ClusterFunk

I was recently in a meeting with Sun Microsystems and Zeus, ioko hosted the meeting to discuss the innovative solutions ioko are building for their customers using their products specifically relating to the use of public & private cloud platforms.

ioko is vendor agnostic picking the appropriate technology based on technical and business requirements of the client. ioko is filled with highly motivated passionate IT people who love nothing more that to argue the toss about the esoteric differences between competing technologies such as Sun Ray v Terminal Server OR VMware VDI v Citrix XenApp – The cold winter evening just fly by  

anyway…..

I love ZXTMs they have provided the answer to some very difficult and complex problem time after time and I never cease to be amazed. ZXTM 51r1 was recently release and I am currently deploying ZXTMs into a local government environment and am reminded of the qualities of the ZXTMs hence this review. Hope you enjoy it.

Why are they so cool …

Flexibility

Hands up if your layer 7 device can run as a VM?

Is available as a physical appliance?

As a virtual appliance that you can download from VMware?

Doesn’t cost you anymore money when you migrate from the shonkey 100Mb old beige server to you shiny new 10G dynamic IT blade infrastructure?

Is free for your dev* purposes?

I thought not

Software solution

I was reading an article recently from a hardware load balance appliance manufactory about how “virtual environments need physical load balancers” to manage the traffic. I could not disagree more. The whole concept of virtualisation is to abstract the hosts from the physical hardware to facilitate dynamic IT solutions that are not constrained by any one physical device within the solution.

Virtual Switches (Cisco Nexus), Virtual Firewalls (Checkpoint VSX), Virtual IPS (StoneGate Virtual IPS), Virtual OS (Pick you’re favourite hypervisor )  and physical load balancers? No thanks.

VM environments are frequently adopted due to there ability to migrate between physical hardware and in the case of several of the environments that ioko have deployed, be able to migrate between data centres (across regional and geographic boundaries). If you rely on physical appliances to provided load balancing then you are either constrained by the fact that they are located in one DC only or you are forced to buy multiple units and more than likely have them wasted at the location that is not currently live. This is contrary to the objective of virtualisation and dynamic IT, namely improving utilisation and lowering TOC.

ZXTM is software, it works in harmony with your virtual environment and just like other virtual machines (ESX VMotion) can be migrated between physical hardware as required. Gartner highlights that Zeus “Early relationship with VMware gave Zeus a good understanding of dynamic data centres’ challenges and opportunities.” and that Zeus / ZXTM …

• Highly scalable clustering via software and off-the-shelf hardware.
• Broadening technology base and vision, including programmability via Java extensions.
• A strong management team of industry veterans, added during the past 12 months, lends credibility.

Full report here

Configurability

OK so if you can think it, you can configure ZXTMs to do it.

While working on a innovative TV Broadcast / online show tie-in, we needed to deliver metadata to a flash application 30 or 40 times a minutes for each user/viewer.

This was a very time sensitive application and caused no end of problems trying to deliver the metadata with traditional web servers. The application than generated the metadata created an XML document which needed to be distributed to the web servers to server to the users. This publishing was to slow and also hampered cache configuration in clients browsers. 

Along comes Traffic Script. Simply expose a soap call to write the content into a traffic script rule that actually builds the xml in response to the client request.

I am constantly amazed at the tasks that ZXTMs can be put to here are some more examples

Prevent accidental or deliberate leaking of information

Detect SQL Inject attacks against your web apps

Generate dynamic content on the fly

Stop certain IP ranges accessing your site OR Countries / Geographic Locations

Send SMS messages to notify on any given event

Integrate with VMware ESX to manage dynamic IT provisioning

More clever stuff than you can shake a stick at  …. you get the point

Consider the following scenario…

You have a website that is accessible by the internal users and also publicly accessible. You want to force certain parts of the site to be SSL but its a SharePoint implementation that has a large amount of dynamic content so you cant be sure of the specific URL only parts of the path e.g. ./securethis/* and ./editorsection/*

This kind of task is mere child’s play with  ZXTM Traffic script.

$url = http.getRawURL();
$host = http.getHeader ( "Host");

if( string.regexmatch( $url, "^/securethis/(.*)$" ) ) {
    http.sendResponse( "301 Moved Permanently", "text/html", "", "Location:
https://".$host . $url);
}

Try to do this with ISA Server, take it from me its not happening   OR look at rival hardware based appliances and you need to be a serious developer to do the simplest of tasks.

For more on Traffic Script Zeus have an excellent introduction here:  
http://www.zeus.com/products/zxtm/manage/trafficscript.html

Overview of ZXTM Traffic Inspection Capabilities

© 2009 Zeus Technology Ltd

“

TrafficScript can inspect and control any TCP or UDP traffic. Based on inspection decisions, you can control:

• Which server(s) should process the request?
• How should the request or response be rewritten (if desired)?
• Should the request be retried if it fails?
• What sort of session persistence should be used for this request?
• How much bandwidth should the request and response use?
• Should the HTTP Content Cache be used?
• Should the response be compressed?
• How many of this type of request should be admitted per second (or per minute)?
• How should the performance be monitored (using SLM)?
• What information about the transaction should be logged?

What can I do with it?

The power of TrafficScript comes from the fact that it’s a full programming language, so there’s a huge amount of potential and flexibility.

Scalability

ZXTM is a software product that maintains configuration with other ZXTM’s in a “cluster” via a multicast communications on subnet assigned to the ZXTM console. This has following significant benefits

1) Setting up a clustered ZXTM deployment is simplicity itself.

A four step wizard requiring a tick of a box and the supply of a password. 

2) Shared state table

“IF” a ZXTM fails its partners detect the failure and take ownership of any Traffic IPs (Virtual IPs) and maintain tcp/ip connections established by the failed ZXTM (with the exception of SSL connections).

3) shared config

All configuration is automatically replicated to all cluster nodes

4) Very rapid deployment

A ZXTM can be deployed into a cluster in a little over 15 minutes is you have to do the process manually via SSH with SFTP to upload the binary. That is to say 9am two ZXTMs in you cluster … 9:15am Three ZXTMs in your cluster fully configured and handling traffic.

Performance

I have implemented ZXTM configuration in front of some very large public web solutions and I am constantly amazed by the performance that the ZXTMs achieve

I think I have mentioned in previous post these figures but its worth covering again:

Pair of HP DL360 G5 8GB RAM, 1Gb NICs (in active passive config).

4000 concurrent connections to a video rich site. CPU utilisation 1% memory utilisation 500Mb of the 8GB available.

Another application (same hardware spec):

1.2 Million transactions per minute /

72 million transactions per hour (including in excess of 350 SSL terminations per second) sustained 750Mbps. Through a single HP DL360G5 

The UKs largest broadcasters uses Zeus ZXTMs in front of the home page. I can tell you that is a significant load. Interestingly ZXTMs deliver F1 web content to the internet for the largest public and commercial broadcasters in the UK!

Again you can get your hands on the free *  dev licence here!

Have a look. If you are responsible for delivering innovative highly available web based solutions ZXTMs are the best use of your precious budget in this challenging economic climate. The bang for buck is about as good as it gets!