App services. Whether we refer to them as SDAS (Software-defined Application Services) or just plain old app services, we're referring to pretty much the same thing: those services that sit between apps and their users (whether they be people, things, or other apps) and ensure the security, availability, and speedy exchange of data.
These are the “network services” that reside at layers 4-7; the stateful services that exist in every data center, whether they’re acknowledged or not.
These are the services F5 takes very seriously, and strives to deliver via its hardware, virtual, and cloud-based platforms.
But not everyone does. Often described as “load balancing, WAN optimization and stuff”, app services rarely get the attention they deserve given their role in the critical path that delivers apps to users every single second of the day. That’s why we started asking questions about them no one else does. What are you using? What do you plan to use? Where do you want to deploy them? How do you want to deliver them?
The result last year was the first State of Application Delivery report, which we’re happily following up on this year (and plan to continue following up on annually). By digging into the application services landscape we can glean insights not only about the app services, themselves, but about the plans and concerns organizations across the globe have with respect to emerging architectures, approaches, technologies, and trends.
For example, when we look at the fastest growing app services for 2016 - the ones organizations plan on deploying this year – we can see that organizations are focused on addressing concerns related to the dominance of hybrid cloud across all industries.
ID Federation (26%) and SSO (24%) as well as GSLB (24%) are all app services critical to addressing key security and productivity concerns related to hybrid cloud of both IT professionals in the C-Suite and in the trenches. After all, identity federation is the primary means of ensuing governance over increasingly business-critical SaaS applications, ensuring access is based on corporate identities and responsibilities, not user-identified ones. And SSO (single-sign on), too, has a significant role to play in ensuring that applications spread across multiple environments (hybrid cloud) do not impede the productivity of corporate users by imposing constraints related to managing (and remembering) fifteen different password.
Even the data regarding the current landscape tells us what CIOs and business is focusing on. Of the top 5 app services currently deployed, 4 of them are focused on security; security of the network, of communications, and of data. The fifth? Load balancing (availability), of course. Because security without scale is like a piano without keys.
Never heard that simile before, have you?
And just as we can draw conclusions about trends, technologies, and concerns from the app services deployed today, we can also understand why so many roles across organizational IT silos put such importance on features like APIs and smart templates. It turns out that the average enterprise currently has eleven different app services deployed, many of which are chained together to deliver, secure, and optimize each and every application. The majority of organizations employ ten or more of the twenty-four services we asked about. And a non-trivial 30% are using each and every service they can to provide security, availability, mobility, performance, and access control for applications across their data center. Those that aren’t might be next year, as 25% are planning on deploying 4 or more security services in 2016 along with 55% that say they’re deploying at least one availability service.
The conclusion? All app services – not just the three you see mentioned as an afterthought when L4-7 comes up – are employed by organizations to provide capabilities critical to applications and the business.
Their importance is probably best understood in the context of one of my favorite questions in the survey, that focusing on what respondents would give up if it made their networks more secure. Considering the number of high-profile breaches in the past year (not to mention past ten years) and the significantly negative impact these breaches have on organizations’ reputations and ability to do business, organizations would have to value services pretty highly to say “no, I won’t give that up even if it makes my network more secure.”
So which services were that important?
A mere 7% would give up availability. Only 10% would give up performance. A quarter (25%) would rather give up manageability of infrastructure instead of these two app services.
That says something about how important they are to not only delivering apps, but the success and security of those apps to the business that relies on them.
For more details on app services, as well as cloud, security, and SDN/Devops, don’t forget to check out the complete report, available here at f5.com/SOAD.