A couple of months ago we introduced the concept of adaptive applications that behave more like living organisms than cold bits of code. These are apps that are equipped with application security and delivery technologies that protect and secure all points of vulnerability, expand and contract resources based on performance needs, detect problems, and proactively heal themselves.
There are several key areas that need to be addressed to bring this vision to life, so over the next few weeks we’ll be detailing how F5 is delivering on the vision of adaptive apps for both traditional and modern applications. We define “traditional applications” as those that have a monolithic, client-server, or three-tier architecture. In contrast, “modern applications” are architected as distributed cloud- or container-native services that interact via APIs.
Based on our research, 97 percent of organizations are managing traditional applications, and 76 percent of organizations are managing both traditional and modern applications. This means that not only are traditional applications still the most ubiquitous application architecture today, but also that 21 percent of organizations continue to rely exclusively on traditional applications.
Because they were developed over the last several decades to address the most important IT enablement needs of the business, traditional applications are typically enabling the most mission-critical processes within an organization. Think about mortgage loan processing systems, payment processing engines, hospital electronic health records, first-generation SaaS platforms, retail inventory management systems, and service provider 3G and 4G mobile networks. In addition to the mission-critical role they play and the potential disruption to the business should they stop functioning, such traditional applications are also generally difficult and expensive to change or refactor.
The reality is that many customer engagement front ends, which are commonly designed today using modern architectures, still rely on those traditional applications in the back end. Most of today’s digital experiences are a blend of older applications serving as the systems of record, and modern apps providing systems of engagement. This application logic, traditional and modern, is increasingly distributed across the on-prem data center, the public cloud, and the edge. And all of these elements come together at the end-user’s device or browser as a single digital experience.
One of the biggest opportunities with adaptive applications is retrofitting traditional apps and simplifying their security and delivery for hybrid- and multi-cloud deployments.
Think about it this way. A traditional app may have been developed using programming languages that are no longer widely known, for example Fortran or COBOL. Even if written in a more contemporary programming language, the skillsets and the people who wrote the application may well have retired or moved on, meaning it’s difficult to find experts in that space anymore.
Another factor creating brittleness is that application traffic patterns change over time. The requests going to the application, their frequency, protocols, and the nature of the actual packet itself are all changing. There are also other environmental factors as the various infrastructure elements (for example the network switching and routing and compute or hypervisor technology) surrounding the application also change over time.
Security vulnerabilities and exposures also contribute to this brittleness. Over the past two years, we’ve seen a 300 percent increase in application attacks, and older apps with well-known entry points and vulnerabilities can be easy targets for today’s sophisticated attackers.
Any of those factors could introduce issues that cause the application to either perform sub-optimally or stop performing altogether. It just becomes fragile. Since the application is still doing something critical for the business, it can’t just be decommissioned—and, in many cases, opening up an older application and performing the equivalent of heart surgery on it is not viable either.
To protect an older app and get the most out of it, what’s needed is a flexible wrapper or a scaffolding with application security and delivery technology that can solve for the issues in the application itself.
That's in large part what our customers have often used BIG-IP iRules to do—to fill in gaps and address application issues that arise over time, like retrofitting an old building. By inserting highly programmable application security and delivery technologies in the data path, customers can mitigate issues found in traditional applications. Updating the traditional applications can be time-consuming, costly, and risky but adding an iRule is quick, cheap, and doesn’t require a hard-to-find or over-subscribed application developer.
That scaffolding should also include world-class application security to enable consistent policy and services across all environments, especially as companies move those traditional applications into a public cloud, or even to a multi-cloud deployment.
Wrapping application security and delivery technology around traditional apps provides a layer of protection that is most valuable when it is highly flexible. That flexibility takes the form of programmability and configurability and is what enables traffic steering and policies to prevent certain traffic streams from getting to the application itself. That scaffolding also can take on a number of additional functions—from load balancing and protocol translation (for example HTTP/2 to HTTP/1.1) to security capabilities such as application firewalling, distributed denial of service protection, and bot mitigation.
For maximum operational efficiency, organizations should be evaluating application security and delivery technologies as a suite to drive consistency across on-premises and public cloud. A “best-of-suite” approach becomes even more important to performance as traffic becomes more encrypted. If you separate those functions out across a number of virtual or physical appliances along the application data path, every device in that application data path is going to be unencrypting the traffic, applying some function to it, and then re-encrypting it, which is super inefficient. Standardizing and consolidating your app security and delivery functions into a single solution is not only good for your wallet, it’s also good for your application performance.
When it comes to running traditional applications as effectively and efficiently as possible, automation becomes increasingly important. Automating the application security and delivery functions that surround traditional apps is a great way to reduce the operational cost. You do that through a robust set of declarative APIs that have versioning, so you can continue to evolve your infrastructure environment and further automate away manual tasks. You can further amplify the automation benefits by deploying centralized management solutions such as BIG-IQ. Automation and manageability have been and will continue to be a big focus in BIG-IP and one that will allow your teams to spend their time on more strategic endeavors.
Finally, to make all this work together to its full potential, it's important to invest the time and resources to ensure you're running the latest versions and getting the latest capabilities. You have to make sure you have the highest quality, most secure code, and many of the most advanced value propositions are only accessible on later versions of BIG-IP. If you want to benefit from the shielding around those fragile traditional apps, it’s crucial not to let your application security and delivery technologies become as fragile as the traditional application itself.
* * *
In summary, traditional applications will continue to play a critical role in the application portfolio of most organizations for many years to come. The right application security and delivery technologies can ensure traditional applications continue to perform while also improving operational efficiency. Those application security and delivery technologies should work consistently across on-premises and public cloud environments and be highly programmable and configurable to provide as much flexibility as possible. They should also include advanced security capabilities to protect mission-critical applications against even the most sophisticated attacks. BIG-IP continues to be the preferred application security and delivery technology for traditional applications because it delivers on all of these requirements.
Simplifying traditional app delivery for multi-cloud environments is one of the ways we’re bringing the vision of adaptive applications to life. The full vision requires visibility and analytics from solutions like Beacon, BIG-IQ, and NGINX Controller, combined with the ability to orchestrate actions through BIG-IP and NGINX—all while ensuring the protection of both mission-critical, traditional applications and cloud-native, modern applications. Ultimately this will make your entire application portfolio more adaptive and enable you to secure and deliver extraordinary digital experiences for your end-users.