advertisement

F5 Synthesis Toronto February 2014 Roadshow

50 %
50 %
advertisement
Information about F5 Synthesis Toronto February 2014 Roadshow
Technology

Published on March 9, 2014

Author: patmisasi

Source: slideshare.net

Description

February 2014 Update on F5 Synthesis Program, delivered by Pat Fiorino in Toronto at the Hockey Hall of Fame. Prepared for IT decision- makers and administrators.
advertisement

F5 Synthesis Information Session February, 2014

Agenda • Welcome and Introduction to Customer Technology Challenges • Software Defined Application Services • Reference Architectures for Today’s Customer Challenges • Total Cost of Ownership and New Business Models • Multi-network Environment and Partner Ecosystem • Making it Happen with Global Services • Q&A

Advanced threats SDDC/Cloud Mobility © F5 Networks, Inc “Software defined” everything Internet of Things HTTP is the new TCP 3

Impact on Data Center Architecture: Applications MICRO-ARCHITECTURES API DOMINANCE Each service is isolated and requires its own: • Load balancing • Authentication / authorization • Security • Layer 7 Services • May be API-based, expanding services required APIProxies are used in emerging API-centric architectures for: • API versioning • Client-based steering • API Load balancing • Metering & billing • API key management More applications need services More intelligence needed in services API v1 Service A Service C Service B © F5 Networks, Inc Service D API v2 4

Impact on Data Center Architecture: Network SOLUTION SPRAWL OPERATIONAL INCONSISTENCY Increasing threats and client platforms result in need for: • Mobile device management • Mobile access management • Mobile security • DDoS • Application layer threats • Malware offIntroduction of off-premise cloud solutions without architectural parity results in: • Inconsistent enforcement of business and operational policies • Unpredictable application performance and security • Increased OpEx as new management paradigms are introduced SaaS © F5 Networks, Inc 5

SDN Division of Labor Architect © F5 Networks, Inc Foreman Workers 6

Components of SDN Controller SDN Applications / Mgmt “I manage switches, and tell them how to connect to each other” “I can use feedback to make adjustments to the blueprint as I see fit” “I take orders, and route packets accordingly” “I also collect and manage state, and can report back to the architect.” “I define the blueprint for what the network should look like to achieve some goal” “I can also report back info to the foreman” API API Architect © F5 Networks, Inc Switches Foreman (REST, OpenFlow) Workers 7

Core Benefits • Automation & orchestration • Repeatability, speed • Less risk (avoid human error) • Reduced operating cost • Compliance • Agility • Faster app lifecycles and transient usage (dev/test) • Security • Network isolation • Resource Utilization • Dynamic allocation of resources © F5 Networks, Inc 8

Who are the Players? SDN Applications / Mgmt Controller • VMware NSX • VMware NSX • Cisco/Insieme Switches • Cisco Nexus 9300/9500 • Cisco/Insieme APIC • NSX vSwitch (OVS) • OpenStack • Arista • Smaller Startups • Smaller Startups Anunta Networks • BigSwitch • PlumGRID Controller • Smaller Startups / Whitebox Architect © F5 Networks, Inc Foreman • Pluribus • • PlumGRID Workers 9

Application SDN: L4-7 • L2-3 is just “plumbing” • Dynamic L2-3 == easy, generally solved • Dynamic L4-7: Application SDN • Fundamentally harder! • No good solution today

Deliver the most secure, fast, and reliable applications to anyone anywhere at any time. © F5 Networks, Inc 11

Driving Efficiency into Application Development Agile Development & Development & Operation (DevOps) • In the past 5 years we’ve seen the push to Agile Development. • Focused on speed and customer driven application solutions. • Drove more efficient application development • Agile wasn’t focused on rapid deployment of those applications • This gap was closed by many by either deploying their applications on the cloud and/or evolving their development and IT organizations with the creation of DevOps • DevOps describes what has also been called “agile system administration” or “agile operations” joined together with the values of agile collaboration between development and operations staff. • The goal of DevOps was simply to getting applications deployed quicker. © F5 Networks, Inc code release 12

