Application Delivery Network
Download
Report
Transcript Application Delivery Network
F5
Optimizing and
Securing
Web-Applications
Zbigniew Skurczynski
Director Eastern Europe
[email protected]
+49162 290 4116
July 2006
2
F5 is the Global Leader in
Application Delivery Networking
Users
Data Centre
At Home
In the Office
On the Road
Application
Delivery
Network
SAP
Microsoft
Oracle
Business goal: Achieve these objectives in the
most operationally efficient manner
3
Key Issues and Objectives in Application Delivery
Networking
Users
Data Center
Private Users
Where:
LAN
Home
Branch / WAN
Road / WAN
What:
PC
Laptop
Home PC
PDA
Kiosk
Mobile
Public Users
Who:
Customers
Partners
Suppliers
Consultants
From What:
PC
Laptop
Home PC
PDA
Kiosk
Mobile
Application
Delivery
Network
Microsoft
SAP
Oracle
IBM
BEA
HTTP /HTML, SIP,
RTP, SRTP, RTCP,
SMTP, FTP, SFTP,
RTSP, SQL, CIFS,
MAPI, IIOP, SOAP,
XML etc…
Business Goal: Achieve these objectives in the most operationally efficient manner
4
Problem: Networks Aren’t Adaptable
- New security hole
- High cost to scale
- Slow performance
?
Application
Network Administrator
Traditional networks
are focused on
connectivity
Application Developer
Applications focus on
business logic and
functionality
5
How Do You Fix the Problem?
Multiple Point Solutions
Application
More
Bandwidth
Network Administrator
Add more infrastructure?
Faster and centralised fix,
applications are offloaded
Costly, complex and hard to
manage
Application Developer
?
Hire an army of developers?
Expensive (code, manage,
maintain)
Consumes server cycles
Often not possible
6
A Costly Patchwork of Point Solutions
Users
Applications
Point Solutions
DoS Protection
Mobile Phone
IPS/IDS
SSL Acceleration
SFA
CRM
Rate Shaping/QoS
PDA
Network Firewall
Desktop
Application
Load Balancer
WAN Connection
Optimisation
ERP
CRM
SFA
Traffic Compression
Application Firewall
Co-location
ERP
Content Proxy
Acceleration/
Transformation
Laptop
ERP
CRM
SFA
Custom
Application
7
F5’s Integrated Solution
Users
The F5 Solution
Applications
Application Delivery Network
CRM
Mobile Phone
Database
Siebel
BEA
PDA
Legacy
.NET
SAP
Laptop
PeopleSoft
IBM
ERP
Desktop
Co-location
TMOS
SFA
Custom
8
The entire solution is built on top of the TMOS
operating system that integrates all the tools
iRules and iControl
Programmable
Application
Network
Programmable Network Language
GUI-Based Application Profiles
Repeatable Policies
Unified Application Infrastructure Services
Targeted and
Adaptable
Functions
Security
Optimisation
Delivery
Universal Inspection Engine (UIE)
New Service
Complete Visibility
and Control of
Application Flows
TMOS
Fast Application Proxy
Client Side
Server Side
9
The F5 Business Value
Reduces company risks by protection of critical
applications against security threats
simplify the application
deployment process !!!
Simplify the
operational
manageability
Reduce the number
of Hardware (servers)
or
Downsize server size
Improves application
Reduce
maintenance
effort
PERFORMANCE
Significantly!
