Welcome!

Blog Feed Post

Clash of Ops: How Security turns Stateless into Stateful

stateful-networking-explained

It was a Monday. I was reading the Internet. Okay, I was skimming feeds. Anyway, I happened across a title that intrigued me, “Stateful Apps and Containers: Squaring the Circle.” It had all the right buzzwords (containers) and mentioned state, a topic near and dear to this application networking-oriented gal, so I happily clicked on through.

Turns out that Stateful Apps are not Stateful Apps. Seriously.

To be fair, I should really say that when a devops guy talks about ‘stateful apps’ it is not the same thing as when a netops gal uses the term ‘stateful apps.’  That’s because the devops guy is referring to persistent data storage for applications. File systems, databases, etc… When a netops gal talks about stateful apps, they’re talking about the unique characteristics that identify existing TCP connections between two systems, like a client and an app. Devops thinks in terms of app data, netops about network data.

Devops and netops speak different languages that use the same word to mean different things. It’s like English. No big deal.

The thing is that this may seem like a minor issue to be worried about. But then I got thinking about emerging application architectures like microservices and the dominance of APIs and the urgency with which everyone is moving to secure HTTP traffic. And I realized that actually, it is a pretty big deal, because it’s a clash of ops. While devops is over there, building stateless architectures based on the newest theories and principles of scalability, we’re requiring security that basically negates many of the benefits we might have seen.

That’s because the nature of public key cryptography requires state in the network.

Here Comes the (Computer) Science

Public key infrastructure (PKI) is based on a fairly simple premise that information is exchanged between two endpoints (client and app) that is unique to that connection. That means any subsequent exchanges have to be made between the two endpoints that established that connection.

That’s stateful networking.

Even if your entire architecture is based on stateless microservices, once you add security (SSL/TLS), it’s stateful. Whamo! Just like that. And that impacts scale. Because now you’ve got to figure out how best to distribute traffic based on how loaded any given instance of that app might be.

And you probably don’t want to be renegotiating secure sessions for every, single, interaction. You don’t. I don’t care how much faster HTTP/2 is, or how much better ECC is over previous generations of cryptography (spoiler: quite a bit better), there is still significant latency by the process of negotiating that connection. There’s the overhead of establishing the underlying TCP session and then the security negotiations. That adds latency thanks to all those round trips back and forth, which means slower application response times. Especially on mobile devices.

So what? You might say. It’s measured in milliseconds, that can’t possibly impact the application experience.

But it does. Milliseconds matter, especially today, when digital natives who’ve never experienced what 2800bps feels like want their apps to respond instantaneously, with LAN-like performance.

What that means is that adding that layer of security (which is – or should be – a requirement) effectively turns your elegant, stateless architecture into a stateful one.

This is why architecture matters. Because it’s no longer a matter of throwing a load balancer in front of those services and picking an algorithm, it’s about extending the app architecture into the network, upstream, and understanding the advantages of terminating that security before it gets all that “state” in your “stateless” architecture. If the load balancer (or ADC if you prefer) is terminating SSL/TLS, then it has to manage the negotiation, and the back and forth with clients. That means it’s free (if it’s a modern proxy-based solution) to interact in with services in the back-end the way dev intended: statelessly.

stateful-stateless-arch

The thing to be aware of is that when app architectures and network architectures meet, they can often clash and effectively negate all the goodness intended by the new app architecture in the first place. DevOps is as much about communication between groups as it is automating the processes between them. That means understanding the impact of the network on apps, and vice versa and agreeing on an architecture that preserves the best characteristics of the app architecture without sacrificing network speed or security.

Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.

Latest Stories
SYS-CON Events announced today that SD Times | BZ Media has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. BZ Media LLC is a high-tech media company that produces technical conferences and expositions, and publishes a magazine, newsletters and websites in the software development, SharePoint, mobile development and commercial UAV markets.
Have you ever noticed how some IT people seem to lead successful, rewarding, and satisfying lives and careers, while others struggle? IT author and speaker Don Crawley uncovered the five principles that successful IT people use to build satisfying lives and careers and he shares them in this fast-paced, thought-provoking webinar. You'll learn the importance of striking a balance with technical skills and people skills, challenge your pre-existing ideas about IT customer service, and gain new in...
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
SYS-CON Events announced today that Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. The company co-innovates with customers and partners to deliver automated, scalable and secure network...
Historically, some banking activities such as trading have been relying heavily on analytics and cutting edge algorithmic tools. The coming of age of powerful data analytics solutions combined with the development of intelligent algorithms have created new opportunities for financial institutions. In his session at 20th Cloud Expo, Sebastien Meunier, Head of Digital for North America at Chappuis Halder & Co., will discuss how these tools can be leveraged to develop a lasting competitive advanta...
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
What if you could build a web application that could support true web-scale traffic without having to ever provision or manage a single server? Sounds magical, and it is! In his session at 20th Cloud Expo, Chris Munns, Senior Developer Advocate for Serverless Applications at Amazon Web Services, will show how to build a serverless website that scales automatically using services like AWS Lambda, Amazon API Gateway, and Amazon S3. We will review several frameworks that can help you build serverle...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership abi...