Application Environment Agile Development Speed, customerdriven, and quality of app development Rapid deployment─ network and operations velocity © F5 Networks, Inc 13

Application Environment Agile Development Cloud and DevOps Speed, customerdriven, and quality of app development Accelerate time to market Rapid deployment─ network and operations velocity Cloud SLA, security and control private network agility © F5 Networks, Inc 14

Application Environment Agile Development Cloud and DevOps SDN and Private Cloud Speed, customerdriven, and quality of app development Accelerate time to market Software defined data centers Failed to Address: Rapid deployment─ network and operations velocity © F5 Networks, Inc Cloud SLA and control private network agility L4– L4–7 device sprawl and application fluency 15

The Time Is Right F5 VISION Agile Development Cloud and DevOps SDN and Private Cloud Speed, customerdriven, and quality of app development Accelerate time to market Software Defined Data Centers Applications without constraints Failed to Address: Rapid deployment─ network and operations velocity © F5 Networks, Inc Cloud SLA and control private network agility L4– L4–7 device sprawl and application fluency 16

“Leave No Application Behind”

1000 Average number of applications deployed within an enterprise DDoS © F5 Networks, Inc WAF SSL Acceleration LTE Applications require services 18

The selected few © F5 Networks, Inc 19

ADC © F5 Networks, Inc ADC ADC ADC ADC ADC 20

High-Performance Fabric BIG-IP © F5 Networks, Inc BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP 21

© F5 Networks, Inc Inc. 22

The 4th Phase of the Evolution 4 3 2 1 © F5 Networks, Inc Inc. Software Defined Application Services Cloud Ready Broadened Application Services Application Delivery Controller 23

Software Defined Application Services Elements HighHigh-Performance Services Fabric Simplified Business Models © F5 Networks, Inc 24

Software Defined Application Services Elements HighHigh-Performance Services Fabric © F5 Networks, Inc 25

High-Performance Services Fabric Virtual Edition Network Appliance Chassis [Physical • Overlay • SDN]

High-Performance Services Fabric On-Demand Scaling All-Active Clustering Multi-Tenancy TMOS TMOS TMOS ScaleN Network [Physical • Overlay • SDN] TMOS

High-Performance Services Fabric Throughput *40K when combining admin instances with vCMP Connections per second Network Concurrent connections Multi-tenant instances per device [Physical • Overlay • SDN] Device service clusters

High-Performance Services Fabric Programmability Data Plane Virtual Edition Network Control Plane Appliance Management Plane Chassis [Physical • Overlay • SDN]

High-Performance Services Fabric Programmability Data Plane Virtual Edition Network Control Plane Appliance Management Plane Chassis [Physical • Overlay • SDN]

Software Defined Application Services

Software Defined Application Services F5 Software Defined Application Services (SDAS) A rich set of services that address the delivery challenges faced by businesses today. © F5 Networks, Inc 32

Software Defined Application Services Global Server LB Load Global Server LB CGNAT Balancing Availability Global Load Balancing Authoritative DNS Disaster Recovery Cloud Bursting Business DNS Caching & Resolving Intelligent EPC node selection © F5 Networks, Inc Continuity 33

Software Defined Application Services Compression Traffic Management Caching Acceleration Performance Optimization Web Performance Optimization SPDY Gateway Traffic Shaping and QoS Application Optimization © F5 Networks, Inc 34

Software Defined Application Services . SAML Federation Cloud Federation Access Control Anti-Malware Endpoint Inspection Single Sign-On SSL VPN Active Sync Proxy Secure Web Gateway Access & Identity Web Access Management © F5 Networks, Inc 35

Software Defined Application Services Cloud Bridging MDM Service Chaining VO LTE Subscriber Traffic Control Policy Enforcement Enrichment MAM Diameter and Routing NfV VAS Bursting SDN Mobility LTE Roaming VDI Mobile Optimization Mobile © F5 Networks, Inc Quota Management Acceleration Application Traffic Control 36