Increased availability, scalability and security drives
increased business productivity and faster ROI
10
It’s About the Applications & Providing a
Better Alternative
International
Data Center
Users
Applications
11
Intelligent DNS
The Gateway to the Application
International
Data Center
Users
Applications
BIG-IP
Global
Traffic
Manager
Which is the best data centre to send request,
Based upon:
Capacity
Application availability
Network performance
User proximity
User Groups
12
Link and WAN Availability and Optimization
The Conduit for Applications
International
Data Center
Users
Applications
BIG-IP
Global
Traffic
Manager
Which is the best ISP to use for data transmission:
Automated
Inbound or Outbound
Transparent to users
Criteria based upon:
Cost
Capacity
QoS
Etc
BIG-IP
Link
Controller
WANJet
13
The F5 WAN Optimization Product
Wan Jet
Symmetric Wan Optimization
Traffic compression
Data
Center
Branch
Office
x3 – x10
Full QOS
Repeat Byte caching
WANJet
WANJet
TCP / IP Optimization
Reporting
Expect:
• 100% to 300% average performance improvement
over WANs (speed and Bytes reduction)
• Lower Bandwidth cost
• Lower latency
• Improved traffic management (QOS)
14
SSL VPN
The Secure Gateway to Applications
International
Data Center
Users
Applications
BIG-IP
Global
Traffic
Manager
Secure channel of communication
Offloading SSL from Applications
End point security checks
TCP Compression
Caching
Potential of 80% traffic reduction
Potential of 3x performance
BIG-IP
Link
Controller
WANJet
FirePass
15
The F5 SSL VPN Product
FirePass
SSL VPN
Adaptive secure remote access
No thin client requirements
Internet
Key pad logon security
Multi-device rules per user
Expect:
• Easy installation and post installation configuration
• Very secure SSL connections from any device
• Widest range of SSL VPN features available
16
Application Delivery Controller
Offloading the Application for Security, Availability and Optimization
International
Data Center
Users
Applications
BIG-IP
Global
Traffic
Manager
Direct to correct application or server pool
Based upon:
Content
Application type
Most available
Best performing
BIG-IP
Link
Controller
WANJet
FirePass
BIG-IP Local
Traffic
Manager
Web
Accelerator
17
The Data Center Products
BIG-IP Local
Traffic Manager
Expect:
Data center optimization
• Very high availabilityApplication
Servers
Load balancing
Caching
• Less servers
Compression
•
Significant traffic reduction
Rate Shaping
• Significant speed improvement
SSL / FIPS acceleration
• Improved
TCP Optimisation
Switch
session persistence
• Higher degree of control
Add on
or standalone
• Vastly
increased
securitycomponents
WebAccelerator
ASM and Traffic Shield
• Improved flow management
WEB / portal optimization
Positive and negative security
Increased scalability
Accelerate WEB •
Application
2nd Layer Network Firewall
Connection optimisation
Reduce bandwidth requirements
Application Firewall
Validate WEB Application policies
Scrubbing outgoing traffic
• Lower cost
18
F5 is a unique product that creates a full
optimization solution on a single, unique platform
Application
Servers
Switch
Router
19
Application Delivery Controller
Offloading the Application for Security, Availability and Optimization
International
Data Center
Users
Applications
BIG-IP
Global
Traffic
Manager
BIG-IP
Link
Controller
WANJet
FirePass
BIG-IP Local
Traffic
Manager
Web
Accelerator
Security:
DoS
Packet Filtering
TCP Application Security
encryption / decryption
content filtering
Authorisation
Cloaking, etc.
20
Application Delivery Controller
Offloading the Application for Security, Availability and Optimization
International
Data Center
Users
Applications
BIG-IP
Global
Traffic
Manager
BIG-IP
Link
Controller
WANJet
FirePass
BIG-IP Local
Traffic
Manager
Web
Accelerator
High Availability:
Virtualization
load balancing
Redirection
error detection / automated response
health monitoring
session and transaction integrity
21
Application Delivery Controller
Offloading the Application for Security, Availability and Optimization
International
Data Center
Users
Applications
BIG-IP
Global
Traffic
Manager
Performance Optimisation:
Fast cache
Compression
TCP express
OneConnect
ASIC
H/W design
BIG-IP
Link
Controller
WANJet
FirePass
BIG-IP Local
Traffic
Manager
Web
Accelerator
22
Application Firewall
Securing the Application Transaction / Session
International
Data Center
Users
Applications
BIG-IP
Global
Traffic
Manager
BIG-IP
Link
Controller
FirePass
WANJet
BIG-IP directs the appropriate content for a virtualized application and a client’s session
to be managed by TrafficShield:
Positive security policies defined as to interaction
the client can have with the application.
