Understanding IaaS + Citrix Secure Digital Perimeter & Workspaces deployed in a Public, Hybrid or Private Cloud world powered by Citrix Cloud https://citrix.cloud.com/ + Serverless for Web Apps from LAMP by https://twitter.com/lyndonjonmartin
Conversations today (2018) with customers, partners (current vs. boutique), consultants, ISVs and vendors alike have a laser focused attention (bias) towards business or digital transformation including the adoption + consumption or Public Clouds (IaaS) providers which in my definition by example are providers such as the following in alphabetical order but not limited to Alibaba Cloud, AWS EC2, Azure, Google Cloud Platform, Oracle Cloud e.t.c
I would like to offer some simple rules that I have see in action, understood and learnt personally + professionally from some engineers I have had the privilege of working with when I was working at a MSP in central London and through my own experiences. Some of those engineers today within teams run/manage Tier 1 IP transit carriers e.g the back bone of the internet and some of them actually in a previous life built the infrastructure to support these carriers e.g the data centres. Two of them also within a team (pre that MSP) built world class banking trader platforms so resilient + fast it still blows my mind way today writing this sentence thinking about those conversations so YES I have learnt alot from some exceptionally talented individuals, my own observations + experiences + mistakes (not major thankfully) and through customer advocacy which has also enabled me to work alongside some of the smartest people on the planet.
Some of the technology from over a decade ago is only hitting the enterprise today which has made me think more about my technical + technology roots and what I call “the core vs. going back to the core” which is powered by Tier 1 IP transit carriers and Tier 3/4 data centre providers. Naturally over time I have created a simple but very important set of rules or principles that I adhere to and that should be understood by any organisation at all tiers from the CxO to the Head of IT to the Engineers or SysAdmins deploying, configuring and running workloads, mgmt. infrastructure (plane) before embarking on a journey to the Public Cloud vs. developing a Hybrid Cloud strategy.
Yes 100% you can consume Public Cloud however the follow rules must apply and will naturally lead towards a Hybrid Cloud strategy.
1. +Recognise that Hybrid Cloud (or Service) is king for all tiers
2. Respect (IaaS/Public Cloud) it e.g how it works vs. operates
3. Move only workloads that are *right vs. relevant+
4. Switch to PaaS services for mgmt planes to support business outcomes + transformation journeys again * and also only move WHEN * and don’t just assume it’s like a light switch ON vs. OFF like often most organisations + individuals think public cloud & PaaS is like.
5. Build your mgmt. planes if choose NOT to consume PaaS the way they would e.g local connectivity east & west + north & south consuming separate physical IP transit carriers and consume separate data centres + providers in separate countries if at all possible. However for some customers due to compliance this is simply not an option for them so deploy this strategy in country well over the minimum required distance by certification vs. compliance.
6. Your core + critical LOB apps should be able to with stand both minor and major outages of any type while keeping your business operating and transacting with customers vs. suppliers.
7. Do not be afraid to work with a MSP the best ones become an extension of your IT team which is very important for several operational, compliances reasons including continued DevOps, Transformation and Innovation. Note: The really good ones are NOT cheap but well worth it and equally VERY VERY hard too identify so ask!
8. Don’t dive into any cloud type model without a trusted advisory to support you e.g a competitor just did it, they saved alot of costs and improved share holder value by x we are going to do it now. They probably brought in a boutique advisory firm 12-36 months ago whom keeps them regularly updated with trends and outcomes at multiple tiers enabling all of there current success. Again ask!
9. Revisit your TCO https://en.wikipedia.org/wiki/Total_cost_of_ownership, ROI models – https://en.wikipedia.org/wiki/Return_on_investment in a DevOps style approach but not as frequent as DevOps.
10. Sizing and scaling workloads based upon existing vs. net new traditional h/w setup & configurations just doesn’t work most of the time. I minor exception to this is if you are running a cloud style HCI appliances you are way better prepared all around but again don’t just assume.
Experience has taught me managing customers in a previous life that a managed public cloud powered by a MSP is very fruitful (follow the rules) for everyone involved as it enabled true live business continuity, burst capacity + agility where required, stronger security controls, IT skills of world class engineers, the customers engineering team has down time to support innovation + transformation and finally better overall app + infrastructure management resulting in awesome outcomes and experiences for customers.
I also quickly observed with customers they went from consuming the managed Public Cloud platform as a strategy play to it becoming the primarily platform of choice with the existing data centre fabric running in the managed colo racks upgraded with new kit to reflect an internal managed Public Cloud linked to the MSP’s platform or they converted the kit to become a DR site.
If you choose to follow a handful of this rules or principles at the start even during of your journey to the Public Cloud you’ll be a little better off I believe. I am a huge advocate of IaaS so its important to me that organisations are able to embrace it but on there own terms where it is right vs. relevant to them.
The views expressed here are my own and do not necessarily reflect the views of Citrix.
The views expressed here are my own and do not necessarily reflect the views of Citrix.