Software Defined Application Services Anti-Fraud Programmability DNS Firewall SSL Inspection Firewall AntiAnti-Phishing SSL intelligence WAF DNSSEC © F5 Networks, Inc ADF DDoS SSL VPN Security 37

Software Defined Application Services Elements © F5 Networks, Inc 38

Intelligent Services Orchestration Orchestration Connectors Fabric Connectors BIGBIG-IQ Module Connectors Cloud Connectors

Completing the SDN Stack BIG-IQ Device™ Software-Defined Data Center Application Plane NBI Control Plane Virtual Networks Data Plane SDN Controller NVGRE BIG-IQ Security™ NBI OPEN REST APIs BIGF5 BIG-IQ VXLAN ETC… Service Chaining LAYER 2-3 LAYER 4-7 BIG-IQ Cloud™

Centralized Management Platform BIG - IQ BIG-IP BIG-IP Data Center Hybrid Cloud Public Cloud

Orchestration Modules BIG-IQ Platform Services BIG-IP Devices

Application Services Modules

Simplify License Orchestration VE License Pools • Pools available in 25packs of Good, Better, or Best offers vSwitch vSwitch vSwitch vSwitch • BIG-IQ manages licenses for all VEs in the pool F5 licensing server Hypervisor Hypervisor Hypervisor Hypervisor • One-time license provisioning Virtual Infrastructure BIG-IQ manages licensing for all VEs in the pool. 25 Pack of VEs Benefits • Spin up a VE when it’s needed • Retire a VE and return it to the pool

Software Defined Application Services Elements Simplified Business Models

Simplified Business Models Perpetual BYOL Subscriptions Cloud Licensing Program

Flexibility BIG-IP Local Traffic Manager Make it easier to adopt advanced F5 functionality Simplicity Appliance Comparison Consolidate into fewer common configurations Best Value Good | Better | Best Save when purchasing bundles BIG-IP Global Traffic Manager Application Acceleration Manager Good BIG-IP Advanced Firewall Manager Better Best VE Price Comparison SDN Service Advanced Routing BIG-IP Access Policy Manager Good BIG-IP Application Security Manager Better Bought As Bundle Best Bought As Components

Better BIG-IP Local Traffic Manager BIG-IP Global Traffic Manager BIG-IP Application Acceleration Manager BIG-IP Advanced Firewall Manager • • • • • • Global server load balancing DNS services Real-time DNSSEC solution Global application high availability Geolocation DNS DDoS attack protection • Web performance optimization • WAN optimization (data deduplication, FEC) • Mobile optimization (smart client cache, image optimization) • SaaS acceleration (reduce bandwidth usage & page load times) • • • • High-performance ICSA firewall Network DDoS protection Application-centric firewall policies Protocol anomaly detection Key Benefits • Protect and optimize the data center • Optimize application delivery • Ensure optimal application availability and performance • Future-proof the business • Leverage the power of integrated SDN services

Best BIG-IP Local Traffic Manager BIG-IP Global Traffic Manager • PCI Compliant Web Application Firewall • Web scraping prevention • Integrated XML firewall • Violation correlation & incident grouping • Application DDoS protection BIG-IP Application Acceleration Manager BIG-IP Advanced Firewall Manager BIG-IP Application Security Manager BIG-IP Access Policy Manager • 500 concurrent users, scalable up to 200K • BYOD enablement • Full Proxy for VDI (Citrix, VMware) • Single sign-on enhancements (Identity Federation with SAML 2.0) Key Benefits Manage application access Support BYOD initiatives Accelerate remote access Protect IP and minimize vulnerability exposure • Free development resources to create value • • • •

Synthesis and Good/Better/Best Licensing Streamline the architecture process 1 Match Reference Architecture To Business Need 2 Choose the Licensing You Need 3 Choose the Appropriate Platform