This protects the application from prevent zero day attacks
BIG-IP Local
Traffic
Manager
Web
Accelerator
TrafficShield
23
Security’s Gaping Hole
“64% of the 10 million
security incidents tracked
targeted port 80.”
Information Week
DATA
24
Application Security with TrafficShield & BIG-IP ASM
!
Noncompliant
Information
Perimeter Security
Is Strong
Buffer Overflow
Cross-Site Scripting
SQL/OS Injection
Cookie Poisoning
Hidden-Field Manipulation
Parameter Tampering
!
Infrastructural
Intelligence
Attacks Now Look To
Exploit Application
Vulnerabilities
PORT 80
PORT 443
But Is Open
to Web Traffic
!
Forced
Access to
Information
High
Information
Density
=
High Value
Attack
25
Application Security with TrafficShield & BIG-IP ASM
Intelligent Decisions
Allow Only Good
Application Behaviour;
Positive Security
Definition of Good
and Bad Behaviour
26
Application Security with TrafficShield & BIG-IP ASM
!
Unauthorised
Access
!
And Stops
Bad
Requests
!
Noncompliant
Information
TrafficShield Allows
Legitimate Requests
Unauthorised
Access
!
Infrastructural
Intelligence
Bi-directional:
–
–
Inbound:
Outbound:
protection from generalised & targeted attacks
content scrubbing & application cloaking
Application content & context aware
High performance, low latency, high availability, high security
27
TrafficShield & ASM Deployment
Web Servers
Firewall
TrafficShield
Internet
Active
Standby
Management Access
(browser)
BIG-IP
LoadBalancer
28
TrafficShield & ASM Deployment
Web Servers
BIG-IP with
Firewall
ASM
Internet
Management Access
(browser)
ASM = Application Security Module
29
Centralized Management
Integration with the Applications
International
Data Center
Enterprise Manager
Users
Applications
BIG-IP
Global
Traffic
Manager
BIG-IP
Link
Controller
FirePass
BIG-IP Local
Traffic
Manager
TrafficShield
Web
Accelerator
WANJet
iControl
TMOS
Business Goal: Achieve These Objectives in the Most
Operationally Efficient Manner
30
iControl Eases Application Integration
Leverage the skills and expertise you already have!
Key Components
Benefits
– XML/SOAP interface
– Open, standards based integration
– Downloadable SDK
– Simplified development
– Technology partnerships
– Proven integration
– DevCentral resource centre
and community
– Sample code, documentation,
discussion forums
31
Secure Optimised Application Delivery
Applications optimised by F5
(Examples):
Application
Delivery
Network
32
DevCentral Technical Community
http://devcentral.f5.com/
Forum for F5 customers
for building iRules and
iControl applications
F5 provides technical
documentation, tips, free
sample downloads, and
a confidential discussion
forum
Monitored by F5
engineers and technical
experts that answer
technical questions
– Design, architecture,
troubleshooting and
general assistance
with iRules and
iControl
Company Snapshot
Facts
Position
References
34
F5’s Continued Success
Revenue
Headquartered in Seattle, WA
F5 Ensures Applications Running Over
the Network Are Always Secure, Fast,
and Available
Founded 1996 / Public 1999
Over 10,000 customers and 30,000
systems installed
Over 1000 Employees
FY05 Revenue: $281 M
64% year-over-year growth
FY05 EPS: $1.34
NASDAQ: FFIV
35
Leader in Application Delivery Networking
Consistent and Pioneering Innovation
• Unique TMOS architecture
• Industry’s only open iControl API & SDK
• Awarded key patent for ‘Cookie Persistence’
• DevCentral.f5.com
“They've remained on top of the trend, which is
to integrate all these functions into one box.”
