Enterprises are moving workloads to the public cloud to gain operational efficiencies and potential cost benefits. Throughout this transition, the network design must ensure that the end-user experience is not limited by the workload’s placement – either on-premises (on-prem) or in the cloud. One of the critical parameters that must be determined is the network architecture, which serves as the throughput or performance capability of transit paths.
As organizations assess which applications are best suited for migration to the cloud, network engineers in various stages of transitioning workloads from on-prem to public cloud providers are discovering that the performance of the network in the public cloud can vary based on network utilization and other factors out of the administrator’s control. For various reasons, the public cloud infrastructure does not have the predictability and visibility that IT admins have become accustomed to with their in-house deployments. The lack of reliable and consistent throughput measurement tools in the public cloud exacerbates this problem. Contrast this with on-prem networks where the test and deployment environment are under the administrator’s control. Commercial devices and tools from many vendors measure various throughput parameters of the deployed network equipment.
There are many types of instance choices with regards to memory and processor core allocations in each of the public clouds. Deciding on the right instance for the use case is a challenging task, made more difficult by the cost implications and support for the type of workloads deployed. These workloads can take the shape of virtual firewalls, as well. When measured on a standalone server under ideal test conditions, the throughput available on the virtual platform is usually not available in the public cloud. This lack of consistent throughput makes the decision on which instance type to choose that much harder. In this highly dynamic environment of a public cloud, what are the steps that a network architect can take to ensure the optimal instance type and device is chosen for designing the network?
In our white paper, “How to Measure Performance of a Virtual Firewall Across Public Clouds,” we explore the six critical parameters needed for measuring a virtual firewall’s performance. Essential among them is an understanding of the virtual firewall’s architecture. Instances with a clear demarcation between the forwarding plane and the control plane should be preferred over others that do not have this control and user plane separation (CUPS).
Juniper Networks’ vSRX Virtual Firewall has unmatched performance per core, allowing cloud architects and development teams to reliably depend on it not to introduce bottlenecks while providing superb protection. When deployed in the public cloud, it offers additional flexibility by utilizing all the available vCPUs and memory in the instance, ensuring maximum efficiency and performance without waste. The vSRX allows for an increase in performance and scale of crucial parameters of measurement as the selected instance type’s capacity increases. The paper covers this and many other topics to guide how to measure the throughput of virtual firewalls/instances in public cloud environments.
Download and read the white paper today to learn how you can make the most of your public cloud deployments: https://www.juniper.net/assets/us/en/local/pdf/whitepapers/2000755-en.pdf.