Reference Architectures For Today’s Customer Challenges

Reference Architectures Device, Network, Applications S/Gi Network Simplification DDoS Protection Bill of Materials © F5 Networks, Inc Inc. Security for Service Providers LTE Roaming • • • • Application Services Intelligent DNS Scale White Paper (Business) Solution diagram(s) Architecture diagram(s) Product map diagram(s) Migration to Cloud Cloud Federation DevOps Cloud Bursting • • • • Customer Presentation Solution Animation/Video White paper (Technical) Placemat leave-behind 52

Reference Architectures Solution Documents… © F5 Networks, Inc 53

DDoS Protection Reference Architecture Next-Generation Firewall Tier 2 Tier 1 Network attacks: ICMP flood, UDP flood, SYN flood Multiple ISP strategy Corporate Users Financial Services SSL attacks: SSL renegotiation, SSL flood Legitimate Users E-Commerce ISPa/b DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning DDoS Attacker Cloud Scrubbing Service Network and DNS Application HTTP attacks: Slowloris, slow POST, recursive POST/GET Subscriber IPS Threat Feed Intelligence Scanner Anonymous Proxies © F5 Networks, Inc Anonymous Requests Botnet Attackers Strategic Point of Control 54

DDoS Protection Reference Architecture Next-Generation Firewall Corporate Users TIER 1 KEY FEATURES Tier 2 • The first tier at the perimeter is layer 3 and 4 network firewall services Tier 1 Network attacks: ICMP flood, UDP flood, SYN flood Multiple ISP strategy SSL attacks: SSL renegotiation, SSL flood Legitimate Users ISPa/b DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning DDoS Attacker Cloud Scrubbing Service Anonymous Proxies © F5 Networks, Inc Anonymous Requests HTTP attacks: Slowloris, slow POST, recursive POST/GET • IP reputation database E-Commerce Subscriber • Mitigates volumetric and DNS DDoS attacks IPS Threat Feed Intelligence Scanner Network and DNS • Simple load balancing Application to a second tier Financial Services Botnet Attackers Strategic Point of Control 55

DDoS Protection Reference Architecture Next-Generation Firewall Corporate Users TIER 2 KEY FEATURES • The second tier is for application-aware, CPU-intensive defense Legitimate mechanisms Users Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood Attacker Cloud • Mitigate asymmetric and Scrubbing SSL-based DDoS attacks Service Financial Services SSL attacks: SSL renegotiation, SSL flood E-Commerce ISPa/b • SSL termination • DDoS Web application firewall Tier 2 Tier 1 DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS Application HTTP attacks: Slowloris, slow POST, recursive POST/GET Subscriber IPS Threat Feed Intelligence Scanner Anonymous Proxies © F5 Networks, Inc Anonymous Requests Botnet Attackers Strategic Point of Control 56

Recommended Practices Configuration Guide 2. 3. 2.4 En for ce R e al Br ow se r s 2. 4 Besides authentication and tps-based detection (section Error! Reference source not found.), there are additional ways that F5 devices can separate real web browsers from probable bots. The easiest way, with ASM, is to create a DoS protection profile and turn on the “Source IPBased Client Side Integrity Defense” option. This will inject a JavaScript redirect into the client stream and verify each connection the first time that source IP address is seen. 2. 3. 2. 5 Thro t t le GE T Req u est F lo o ds v ia S cript The F5 DevCentral community has developed several powerful iRules that automatically throttle GET requests. Customers are continually refining these to keep up with current attack techniques. Here is one of the iRules that is simple enough to be represented in this document. The live version can be found at this DevCentral page: HTTP-Request-Throttle when RULE_INIT { # Life timer of the subtable object. Defines how long this object exist in the subtable set static::maxRate 10 # This defines how long is the sliding window to count the requests. # This example allows 10 requests in 3 seconds set static::windowSecs 3 set static::timeout 30 } Figure 1. Insert a Javascript Redirect to verify a real browser when HTTP_REQUEST { if { [HTTP::method] eq "GET" } { set getCount [table key -count -subtable [IP::client_addr]] if { $getCount < $static::maxRate } { incr getCount 1 table set -subtable [IP::client_addr] $getCount "ignore" $static::timeout $static::windowSecs } else { HTTP::respond 501 content "Request blockedExceeded requests/sec limit." return } } } Another iRule, which is in fact descended from the above, is an advanced version that also includes a way to manage the banned IPs address from within the iRule itself: 32 Page Detailed Guide… © F5 Networks, Inc • URI-Request Limiter iRule – Drops excessive HTTP requests to specific URIs or from an IP 57