Forrester Research
Proven Results
• 9,000+ customers
• #1 Market share L4-7 & SSL HW Acceleration
• Fastest growing SSL VPN market share
• FY05 Revenue (YTD): $201M, 66% year-over-year growth
Broad and Deep Partnerships
• Unique F5 and application vendor integration
• Application partners’ tested and documented solutions
• Cooperative support agreements
• F5 solutions in partners’ customer labs
Top 50 Innovator
Award 2005
36
Industry Recognition as ‘Best-in-Class’
BIG-IP Awards
SearchNetworking
Product of the Year!
Highest Score, 4.6 out of 5
“When our tests were completed,
F5's device emerged at the head of
the pack and took our Editor's
Choice award”
GOLD AWARD
Mgmt. Tools
Network
“…With this step, F5 has moved
beyond content switching and load
balancing to wide-ranging
application acceleration.…”
Excellent Manageability
Highly configurable via TCL-based
iRules; outstanding graphical
interface; good support site and
knowledgeable user community.
FirePass Awards
SearchNetworking
HOT PICK
“The best remote access solution
we've seen to date.”
“It trumps other SSL VPN offerings
with its ease of use, industrial
strength hardware platform and
advanced security features…"
Product of the Year!
GOLD AWARD
VPN Solution
Enterprise
“… FirePass stands out because it
offers full network access support to
any IP application across multiple
platforms.”
Top Rated
Excellent – Score of 9.0
“Sets a new standard for ease of
use in setup and configuration, and
for the wide array of client OS’s and
browsers supported.”
37
Our Actions Shape the Market
Challengers
Leaders
Magic Quadrant for
Application Delivery
Products, Dec. 2005
Ability to Execute
F5 Networks
•
“F5 continues to build on the
momentum generated by the
release of v9.0. It commands
over 50% market share in the
advanced platform ADC
(Application Delivery
Controller) segment and
continues to pull away from
the competition. ”
•
“F5 is one of the thought
leaders in the market and
offers growing feature
richness. It should be high on
every enterprise's shortlist for
application delivery.”
Citrix Systems (NetScaler)
Cisco Systems
Radware
Juniper Networks (Redline)
Akamai Technologies
Nortel Networks
Coyote Point Array Networks
Systems
Netli
Stampede Technologies
Zeus Technology
Foundry NetContinuum
Networks
Niche Players
Visionaries
Completeness of Vision
Source: Gartner, December 2005
38
F5 Customers in EMEA (1 of 2)
Banking,
Financial
Insurance,
Investments
Telco, Service
Providers, Mobile
39
F5 Customers in EMEA (2 of 2)
Transport,
Travel
Media, Technology,
Online
Manufact.,
Energy
Governm.,
Other
Health,
Consumer
40
Online Resources
How to access
information
41
42
43
44
DevCentral Technical Community
http://devcentral.f5.com/
Forum for F5 customers
for building iRules and
iControl applications
F5 provides technical
documentation, tips, free
sample downloads, and
a confidential discussion
forum
Monitored by F5
engineers and technical
experts that answer
technical questions
– Design, architecture,
troubleshooting and
general assistance
with iRules and
iControl
45
Real Time Compression Tool
www.f5demo.com/compression
46
Link Collection
www.f5.com
Technical:
www.askf5.coml
http://tech.f5.com
http://devcentral.f5.com
F5 University
www.f5university.com/
»
»
Login:
Password:
your email
adv5tech
Partner Informaiotn
Gartner Report
www.f5.com/partners
www.f5.com/training_services/certification/certFAQ.html
http://mediaproducts.gartner.com/reprints/f5networks/article1/article1.html
Important deployment information is available at
Data Center Virtualization
Application Traffic Management
Application Briefs
Solution Briefs
F5 Compression and Cache Test
F5 iControl Alliance Partners
F5 Technology Alliance Partners
http://www.f5.com/solutions/deployment/
http://www.f5.com/solutions/technology/pdfs/dc_virtualization_wp.pdf
http://www.f5.com/solutions/technology/pdfs/atm_wp.pdf
http://www.f5.com/solutions/applications/
http://www.f5.com/solutions/sb/
http://www.f5demo.com/compression/index.php
http://www.f5.com/solutions/partners/iControl/
http://www.f5.com/solutions/partners/tech/
Let us know if you need any clarification or you have any further questions.
