of IT spending
currently allocated to running applications in-house to public cloud/SaaS applications and services. As this transition to the public cloud continues, more and more applications will be accessed via the Internet over time.
Technology and business transformations drive changes in enterprise IT, and application delivery platforms must take into account multiple hosting and access scenarios. For example:
Applications traverse both public and private networks, with end users accessing applications from within the firewall and outside the firewall.
End users are increasingly mobile and very likely need to access corporate applications from multiple devices as well as multiple locations.
Centralized applications and infrastructure must handle highly distributed end-user
communities and extend access to users in new geographies as business operations globalize to support growth.
End-user applications increasingly require the network to handle real-time transactions, communications, and transmission of business-critical files.
Applications are becoming composite in nature and may require API calls to multiple sources (i.e., private internal and public cloud data centers) to complete functions and transactions. For example, a new sales force enablement tool might draw on several geographically dispersed databases and content servers to deliver real-time price quotes to the customer.
Increased use of Internet-based connectivity means that businesses need flexible security features to mitigate the impact of constantly evolving threats.
As enterprises develop their global application delivery approaches, they face a fragmented array of options. The traditional application delivery toolkit consists of WAN optimization controllers (WOCs) installed on both ends of WAN links and application delivery controllers (ADCs) installed in enterprise datacenters or installed virtually in cloud infrastructure stacks. To the extent that application delivery and access are confined to end users on the corporate WAN, these techniques are a suitable approach to improve application performance. These traditional approaches improve application performance across the network using optimization techniques such as caching, compression, data deduplication, protocol optimization, traffic management, load balancing, and SSL offload at the application layer (enterprise datacenter) and at the network layer (branch-office connectivity).
Traditional application delivery approaches, however, do very little, if anything, to optimize the
exponentially growing demands of Internet traffic or cloud-hosted applications. Furthermore, installing and managing WOC and ADC devices in the datacenter at each branch office are complex, capital- and labor-intensive tasks, requiring dedicated IT staff at each location. As enterprise IT/network environments move beyond the enterprise datacenter to embrace the public Internet and clouds, the traditional application delivery approach is no longer adequate to ensure true end-to-end application delivery of globally distributed applications to globally distributed end users.
Compounding the challenges, the ability to manage increasingly diverse end-user and application ecosystems, as well as escalating end-user expectations, becomes a top priority for IT managers. The flexibility benefits of "cloud sourcing" and distributed networking cannot be realized without high levels of performance and availability from the "best efforts" public Internet. Companies need new solutions for the
performance optimization/management and security of all applications, regardless of where they are hosted. Corporate IT must enable a consistent application experience for end users wherever the end users or the applications may be located.
AKAMAI'S OFFERING: CLOUD-BASED APPLICATION DELIVERY
Akamai, a leading provider in the CDN market, has a strong value proposition for global application delivery — ensuring that users benefit from fast, reliable, and secure Web applications, regardless of where they, or the applications, are located in the world. The Akamai Intelligent Platform (intelligent software on a globally distributed network of servers in thousands of locations close to both the applications and the end users) constantly monitors Web conditions to:
Overcome BGP peering inefficiencies in real time and ensure users are routed via the most optimal Internet path available.
Make and enact optimization decisions based on comprehensive knowledge of network, user device, datacenter, and cloud infrastructure conditions.
Provide instant device-level detection and optimization. Identify, absorb, and block security threats.
Leverage and provide unprecedented business and technical insights to ensure continuous optimization and IT efficiency.
The public Internet is now a core extension of the enterprise IT network fabric. As applications are delivered from private and public clouds, IT managers should look to service providers with the expertise, breadth (performance and security) on a global scale, and reach needed to bring the
Internet layer into an integrated enterprise application delivery fabric. Akamai is an example of the type of service provider that is able to apply cloud-based acceleration and optimization technologies to issues such as latency, availability, security, and control, which adversely impact Web application performance and end users' application experience. In addition, Akamai's opex model helps organizations achieve greater adoption of Web applications through improved performance and availability while freeing IT decision makers from capital investment in hardware and the associated ongoing management and maintenance costs.
