Fast Food, “Me Too” Technology

By Ken Salchow, Jr.

Nobody seems to be surprised anymore about living in our “Fast Food” culture; we’re all pretty much used to getting drive-through haircuts these days (those of you with hair left), but I’ve noticed a lot more lately that I’m not getting that haircut at the barber.  Why is it that clothes are available at the electronics shop, groceries at the clothing store and DVD’s at the grocery store; when did this happen? I got distracted on my phone the other day while filling up my car and ended up driving away with a new set of patio furniture.  The price was right, and who says impulse buying has to be restricted to candy bars?  Then I got to thinking (the first indication which usually leads to one of these articles) and realized that the technology industry is right there, keeping pace if not leading the charge of this “me too” philosophy.

I used to joke about the CGFC and BTM that I ordered for my Catalyst switch chassis when I worked at Best Buy.  That would be the Coffee Grinding Feature Card and the Bagel Toasting Module for the uninitiated.  You could order a feature card or module for just about everything else, so why not fries with that?  I even tried to turn in a feature request—only to learn that if you put all three power supplies in, the BTM was an undocumented feature and it could at least kept your coffee warm if it didn’t make it for you.  Amazon.com started out selling books and now, I believe, you can buy houses and small third-world countries through them—complete with live 3-D tours.  Since when did everyone become an expert at everything?  And if they aren’t, then maybe we should be a little concerned about what we buy and from whom.

One-Stop Shopping: Why has this happened you ask?  Personally, I think it is because those guys on Wall Street aren’t nearly as good with their math as they pretend to be.  A company can only grow revenue in double-digit percentages quarter-over-quarter for so long before they’ve pretty much exhausted every market they participate in—so they have to go out and “diversify”.  Unfortunately, it also doesn’t take long until the “extra” has little to do with their existing technology and core competencies.  This is what worries me.

What makes my network vendor—the guys who have provided my physical connectivity needs for years—think that they can really provide me with application layer expertise?  Hey, L7 - L3 = 4 layers to climb.  Please remember, we’re talking about people who still mostly rely on a CLI because they’ve never figured out how to write a decent GUI.  Even if they buy the technology—once they try integrating it, they inevitably mess it up.  None of them so far have even been that successful at implementing stateful, packet inspection firewalls and that lies much closer to their expertise than application layer flow-control and security.  Usually, they simply smack a new sticker on front, charge a higher price and call it good.

The same thing goes for my application vendors.  I’d much rather that they spent their time and energy putting out a product with less ”undocumented features” and security flaws than trying to build a module to provide rate-shaping and policy-based routing within the application.  Being a long-time network guy, I can tell you that we’d all be much happier if the development guys quit trying to invent new protocols for every application they write and just stick to making the thing behave nicely on the existing network; and a flow diagram would be nice—I’m still waiting to see one from development; ever; and I’d pass out first if I started holding my breathe. 

Of course, then there is the holy grail of “me too” technology; the cell phone.  Is there anything that someone isn’t trying to get into a handset the size of a matchbook?  I wish these guys would figure out that if it has enough screen real estate to be useful for editing word documents—then it is too cumbersome to work as a phone; and if it is slim and elegant enough to be a great phone—it sucks at everything else.  Until there is some great miracle break-through like a “heads-up display” (HUD) built into my contact lenses—it just doesn’t work for the general market.  Just give me a device that does a few things really well and I’ll learn to deal with multiple devices.

But I digress; the question is—do we get the same value from a “one-stop” shop that we get from vendors who specialize?  Let’s talk about that.

Value-Add: I had LASIK done about two years ago.  At the time, the prices were down to around $500/eye.  I paid $2500/eye.  Why?  Value add, my friend.  I got life-time touch-ups for one—but most importantly, I got an eye surgeon who had done more surgeries in the previous six months than many of the surgeons (in my area) had ever done.  I appreciated the fact that he wouldn’t do both eyes at the same time (having been a HA/Redundancy pundit for years, it made sense to me).  Maybe you want to take chances with your eyes—and it might turn out just fine—but I wanted to do everything I could to improve my chances.  Experience and track-record are intangibles, but they shouldn’t be dismissed as not having value.

