1 / 84

F5 for Application Delivery Networking A Blueprint for Successful Application Use Environment

F5 for Application Delivery Networking A Blueprint for Successful Application Use Environment. Presented by: Timo Hirvonen: F5 Networks. It is all about applications and the user experience in the end. Why Application Deployments Fail?. Application Delivery Issues are Mounting. Partners.

axl
Télécharger la présentation

F5 for Application Delivery Networking A Blueprint for Successful Application Use Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. F5 for Application Delivery NetworkingA Blueprint for Successful Application Use Environment Presented by: Timo Hirvonen: F5 Networks

  2. It is all about applications and the user experience in the end

  3. Why Application Deployments Fail?

  4. Application Delivery Issues are Mounting Partners Web Applications Grid / Utility Computing Web Services (SOAP/XML) PDAs Thin Client Thick Client Java Smart Phones VoIP .NET Remote workers Suppliers Organizations are constrained by limited staff, resources and infrastructure Application types are increasing exponentially Number of applications in enterprise portfolios is growing Legacy applications need to be extended and leveraged Need for Application Delivery Networking Is Becoming Critical

  5. IT Challenge – Part I • Centralization vs. Globalization • End-User Performance • Need Business Focus • Application Delivery vs. Packet Delivery • Application Fluency • Flexibility to Adapt to Technology Changes

  6. RESULT: Applications and Networks operate without regard to each other limiting scale, performance, reliability, and security ! IT Challenge – Part II • Applications and networks behave independently • Many network functions require high degrees of manual intervention • Distributed architectures and web services increase complexity • Historically, applications and protocols for communicating with network devices inflexible at best

  7. *@#! ? ? F5’s Application Ready Network Slow responses Bloated data Security risks Many servers Application Attacks XML, SOAP, ActiveX, JS Office workers telecommuters Network Administrator Application Developer

  8. F5’s Application Ready Network Fast responses Smaller data Stops Attacks Fewer servers Office workers telecommuters Network Administrator Application Developer

  9. What do analysts think?

  10. From Server Load Balancing to Application Delivery • While the market emerged from load-balancing solutions to improve the availability and reliability of Web sites, we are now a long way from the days where load balancing and Secure Sockets Layer (SSL) termination for basic HTML traffic are viable by themselves. • Browser-based applications are often a major impetus to invest in these technologies, but many enterprise applications that look browser-based actually employ thick clients that run within the browser, and that don't run over HTTP(S) or have the ability to bypass standard browser capabilities like compression. • The emergence of Ajax and other rich client interfaces further complicates the environment. As a result, there is a need for solutions with broader payload parsing, and inspection and optimization techniques, including client-resident software.

  11. Application Delivery Controllers • Application delivery controllers (ADCs) reside in the data center, typically in front of frontline Web servers. • They are deployed asymmetrically (only at the data center end) and are designed to improve the availability, performance and security of Web- or Internet Protocol-based applications. • ADCs enhance the performance of Web-based and related applications for end users by providing a suite of services at the network and application layers. These services can include: • Layer 4 through Layer 7 redirection and load balancing and failover. • Transmission Control Protocol (TCP) connection multiplexing. • Server offload (for example, SSL termination and TCP connection management). • Data compression. • Network-address translation. • Network-level security functions, distributed denial-of-service protection and server cloaking. • Selective compression. • Caching. • Content transformation and rewrite. • Application firewall. • Transaction assurance. Rules and programmatic interfaces. • HTML (and other application protocol) optimizations — "pre-fetching" or selective encoding. • Virtualization.

  12. Advanced Platform Application Delivery Controllers • A more advanced class of ADCs (Advanced Platform ADCs [AP ADCs]) operate on a per transaction basis and achieve application fluency. These devices become actively involved in the delivery of the application and provide sophisticated capabilities, including: • Application layer proxy, which is often bidirectional and stateful. • Content transformation. • Selective compression. • Selective caching of dynamic content. • HTML or other application protocol optimizations. • Web application firewall. • XML validation and transformation. • Rules and programmatic interfaces.

  13. Application delivery vendor map 2007 ”The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most pressing application problems have become the top players.”

  14. A year ago - Dec 2005 (From "Magic Quadrant for Web-Enabled Application Delivery, 2005," 20 December 2005)

  15. F5 Networks according to Gartner • Strengths • Offers the most feature-rich AP ADC, combined with excellent performance and programmability via iRules and a broad product line. • Strong focus on applications, including long-term relationships with major application vendors, including Microsoft, Oracle and SAP. • Strong balance sheet and cohesive management team with a solid track record for delivering the right products at the right time. • Strong underlying platform allows easy extensibility to add features. • Support of an increasingly loyal and large group of active developers tuning their applications environments specifically with F5 infrastructure. • Cautions • The Big-IP product is so feature-rich it can be intimidating to some customers. • Lacks a product for the emerging SMB market.