The highly distributed nature of the Akamai Intelligent Platform means that the acceleration capabilities can be accessed from Akamai's servers located in close geographic proximity to both end users and applications (see Figure 2). This is especially important for a globally dispersed user base because application performance suffers with increased distance between the application origin and the end user requesting use of the application. Ubiquitous reach is an essential architectural feature needed for enterprise global application delivery. Because of the global scale of the Akamai Intelligent Platform, fewer network hops are required to deliver content and data to the end user. The result is faster application response time. Other solutions (e.g., ADCs, MPLS Internet gateways, and simple caching) cannot overcome the performance and resiliency challenges that organizations face when relying heavily on the public Internet for application delivery. Additional capabilities in Akamai's offering include load and cloud balancing, dynamic route optimization, intelligent edge caching, TCP
optimization, network- and application-layer attack mitigation, and adaptive DNS mapping, which further contribute to improved application performance and resiliency.
FIGURE 2
The Internet Is the Enterprise Network
Source: IDC, 2014
The ideal architecture for delivery of applications over the Internet requires three key components: globally distributed edge locations, two-sided (i.e., symmetrical) optimization (at the datacenter or cloud infrastructure edge and the end-user/Internet edge), and application delivery optimization capabilities that are cloud based. Key features of the cloud-based Akamai Intelligent Platform include:
The Internet edge: A cloud-based platform with over 160,000 servers on thousands of edge and backbone operator networks positioned to deliver secure, high-performing user
experiences to any device, anywhere
Real-time application delivery optimization: Real-time optimization decisions based on the dynamic and situational requirements of devices, networks, locations, and browsers
Branch-office Web application delivery: Provided via a fully integrated Cisco-Akamai solution that extends the Akamai Intelligent Platform into Cisco routers to deliver optimal and
cost-effective Web application performance to branch-office users
Security: Cloud-based services that detect, identify, and mitigate DoS and DDoS attacks at the edge before they impact the origin infrastructure (Akamai's security services can protect all Web- and IP-based applications.)
Web Application Firewall (WAF) services: Protection against application-layer attacks in HTTP and HTTPS traffic, such as SQL injections and cross-site scripting (XSS), while keeping application performance high
Global Traffic Management and Real-time Failover: Traffic routing management across multiple datacenters and cloud infrastructure providers with a higher degree of control and assurance than is available with DNS-based global traffic management solutions alone (Akamai's technology can
Corporate datacenter (On-premises or cloud)
Los Angeles
Akamai Intelligent Platform
Mexico Hong Kong Buenos Aires Melbourne Cloud Hosted Apps Cloud Hosted Apps Cloud Hosted Apps Private IP WAN New York London Beijing
also maintain session stickiness for subsequent requests. In addition to balancing traffic, Akamai provides real-time failover in the event of downtime.)
Real-time visibility: Insight into user experience and application performance activity across multiple origin sites and/or cloud infrastructure providers, providing IT with continuous optimization and problem-solving insights
Dynamic Page Caching: Powered by advanced options that allow caching of content that was previously considered uncacheable (This results in increased page load performance and additional offload of the application and database tiers enabled by content/data caching rules at the edge.)
Akamai Instant: Next-level prefetching that allows application owners to define which
application pages are most likely to be accessed next by an end user requesting those pages from the origin ahead of time and caching them at the edge — that is, close to the end user (This not only boosts performance but also assists applications with long think times, which are caused by tasks such as database lookups, Web services calls, or complex calculations.) Application Origin Protection: Provides an additional layer of defense that prevents attackers
from bypassing cloud-based protections and targeting the application origin by restricting direct access to the origin
Enterprise DNS Mapping: Overcomes problems related to centralized enterprise DNS
infrastructure by redirecting end-user browser requests to a more optimal server based on the client address
Mobile Detection and Redirect: Rapid identification of mobile device traffic and redirection to mobile versions of the application to ensure that the most appropriate content is served
CHALLENGES/OPPORTUNITIES
To meet customer requirements, Akamai is delivering a strategy and a solution that enable enterprises to harness the benefits of the Internet and cloud computing, improve IT efficiency, and drive revenue growth. While the value proposition is strong on its own, customers use Akamai's cloud-based application delivery solutions to complement — rather than replace — existing application delivery infrastructures, particularly for performance-sensitive Web, cloud, and mobile applications.