CONTENT DELIVERY NETWORK – cdn
SECURITY ASSERTION MARKUP LANGUAGE – saml
FEDERATED AUTHENTICATION SERVICE – fas
LOAD-BALANCING – l/b
NETSCALER UNIFIED GATEWAY – nug or netscaler ug
NETSCALER – ns
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
INTERNET SERVICE PROVIDER – isp
MANAGED SERVICE PROVIDER – msp
Yes I will be talking about Citrix NetScaler only here as I am a Citrite, this blog post is more about methods vs. technical guidance so lets begin. In a previous life prior to my current role at Citrix I worked for a managed Internet Service Provider (mISP) or MSP where the customers I used to manage where required to deploy app, database & web servers (infrastructure) to service + support customer transactions at a massive scale but also ensuring a fast vs. efficient user experience at scale vs. normal usage. Today I am go explore how to optimise the delivery of web-based service fronted with(out) a Citrix NetScaler from startup to a global organisation we all can’t live without!
My scenario will focus on taking a web based service that you’ve developed as a start-up running on a single VM at instance type of any size running LAMP to be a continually hyper responsive web service as the load increases or popularity of the web service by first implementing simple but very effecting SysAdmin techniques. Your company is now born you’ve found a niche in a market segment/vertical and you’ve adopted a framework for development to build your web service platform on and you’ve identified where to host vs. run your web service from.
Optimising your Web Service to be Hyper Responsive with(out) NetScaler
You can deploy a successful vs. highly available web service without any ADC yes that is right, however there does come a point when its right vs. relevant and you will need to implement an ADC like Citrix NetScaler. So how can you? Well it comes down to thinking like a SysAdmin sometimes how can I optimise by removing stuff vs. consolidating roles or migrating them to alternative platforms.
Lets examine your Web Service that we’ve just launched its currently a single VM instance for argument sake its hosted in a public cloud like AWS vs. Azure vs. GCP or even a private cloud perhaps running on a XenServer host :-). You’re happy and believe your ready to begin your journey with your new startup so you begin promoting it socially on Twitter, LinkedIn, Instagram e.t.c and slowly over a few weeks the demand for the web service begins to grow steadily and you notice that the responsiveness isn’t 100% what it was a the time of launch so you schedule a maintenance window at say 04:00 GMT and scale up the VM instances compute resources to 4vCPU and 24GB of RAM including attaching another SSD HDD and you shift the content e.g images, CCS style sheets and JQuery files onto this HDD to improve performance by shifting I/O Reads for content onto another HDD.
Web, Database & Content Roles running on a single Web Server ■
Happy days your web service is now back to that 100% (Initial launch experience) but now fast forward a few more weeks vs. months and your web services popularity increases organically vs. social and traditional marketing campaigns so your back to its not quiet as responsiveness anymore vs. isn’t 100% what it was a the time of launch so you schedule a maintenance window to perform some careful real-time investigation work to understand where are the bottle neck(s)? Each Web Service today in my personal opinion will have difference bottle neck(s) this is down to how its developed to run (standard alone vs. h/a cluster vs. globally distributed) vs. coded (framework vs. ground up framework) so careful monitoring of your web service platform from inception to the current date and the future is critical to help you continually truly scale your web service.
After reviewing the gathered insights from various tool(s)* you can see that the number of Reads to the HDD is quiet high and all to often I have seen decisions made to shift the database away from the web service onto another VM instance without checking what service is responsible for all those Reads and what location on the HDD the Reads are occurring from!? In my personal experience its mostly like not the database BUT the content e.g images, scripts, stylesheets that cause the high I/O Reads on the HDD when serving up content to load the web pages for customers on there end-points however with proper coding of your web service you can reduce this by caching the content on the users device (Laptop, PC, Mac, Smartphone, Tablet, Thin client) so when they change web pages there isn’t a hit on the web server (look at NetScalers HTTP Compression technology aswell) for the exact same content BUT only for what has changed perhaps image(s) of items they you want to acquire including its price + title + description collected from the database e.g change of search or click on the next/back buttons of there found vs. filtered results.
At this point you can do one of three things (1) you can migrate the database to an external VM instance and change the web service to connect to the database on now a remote server which is most commonly down without proper investigative work (2) if your in a public cloud you could choose to utilise a PaaS database service this option is not for everyone in my personal opinion just yet and its not necessarily a technology vs. security adoption blocker but I believe its a analytics blocker if the public cloud provider chooses to come into my market and also its way to NEW for me most common theme (3) keep the database exactly where is it and begin to or shift to delivering your Content via a CDN model or sometimes referred to as an Image Farm i.e the bits that make your website look good and the way it looks e.g images, logo, CCS style sheets, JQuery scripts that provide functionality + experience. This approach will help improve the users overhaul experience at any stage because the content is delivered via CDN model or method – https://en.wikipedia.org/wiki/Content_delivery_network (Example www.youtube.com) and not via the web server servicing up the webpage(s) from the web service anymore and typically the responsiveness of web service leads to a better experience for customers and there satisfaction goes up using your web service! This approach free’s up vital compute + I/O resources on your web server running your web service. Visit your favourite online retailer, ISV e.t.c and view the HTML source you’ll see what I mean! Most organisations typically don’t implement this earlier enough and often will implement this strategy after the ADC is deployed as the right vs. relevant skillset for managing your web service at scale simply is not available within the business yet.