Technical Validation & Performance Testing UDP Flood 2x Competition ICMP Flood 10x Competition Blended Attacks 25 + new DDoS Attack Vector Control options in Hardware © F5 Networks, Inc TCP Syn-Flood 16x Competition 58

Mapping F5 Products to Synthesis Solutions Use Reference Architectures to Implement F5 Synthesis Solutions © F5 Networks, Inc 59

Key Customer Benefits Maintain application availability Protect network infrastructure Defend against targeted attacks Safeguard your brand reputation Stay one step ahead Save money for your company ALL BACKED BY WORLD-CLASS SUPPORT AND PROFESSIONAL SERVICES © F5 Networks, Inc 60

TCO Study─Details Data Center Consolidation DDoS 83% Lower TCO 81% Lower TCO 85% Savings • Service Contracts 92% Savings • Space/Power/Cooling 62% Savings • Training 82% Savings • Upgrades/Patching 81% Savings • Service Contracts 94% Savings • Space/Power/Cooling 66% Savings • Training 82% Savings • Upgrades/Patching © F5 Networks, Inc. DDoS Market Study • DDoS Products and Services • $870 Million Market by 2017 • FSI Represents 23% of DDoS Market • Services Accounts for 46% of DDoS TAM • Financial Services, Gaming, and Online Retail are top verticals 61

Making it Happen with Global Services

F5 Global Services and Synthesis PRODUCT FOCUSED SERVICE LED SOLUTION DRIVEN 4 3 2 1 © F5 Networks, Inc Advanced Services Packaged Core Services APPLICATION ENABLED Architecture and Integration Consultative and Strategic • Reference Architectures • Managed Services / SOC • F5aaS • Solution Definition Workshops • Security Envisioning • Remote Services • Security • Mobility • Service Provider • Implementation • Migration • Upgrades 63

Services to Support Reference Architecture Lifecycle IMPLEMENT ARCHITECT Solution Definition Workshop Installation and Migrations OPTIMIZE MAINTAIN Managed Services and Live Monitoring S/Gi Network Simplification DDoS © F5 Networks, Inc. Secure Mobility Proactive Assessments and Integration Security for Service Providers LTE Roaming Application Services DNS CONFIDENTIAL Cloud Migration Cloud Federation DevOps Cloud Bursting 64

Multi-network Environment and Partner Ecosystem

F5 Synthesis Partner Ecosystem / DevOps © F5 Networks, Inc Inc. 66

Completing the SDN Stack BIG-IQ Device™ Software-Defined Data Center Application Plane NBI Control Plane Virtual Networks Data Plane SDN Controller NVGRE BIG-IQ Cloud™ NBI OPEN REST APIs BIGF5 BIG-IQ VXLAN ETC… Service Chaining LAYER 2-3 © F5 Networks, Inc BIG-IQ Security™ LAYER 4-7 67

Partner Integration with Synthesis Auto-scaling, application provisioning, and automated system maintenance and patching. Two-way communication Configure application networking services Automated network and service provisioning BIG IQ Cloud F5 SDAS Service Fabric Programmability Programmability Automate network and service provisioning, F5 Platforms Hardware | Software | Cloud Integrate network virtualization and ADN services Provisioning and orchestration of BIG-IP in AWS © F5 Networks, Inc Dynamically update state of servers in load balancing pool 68

