All White Papers

White Paper

Distributing Applications for Disaster Planning and Availability

Updated October 02, 2017

Introduction

Natural disasters, DDoS attacks, and application infrastructure failures often lead to site outages—and these can lead to lost revenue, diminished customer satisfaction, and reduced user productivity.

Few organizations have the foresight to prepare for disaster by building data centers in a variety of locations. More often, organizations opt for regional secondary physical data centers, setting up their secondary sites in an active-standby configuration with a manual recovery process. Others leverage the cloud to provide a virtual, on-demand data center.

Both options can be costly, error prone, and slow if deployed haphazardly. When they're most needed, these secondary data centers can experience broken transactions between data centers; cause customer dissatisfaction with user-facing applications; and incur downtime costs that severely disrupt business and decrease profitability.

However, creating secondary data centers as part of a complete application delivery solution doesn't have to be difficult or complicated. F5 -IP DNS can holistically manage data center applications and user access in an active-active configuration across multiple sites.

Keeping Your Data Center Healthy

Application availability is vital when dealing with disaster recovery. Maintaining applications in multiple data centers can cause a whole host of issues: keeping the applications in sync, managing user connections to those applications, and ensuring everything is up and running. The challenges of this approach include:

  • Lack of visibility into data center and application health. How do you gauge the health of the data center and application?
  • Sub-optimal user experience. When organizations deliver applications, how do they handle broken sessions, retrieve lost data, and secure personal information?
  • Maintenance overhead. Too often, organizations have no choice but to shut down the entire data center to perform upgrades, and site-to-site data replication across the WAN can eat up valuable time. If you're an e-commerce site, can you afford the lost revenue?
  • DNS management and security. Domain Name System (DNS) is possibly the most critical and pervasive networking technology used by businesses, yet it continues to be one of the most vulnerable. What happens when DNS management errors break your entire application infrastructure? BIND versions are more susceptible to attacks and are difficult to upgrade without the proper management tools. New security threats such as zone file tampering, protocol tunneling, DNS pharming, DoS, and SYN floods are constantly emerging. Unfortunately, DNS is often misunderstood and mismanaged within the enterprise, which can lead to configuration and architecture errors that expose vulnerable points in the network.

Disaster Recovery Management

Planning for a disaster while keeping applications up and running across sites can easily turn into a perpetual loop of fixing broken transactions, maintaining user satisfaction, and juggling downtime. Using a manual process to solve these challenges can be costly and error prone, disrupting business and decreasing profitability.

Organizations need a solution that enables them to solve these challenges by providing:

  • Superior application availability and performance.
  • Reduced management overhead.
  • Improved operational efficiency.

The ultimate solution would give organizations an intelligent way to manage data centers and applications under any condition or circumstance. It would be able to detect data center and application health—including internal and external web services—from a single management platform. In the event of a problem, this solution would automatically and transparently reroute users to the appropriate location, while maintaining application and service availability.

Maintaining application availability between sites and during a disaster (or even during peak loads) is not simply a matter of relying on ping, and keeping DNS records updated. It requires a much more in-depth architecture, as well as an application delivery architecture that can provide the following:

  • Holistic application monitoring. It's not enough to check whether the application is up or down. The solution's application monitoring should include checking the application and factoring in all dependencies. Automating the failover process eliminates management overhead, minimizes costly downtime, and removes the guesswork involved in tracking interdependencies.
  • Service management and maintenance. By following good management guidelines, the solution should be able to intelligently track and manage dependencies in a multisite application infrastructure. The most helpful management tool would facilitate the identification and monitoring of the application infrastructure dependencies from a single location for at-a-glance operational efficiency.
  • User client continuity. The solution should be able to direct users to the appropriate data center based on the state of the data center, the application, any web service dependencies, and user-based information such as location and credentials. Tracking the application state based on user continuity and application monitoring is essential to ensuring that the right content is delivered to users, without broken sessions or lost data.
  • DNS management. The best solution should make managing DNS simple and error-free, because one minor configuration error can bring down an entire application infrastructure. Simple fixes to this problematic scenario include an easy-to-use user interface, DNS error checking, and automatic reverse lookups.
  • Security. Organizations need a holistic and integrated approach to securing the network and applications against potential threats and attacks.

Disaster Preparedness with BIG-IP Technologies

The BIG-IP family of Application Delivery Controller (ADC) devices provides high availability, maximum performance, and centralized management for applications running across multiple data centers. Built on F5's unified, modular, and scalable TMOS architecture, BIG-IP ADC devices ensure maximum availability by managing and distributing user application requests and application traffic according to business policies, as well as data center, network, application, and web service conditions.

BIG-IP DNS

BIG-IP DNS is the cornerstone of distributing applications across multiple data centers. Beyond basic DNS, BIG-IP DNS provides granular application delivery management as users and apps move between data centers under normal or adverse circumstances.

Holistic health monitoring

Acting as the global application traffic cop, BIG-IP DNS checks the health of the entire application infrastructure across all data centers, eliminating single points of failure and routing traffic away from poorly performing sites. By collecting performance and availability metrics from data centers (through BIG-IP Local Traffic Manager), ISP connections, servers, caches, and even user content, BIG-IP DNS ensures high availability and adequate capacity.

Application-centric monitoring

Today's applications are highly sophisticated, and require intelligent health checking to determine their stability and availability. Instead of relying on a single health check, BIG-IP DNS aggregates multiple application monitors so state can be verified across many levels. This results in higher availability, improved reliability, and the elimination of false positives, which reduces management overhead.

BIG-IP DNS provides pre-defined, out-of-the-box health monitoring support for more than 18 different applications, including SAP, Oracle, LDAP, mySQL, and more. BIG-IP DNS performs targeted monitoring of these applications—and any application where a custom monitoring profile is attached—to accurately determine health, reduce downtime, and improve the user experience.

BIG-IP DNS tracks the health of applications that are dependent on one another, and marks all related objects down if the health check of one object in that group fails. For example, if the SharePoint web service is up and answering requests, but it can't access the SharePoint data store, BIG-IP DNS marks the SharePoint web service as down and unavailable because it can't access data— even though the web service is actually up. This enables you to align and monitor application objects according to business logic and profitability, build scalable traffic distribution policies, and better manage application dependencies.

In the event of a disaster, or when any application is moved from one data center to another, BIG-IP DNS applies this deep application monitoring to determine which data center should handle specific user requests. As apps become more diversified between multiple data centers and the cloud, the ability to correlate all application tiers into one management and distribution system will become critical.

Client continuity

To deliver a superior user experience, BIG-IP DNS not only monitors applications—it also tracks user state as users make requests to applications within the data center. Users can persist across applications and multiple data centers, and be transparently routed to the appropriate data center or server based on application and user state. If a user begins a session with an application in one data center, and that application is moved to another data center, session integrity is always maintained: there are no broken sessions, or lost or corrupted data. Organizations gain improved infrastructure scalability, better TCO, and reduced support calls by relying on BIG-IP DNS to manage user access to applications across multiple data centers.

DNS Management and Security

BIG-IP DNS is a global DNS solution providing name services at the very edge of the application delivery network. By employing geographic location services, BIG-IP DNS can direct users to the best application delivery data center based on their physical location. Working in concert within the data center, BIG-IP Local Traffic Manager (LTM) can load balance local and recursive DNS services, creating a fault-tolerant architecture from the mobile edge through to the application. BIG-IP DNS also creates a more secure DNS environment by providing protection against DNS-based attacks and by supporting DNSSEC.

Figure 1: BIG-IP DNS detects availability and performance problems across data centers to automatically reroute user application requests to the best-performing site.

Long distance vMotion

A relatively new addition to the disaster recovery data center landscape is the virtual machine. Virtualization and virtual machines have become a staple in the enterprise data center, but only recently has it become feasible to use fully packaged virtual machines for disaster recovery. With tools such as VMware's vMotion technology, local fault-tolerance in the data center has become trivial: if a piece of hardware fails, the virtual machines running on that hardware can be restored on functioning hardware. However, this technology is currently limited to the local data center.

With a combination of BIG-IP products—BIG-IP Local Traffic Manager (LTM), DNS, and iSessions running in a local data center—applications can now easily be replicated to other data centers anywhere in the world over public WAN links, including to a cloud provider. By using BIG-IP LTM and iSessions to link multiple data centers together to optimize both the connection link and the data that flows over that connection, applications and data running in virtual machines can be easily migrated to multiple data centers. In the event of a disaster or other real-time need to move virtual machines, BIG-IP DNS and LTM work together to maintain user connectivity between data centers during the migration.

Conclusion

With the BIG-IP LTM and BIG-IP DNS, F5 provides a proven solution for managing disaster recovery, site failover, and business continuity. In addition to performing comprehensive site availability checks with BIG-IP DNS, the solution can optimize application data to maintain service levels between data centers, and with user-based connectivity. BIG-IP products provide transparent delivery of applications and Web services across multiple sites, ensure global business continuity and application availability, and increase customer satisfaction by directing users to the best site on a global basis. Working as a single integrated solution, BIG-IP products also reduce management overhead by providing a holistic view into application and data center health across the entire distributed network.

Whether you are building a true disaster recovery architecture, designing multiple distributed-load data centers, or moving some application services into the cloud, BIG-IP DNS or LTM provide the application delivery management you need to keep applications secure, fast, and available. Whether during a disaster or in the normal course of enterprise IT operations, applications maintain user visibility, and keep your business running.