Web & Content Roles on single Web Server ■
Database Role on separate remote Server ■
Happy days! Your developer suggests to implement lets just keep it simple Round-robin DNShttps://en.wikipedia.org/wiki/Round-robin_DNS so that he can make the web service multi web server enlightened e.g clustering so after some tests he/she deploys the new code onto the PROD web server and deploys 1-2 more web servers completes his tests and implements and deploys Round-robin DNS. Personally this is NOT something I would ever implement as if you don’t manage your DNS correctly with someone who knows what they are doing you could fall victim to DNS cache poisoning – https://en.wikipedia.org/wiki/DNS_spoofing or worse and bye bye web service = bye bye business! In a previously life prior to Citrix working at a mSP DNS management was taken very seriously for customers as without it your business would not be available online and the net outcome is simple you cannot transaction business to turn a profit and keep shareholders happy! Back to the blog so you know have a cluster enlightened web service platform to give you scale although its not prefect in my personal opinion with this strategy.
DNS Round-robin DNS
Web & Content Roles on Web Server ■ ■ ■
Database Role on separate remote Server ■
Happier Days lie ahead as more bottle necks in your web service have been resolved and the web service is becoming even more and more popular with customers in the particular City vs. County that you initially launched the web service from BUT now as more time passes and the business continues to growth from strength to strength, month on month you once again notice that the responsiveness isn’t 100% what it was a the time of launch vs. the last architectural change(s) that where made to enlightening web service platform and that you choose to switch the database to a remote VM instance, and I also am going to assume you did not implement the CDN concept for content (images, CCS, scripts e.t.c). So your business is now profitable and at a level where you have on-boarded the right vs. relevant skillset within the business to help take your web service to the next level i.e regional vs. GEO vs. global scale or you hire in external but experienced ADC professionals to help with the re-architecture of your web service platform or your go Serverless (Follow-up article!) but we’ll leave that one for todays post as its another blog post all on its own.
Upon investigation utilising various *tools (Network, Cacti, SmokePing, TOP e.t.c.), reviewing historical data points vs. graphs the decision is made that your web service platform now needs to adopt an (NetScaler) Application Delivery Controller (ADC) to scale smarter, intelligently and more efficently on-demand as the business grows while also ensuring high-availability 99.xxxxx% (You choose your 9’s) uptime 24/7/365 and to also maintain that initial customer experience during your startup phase or day 1 trading of business. In my view when implementing an ADC correctly the responsiveness should equal at scale if not be better than that first time you deployed your web service. At this stage most likely dependant upon the web service (What is it? game platform vs. online store e.t.c) you’ll potentially implement the following architecture to easily support a GEO or a region(s) within a GEO e.g EMEA or global scale and remove that Round-robin DNS method!
What is NetScaler?
It’s a Layer 4-7 networking appliance https://www.citrix.com/networking/ that allows for securing and acceleration of workspace, web and app workloads while remaining transparent to customers. It comes in many different flavours vs. roles from providing secure BUT contextual remote access for SaaS, Web apps, virtual apps & desktops, R/A VPN with end-point scanning, microVPN e.g XenMobile apps e.t.c to virtualising your WAN by bonding multiple internet uplinks together through to supporting and monitoring a deployed web service(s) at local, regional, GEO or global scales all the while also providing deep insight and analytics into your organisation see the below video and much much more.
The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.
INFRASTRUCTURE-AS-A-SERVICE – iaas
ACCESS CONTROL LIST – acl
VIRTUAL NETWORKS – vlan
VIRTUAL MACHINE – vm
DEMILITARIZED ZONE – dmz
Infrastructure as a Service (IaaS) enables a tenant i.e you the reader of this blog post to purchase an allocated amount of computing, storage and networking resources from a (Managed) ISP. You then have the capability to assign or carve up these IaaS resources to create your own virtual datacentre (VDC) through a safe, secure web-based management console.
The IaaS management consoles typically will offer and allow the tenant the ability to create there own ACL, VLANs, placement of virtual machines (VM) within your VDC, building VMs from generic templates maintained by the (Managed) ISP and so much more.
The IaaS resources provided by the (Managed) ISP should be fully managed e.g border routers, core switches, hosts and mgmt. infrastructure of the IaaS platform and hosted within a highly-available N+1 data centre so that in the unlikely event of a logical or hardware failure your VDC environment will not be compromised or should automatically failover to onto alternative infrastructure and be rebooted and return to an online and active status within a few minutes.
What is the benefit of IaaS? You don’t have to secure any capital investment to acquire the nesscary hardware to support your existing organisations growth demands or if your a start-up it eases your cash flow requirements as you only pay for the computing, storage and networking resources that you need effectively require month by month.
Today IaaS is also referred to by some as a Software-Defined Data Centre.