Cisco ACI Design Philosophy

Why Cisco/ACI matters for Customers • Cisco and F5 share a common vision for simplifying networking end to end by taking an application-centric approach to solving key pain points in customer’s next generation data centers while meeting their critical data center requirements today. • Working with Cisco on Application Centric Infrastructure, F5 has a unique opportunity to deliver on vision of shaping infrastructure to the needs of the applications. • Cisco ACI integrates F5 Big-IP appliances (physical and virtual) to deliver application-centric, ADC-enabled network automation in existing and next generation data centers

VMware NSX and F5 joint solution Overview Any Application (without modification) Virtual Networks Any Cloud Management Platform VMware NSX Network Virtualization Platform Logical Logical Logical Load Balancer VPN Firewall Logical Load Balancer Logical L2 Logical L3 Any Hypervisor Any Network Hardware NSX integrates with F5 BIG-IQ and BIG-IPs F5 Admin defined iApps get published to NSX Manager as ADN service templates BIG-IPs VEs get automatically deployed, licensed and configured User can instantiate and consume F5 iApps from NSX UI or API Benefits Virtual IP: 172.168.1.1 Member pool: 10.0.0.1, 10.0.0.2 ADN template: Web Gold © F5 Networks, Inc Compatible with all NSX features Compatible with all F5 BIG-IQ and BIG-IP features Seamless support for virtual networks and traditional networking with VLANs Support for any CMP including vCAC Familiar workflows for all teams (in NSX , and in F5 BIG-IQ) Supports virtual and physical form factor of F5 appliances 71

F5 + NSX : Application delivery needs for enterprise virtualized workloads in NSX environments Context Aware Network Services: •Insertion of Application, user and resource awareness in NSX Insertion environments Speed of provisioning: •Intelligent services orchestration enhances time-to-production for Intelligent time-toall the necessary infrastructure services from weeks to minutes Simplified Operations: •Meet needs for simplified operations and programmability needs Meet for network services Application visibility and correlation •Enhanced visibility and correlation for the application Enhanced © F5 Networks, Inc. 72

Benefits Drive © F5 Networks, Inc. Increase Reduce Future 73

SDDC/Cloud

Coming to a City Near You…. Cloud and Security Events Ask your Account Team for More Information…

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

F5 | LinkedIn

F5 Synthesis Toronto February 2014 Roadshow. 1,743 Views. shaasallyza. Hsp moral f5. 204 Views. View the next set of presentations. Join LinkedIn groups ...
Read more

Events - Westcon New Zealand

Events Events ... Lenovo System X Networking Roadshow. 20 November 2014 09:00 Auckland. ... F5 Synthesis Partner XChange. 21 February 2014 08:30 ...
Read more

Other Presentations and Events – Deutsche Bank

Other Presentations and Events. ... Roadshow, February / March 2012: ... Roadshow, Montreal/Toronto: Presentation: February 17, 2009: Stefan Krause ...
Read more

Microsoft Cloud Roadshow

Toronto November 9 - 10 ... February 2 - 3 ... Through your Microsoft Cloud Roadshow attendance, ...
Read more

Antiques Roadshow | PBS

... 2016 WGBH Educational Foundation. ANTIQUES ROADSHOW is a trademark of the BBC and is produced for PBS by WGBH under license from BBC, Worldwide.
Read more

Fraport AG | Investor Relations

Investor Relations. Publications. ... Roadshow (Societe Generale) Toronto; 24.09.2015; ... Traffic Figures February 2014; 07.03.2014;
Read more

Weitere Präsentationen und Events – Deutsche Bank

Oktober 2014: Corporate Responsibility Roadshow, ... Roadshow, February / March 2012: ... Roadshow, Montreal/Toronto: Präsentation ...
Read more

F5 Networks - Secure Application Delivery | Hybrid Cloud ...

F5 Networks is named a leader in the 2015 Magic Quadrant for Application Delivery Controllers for the ninth consecutive year. Learn more. New Opportunities ...
Read more