Despite the overwhelming need to revamp traditional application delivery approaches, there are still challenges to customer adoption of such a strategy, including:
Device centricity. Many organizations still prefer to implement network equipment–based application delivery strategies. According to IDC's 2014 U.S. Enterprise Communications Survey, more than 60% of enterprises currently using WAN optimization/application acceleration leverage in-house solutions based on hardware and/or virtual appliances. Network equipment providers are increasingly positioning application delivery as integral to next-generation networking deployment, implementing application acceleration and WAN optimization technology in both datacenters and remote branches to create best-in-class networks. Akamai has an opportunity to complement existing application delivery network deployments by bringing the "outside" (i.e., the public Internet) into the private corporate WAN, thereby offloading application-related data and content delivery from the existing network and reducing WAN bandwidth consumption. The joint offering with Cisco is designed specifically
for this purpose. To advance its value proposition with device-centric enterprises, Akamai needs to drive home the benefits of a cloud-based offering, particularly for applications that require geographically dispersed deployment to serve distributed end-user audiences.
Enabling adoption of cloud-based services. As the ecosystem of cloud-based services evolves from email to more complex applications such as enterprise resource planning, Akamai has an opportunity with both the providers and the consumers of these services. To showcase how Akamai can enable secure, optimized delivery of cloud-based applications, the company should strengthen existing partnerships with SaaS and IaaS providers (as well as enterprises deploying SaaS-based internal applications) to further embed its technology in their
application delivery platforms, thereby potentially accelerating enterprise adoption. Emerging approaches to cloud-based application performance improvement. Cloud
infrastructure service providers such as Amazon Web Services, Microsoft Azure, and
salesforce.com have introduced private network connectivity options (point to point and MPLS VPN based) into their IaaS and SaaS offerings. These "direct connect" networking solutions get around the performance, security, and reliability issues of the public Internet for specific use cases by providing dedicated connectivity to cloud infrastructure and applications. However, these private network options are limited to the datacenters into which the cloud service providers allow a subset of the world's network operators to direct connect, resulting in limited scope for global load balancing. Furthermore, these direct connections do nothing to improve performance for public Internet users. In addition, some cloud providers' private network interconnection takes place in multitenant datacenters such as Equinix or Interxion, which can involve multiple hops from the end user to the enterprise datacenter and then on to the application.
CONCLUSION
The convergence of evolving IT architectures (cloud-based infrastructures, Internet access to enterprise datacenters), globally distributed operations and business ecosystems (onsite and remote employees, customers, suppliers, partners, and other enterprise stakeholders), and increasing end-user mobility requires new cloud delivery models that drive innovation in the ways that global organizations communicate, generate revenue, and design their networks.
Next-generation application delivery networks enable new IT architectures that ensure optimized performance for all enterprise applications (both internally and externally hosted) being accessed by all participants (internal and external) in today's extended enterprise ecosystems. IDC believes that as enterprise network traffic moves from static "point to point" to "many to many" traffic flows, enterprises must take a holistic approach that accommodates "outside in" enterprise networking environments where the end users and applications increasingly enter the enterprise via the public Internet.
Organizations are leveraging cloud-based application delivery solutions such as Akamai's to mitigate the performance and security issues of the public Internet and facilitate common delivery strategies for Web-based enterprise applications and the diverse constituencies that use them. As organizations make their networks both enterprise ready and cloud ready, they will reap the benefits of a simplified application delivery fabric, increased control over application performance, and enhanced security. The result is higher levels of application adoption and usage by employees, business partners, and customers.
About IDC
International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications and consumer technology markets. IDC helps IT professionals, business executives, and the investment community make fact-based decisions on technology purchases and business strategy. More than 1,100 IDC analysts provide global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries worldwide. For 50 years, IDC has provided strategic insights to help our clients achieve their key business objectives. IDC is a subsidiary of IDG, the world's leading technology media, research, and events company.
Global Headquarters
5 Speen Street Framingham, MA 01701 USA 508.872.8200 Twitter: @IDC idc-insights-community.com www.idc.com Copyright NoticeExternal Publication of IDC Information and Data — Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason.