Brocade Virtual Traffic Manager with Azure Key Vault
This week we bring you another partner blog. Today we will talk about Brocade's Application Delivery Controller product, Brocade virtual Traffic Manager (vTM). We have been working with this team since the very early stages of Key Vault development and their partnership has been valuable in providing early feedback to shape Key Vault’s features. We invited Nick Vale from Brocade’s product marketing to introduce Brocade virtual Traffic Manager and also share Brocade’s experience partnering with Microsoft. Below, Nick gives a quick overview of ADC and then shows how easy it is to use the wizard to configure virtual Traffic Manager to use keys stored in Azure Key Vault for SSL Offload. At the end Nick answers a few more questions that provide additional background information and contact details.
For those new to Application Delivery Controller, ADC is a network software/device that helps offload common tasks performed by web sites to remove load from the web servers.
Brocade recently purchased the vADC (formerly SteelApp) product family from Riverbed Technology and the suite of products includes a fully featured layer 7 software Application Delivery Controller and Web Application Firewall. The ADC, called the Brocade virtual Traffic Manager (Brocade vTM) will soon be available in Azure Marketplace (The Riverbed VHD can still be used in the short term).
The Brocade vTM, like any high spec ADC, can help ensure that Applications and services remain available and provide a good user experience whatever the level of application traffic being generated by the end users. Features like intelligent load balancing, Global Load Balancing, content caching , content compression and bandwidth management are just a few of the features available to help create traffic polices customised to each application. With the options of scripting and Java App integration you can develop very sophisticated application control and management. The Brocade vTM software form factor also means that you can deploy it in any IT environment, from cloud to hybrid, physical and virtual data centers.
Available in a wide variety of throughput and feature combinations it’s easy to find the right version that meets your needs. The VHD itself can act as a ‘Developer’ version, with full functionality but limited throughput so you can decide on the features required as you build out your infrastructure, before buying that license from a Brocade Partner. Once you have your License Key, there are detailed instructions on how to complete the deployment in the Cloud Getting Started Guide available here.
Integration with Key Vault
Another feature that is widely used is SSL Offload where ADCs and Load Balancers handle the SSL decryption (and re-encryption where required) rather than the back end servers, to reduce the workload on those servers and simplify key management.
The virtual Traffic Manager –Enterprise Edition, from version 10.0r1 onwards, has been integrated with the Azure Key Vault via the REST API. Using the Microsoft Azure Key Vault Wizard in the vTM GUI it’s straight forward to connect the Traffic Manager to the Key Vault. Detailed Instructions in the User Manual provide a step-by-step guide and also a list of the information you need. Once you have that data to hand, its 5 easy steps to complete the set-up.
Once the Traffic Manager has been configured to use the Key Vault, it can use the Key Vault to store keys, create new keys and certificates within the Key Vault, or to import existing keys into the Key Vault.
It can access the stored keys as required by the application and the traffic management policies created for each application. The vTM can also be requested to verify incoming keys via the Key Vault, for additional checks against man-in-the-middle attacks.
One of the key benefits of deploying an application in the cloud is to improve App performance and availability by exploiting the flexibility that cloud can bring when scaling the App infrastructure up or down to meet traffic volumes, locally or globally. Using the Hardware Security Module (HSM) in your own data center to store keys required by your cloud based Apps could give you latency issues. If you combine the performance benefits the Traffic Manager can bring to your Apps with the co-location of the keys your application uses in the local Key Vault you will provide a better user experience, whilst maintaining compliance requirements – Key Vault uses FIPS 140-2 Level 2 validated HSMs and using a separate add-on license module the Traffic Manager is validated to FIPS 140-2 Level 1.
If you have applications spread across different infrastructures (cloud, physical, virtual, hybrid) then you can deploy Virtual Traffic Manager as an integral part of your App infrastructure, integrating with the relevant key management solution which will reduce management time, configuration issues and improve App reliability.
We had a quick chat with Nick Vale (SteelApp Product Marketing) to learn more about Virtual Traffic Manager
Dan: Tell us more about vTM.
Nick: The vADC Family is now part of the Brocade Software Division. Whilst Brocade has its HQ in San Jose, California most of the SteelApp engineering team are based in Cambridge in the United Kingdom and the integration work was carried out there. The overall project was over-seen by Julian Midgley, Director, Software Engineering.Founded 20 years ago as Zeus Technology, the SteelApp team has grown considerably over the years. Many Enterprise customers now use SteelApp software to support a wide variety of services and applications across all verticals.
Dan: Tell us about your experience working with Microsoft to integrate Key Vault with vTM
Nick: As it’s always been a software product, vADC has been developed to integrate easily with other products and solutions to extend its functionality and feature set. Working with the Microsoft team was straight forward. It was definitely a joint effort, with both teams working together to develop a solution that delivers an easy to use solution that addresses a real customer need that will deliver a safer more secure user experience for the end user. vADC works with an Agile development model and Microsoft were able to support that process.
Dan: There will links for further information, but besides that how can people get in touch with you for more information?
Nick: You can download the Virtual Traffic Manager VHD from the Azure Marketplace for free in Developer mode (Azure costs will still be incurred) which lets you use all the features available but with limited throughput – note that it is still Riverbed branded but it will move over to Brocade soon. Once you have deployed the VHD, you can use a 30 day evaluation License Key which gives you all the functionality and unlimited throughput to complete your evaluation and infrastructure development.
Nick Vale, vADC Product Marketing, works with vADC Cloud partners – email@example.com or you can contact Brocade sales on (North America) : 1-888-BROCADE or (International): 1-408-333-4300