I look at technology in the same way (and now without glasses, thank-you).  If we could rely on the network and application vendors to provide even adequate security then why are there so many security vendors around?  Just because you acquire leading-edge technology doesn’t mean you have the experience to maintain and support that product—and the track-record of many of these acquisitions should be the first place you look to; most of them aren’t that good.  Many cutting-edge, promising technologies have been cut down in the prime of their life by acquisition.

I have no problem with companies expanding their addressable market, but it’s not just about having a product—it’s about adding value.  Very few companies have been able to maintain this balance—growing and developing new technology markets that conform to their strengths, but the most successful of them—say Apple, for one—have done it by creating the technology to extend their products, not bolting it onto the side as some sort of science project gone bad. 

I’m sure the networking vendors would agree that they have added value in what they do.  Networking isn’t sufficiently “commoditized” that you should place your network in the hands of a server manufacturer to supply you with switches and routers.  I’m also sure that the application developers believe that commoditized, off-the-shelf software isn’t in your best interest either.  What they don’t want to admit is that this same focus on specialization and value—the reason they have been successful in the past—is the same reason why we shouldn’t be looking to them to solve a problem they don’t understand.

Adding a grocery isle to the gas station doesn’t really make it a grocery store; just a Qwik-E-Mart.

Bring Back Specialization: It’s time to consider that there is more to application delivery than just the network and the application—things which neither one has the competency nor experience to handle.  Gartner thinks so and they are preaching Application Delivery Controllers (ADC) as we speak.  ADCs are intended to be the bridge between the application and the network and provide services for both, specializing in this translation process, if you will; I call it “AppWorking”.

From the network perspective, an ADC should have enough network knowledge to dynamically change network delivery mechanisms depending on the specific application—as well as the unique client system accessing the application (location, device type, network connection type, etc.) and enough application knowledge to know when it is appropriate (content type, server health, etc.).  The network itself doesn’t usually have enough intelligence to say “hey, that’s a mobile browser using a small network connection—I should enable compression and re-segment the data to more efficiently talk to it and, by the way, server number 2 is experiencing database connectivity issues” and the application doesn’t have the ability to change the network on the fly.

From the application perspective, an ADC must have sufficient application knowledge to know when certain requests/traffic should be managed differently based on who they are and what they are trying to access (straight Internet traffic vs. VPN originated) and enough network knowledge to handle it (VLAN tagging, dynamic security, policy routing, etc.).  The application can’t usually know “oh boy, that browser request is using illegal meta-characters and is coming from an un-trusted source—I should make sure there aren’t any Trojans on the client, that it is running AV, a personal firewall and filter the request accordingly” and the network doesn’t know when it is appropriate—on an application-by-application basis—to do so or not.

It takes an intelligence that neither the network guys nor the application guys are capable of truly understanding; and simply buying the technology doesn’t cut it.  They might be useful in purely tactical situations—stop-gap measures—but when you need something strategic, something with value, I think you need to look elsewhere. 

My Advice: I really don’t buy my milk at the gas station (unless it is an emergency) and I hardly ever get my latte there either—I prefer, if not at Starbucks, to at least get my coffee from someplace that doesn’t also sell flammable liquids—although a nice Danish assortment is acceptable.  All this “me too” marketing sure does make life simple and convenient, but when I want something of value—something that lasts—I go to someplace that specializes; someplace that knows something about the product; someplace that has a little more skin in the game than just making another dollar by offering “more”.

I don’t know about you, but I’m going to leave my impulse buying for things a little less important than the livelihood of my business and look into the many other solutions available from credible companies who have demonstrated the experience, knowledge and value in the AppWorking space; the  space that sits uniquely between the traditional application and networking disciplines.

Remember, if it’s a floor-wax, then it’s not a dessert topping.

Ken Salchow has been employed by F5 Networks, Inc. for the past five years where he has served in several capacities, currently as a Product Marketing Manager.  In addition, he is the owner/operator of Binary Forensics, LLC, a boutique computer forensics lab serving the legal community in criminal and civil litigation and Digital Interlopers, LLC, a boutique penetration and testing organization serving small/medium business entities.  He can be reached at k.salchow@f5.com.