47
48
To be effective, the superior tools of f5 deployed on a
single platform also require superior platforms...
8400
10
Gbps
Platform
Extremely High traffic
platforms
6800
4
6400
Gbps
Platforms
Multiple solution
platforms
3400
1500
500
Mbps - 1
Gbps
Platforms
Point solution
platforms
49
BIG-IP Software Module
Quickly Adapt to Changing Application & Business Challenges
Compression
Fast Cache
Increase performance
Offload servers
Rate Shaping
Reserve bandwidth
50
BIG-IP Security-Module
Adaptation made easy
Application Security
SSL Acceleration
Protect applications and data
Protect data over the Internet
Advanced Client
Authentication
Protect against unauthorised
access
51
DMZ
Primary Data Centre
FirePass
Firewalls
Router
WANJet
Router
Branch Office
WANJet
Router
DMZ
Router
Remote Users
ISP
ISP1
Global Traffic Manager
ISP2
ISP
Internet
Firewalls
ISP
BIG-IP Local Traffic Manager
Router
Router
DMZ
WANJet
Global Traffic Manager
Firewalls
Users
BIG-IP Local Traffic Manager
Web
Servers
Application
Servers
Blade
Servers
Database
Disaster
Recovery Site
52
Data Replication & Regulatory Compliance
CHALLENGES
Daily Database Replication
Data for 9 Million Employees
Choice of Deploying:
– New Infrastructure
– WAN Optimisation Solution
T3 Reaching Capacity
Confidentiality of Data
Solution
WANJet
RESULTS
Response Time Improved 6X
Throughput Improved 20X
Private Information Secured
53
Real World Performance and Results
350 Million Page Hits in 1 Week
1/3 Reduction in Servers
95% Fewer Connections
114.8
5
Million
Million
1/3 Reduction in Licenses
1/3 Reduction in
Management Time
66%
1.87
621
Terabyte
Gigabytes
3
Seconds
End-to-End
Page Load
Time
Reduction in
Bandwidth
200% Faster
1
Seconds
54
Solving Server Scalability & Latency
Company: Top tier consumer
electronics company
Application: Broadvision
deployment on Epson.com North
America e-commerce site
1M page views per day and
growing
Challenges: Site at 85% capacity,
sometimes over 100% (site
timeouts)
Solution: Application Smart
Caching configured for Broadvision
Benefit: Offloaded backend servers
without affecting accuracy. Session
management
required to solve capacity issue
Solution
WebAccelerator
RESULTS
Saved several hundred thousand
dollars in infrastructure costs
Consistent performance during
peak traffic times
Under 2 second page response
time
55
Solving Enterprise Portal Challenges
Company: British Land is the
largest real estate company in
the UK
Application: Plumtree portal
Challenge: To improve the
performance of their intranet
and extranet corporate portals
Solution: WebAccelerator with
Application Smart caching,
Express Compress and
Express Loader
Benefit: Offloaded portlet
generation for Exchange and
Oracle applications reducing
generation time
Solution
WebAccelerator
RESULTS
700% Performance
Improvement
5x Bandwidth utilisation
reduction
Accurate and non-intrusive
usage reports
56
The F5 Business Value
Reduces company risks by protection of critical
applications against security threats
Lowers cost and risk
of application
deployment and
maintenance
Increased
business
productivity by
Improvements of
end-to-end
application delivery
Organizational
Flexibility and
Business Agility in
competive markets
Improves application
performance, user
experience and
customer
satisfaction
Increased availability, scalability and security drives
increased business productivity and faster ROI