  16. The Quiet Networking Revolution Significant Business Value Around Architecting, Implementing, and Managing the ADN Application Networking (L4-L7) Traditional Networking (L2-L3)

  17. F5’s Application Ready Network Fast responses Smaller data Stops Attacks Fewer servers Office workers telecommuters Network Administrator Application Developer

  18. From Application Delivery to Application Ready Network F5's Application Ready Network is a holistic application network architecture and infrastructure designed, optimized, tested, verified and documented specifically for Enterprise Applications from companies such as Microsoft, Oracle and SAP. F5 Technology Center

  19. F5 Application Ready Network solutions- best practises on application delivery SharePoint 2007 Exchange 2007 Office Communications Server MySAP ERP(w/ Netweaver) SAP Portal PeopleSoft 10g App Server EBS 12 Siebel 8

  20. Application & Deployment Guides

  21. F5 ARN Examples

  22. Basic App Architecture

  23. F5 and Microsoft joint tested & recommended solutions on: • IIS: Internet Information Services • LCS: Live Communications Server • Exchange Server • SharePoint Server • HMC: Hosted Messaging and Collaboration • WTS: Windows Terminal Server • Microsoft Dynamics • BizTalk Server • MOM: Microsoft Operations • Manager • Application Center • ISA: Internet Security • & Acceleration Server • NLB: Network Load Balancer MS recommends to use F5 instead • NAP: Network Access Protection • ...more to come

  24. F5 and Microsoft Application Architect Benefits: Up to 5xperformance increase 33% faster deployment cycles Up to 25% savings on security costs Common, repeatable design saving 50% in operational costs Network Architect Benefits: • Up to 70%reduction in access control costs • 99.999%availability • Automated failover for WAN/LAN saving20% in operational costs • Up to 70% reduction in bandwidth

  25. Exchange 2007 “Exchange 2007 volume adoption will begin in earnest in 2008 with the installed base reaching 40% in 2010 (0.7 probability). A breakdown, by version, of the current installed base (which comprises approximately 150 million commercial users) is estimated to be: version 5.5 – 20%, version 2000 – 40% and version 2003 – 40%).” “Architecture. Organizations must re-examine topologies for further centralization, as well as for the new server roles. Exchange 2007 will have five official server roles (client access, edge transport, unified messaging, hub transport, and mailbox) and one unofficial role (administrative console). Integration with WSS, PBXs, and OCS as well as disaster recovery options will also require the attention of architects.” -Gartner, Exchange 2007, October 2006

  26. Exchange 2007 Solutions User Experience and Application Performance Eliminating SPAM with MSM, thus preventing the clogging of bandwidth and freeing up capacity on the Edge Transport Servers Offloading SSL, Compression and Caching from the Exchange Servers For example, with OWA, clients must download 160 objects from the Client Access Servers (CAS) when they first log on With F5, only six of those first request are delivered by the CAS, allowing those servers to spend more processing power on mail delivery Pre-defined Acceleration policy with config sets specifically for Exchange or OWA Isolating client connections from the server connections, thus ensuring communication speed is not limited by the client Effective attachment handling over the WAN Business Continuity and Disaster Recovery F5 provides reliable, real-time availability of globally dispersed Edge Transport servers. If one DC goes down, F5 reroutes to the next best DC. When back up… Cluster Continuous Replication (CCR), new in Exchange 2007, provides geo-distributed high-availability for mailbox servers – F5 can ensure rapid replication to reduce or eliminate potential data loss in the event of a failure, improve end-user experience during the failover period, and greatly decrease time-to-recovery, all the while reducing bits-in-the-wire Secure Remote Access – F5 allows you to create a custom application tunnel for accessing OWA or Outlook Multiple ISPs

  27. Exchange 2007 Solutions Application Security MSM CCR is in the clear – F5 encrypts End-point Security with remote users accessing Outlook or OWA Cache Clean Up Unified Security Enforcement and Access Control Pre-logon checks and Protected Configurations provide the ability to grant users full acces to Exchange using Office Outlook (after satisfying all security policy requirements) …while users who meet only some of the criteria are restricted to OWA F5 can also partition the network into various segments to protect and monitor access from one segment to another (e.g., using IP addresses, VLANs, MAC addresses, etc) F5 provides simplified policy and group management, and provides central reporting and auditing, qhich reduces the overall cost of management.

  28. SharePoint 2007 Market Size and Need “80 million licenses sold with over 10,000 customers. Examples of enterprise-wide deployments like Accenture, Honeywell, and DelMonte are now commonplace. - Kurt DelBene, Corporate Vice President, Office Business Systems Platform, October 2006 “Architecture. “We anticipate a redefinition of the way communication, collaboration infrastructure, and business applications are designed and deployed. - Gartner, “Key Issues for Enterprise Contact Centers, 2007”

  29. SharePoint 2007 Solutions User Experience and Application Performance Offloading SSL, Compression and Caching from the SharePoint Servers increasing server capacity by more than 25%. Pre-defined Acceleration policy with configuration sets specifically for SharePoint Isolating client connections from the server connections, thus ensuring communication speed is not limited by the client. Business Continuity and Disaster Recovery F5 provides reliable, real-time availability of globally dispersed SharePoint servers. If one DC goes down, F5 reroutes to the next best DC. When back up… Secure Remote Access – F5 allows you to create a custom application tunnel for accessing SharePoint. Multiple ISPs

  30. SharePoint 2007 Solutions Application Security Positive security model, permitting only valid and authorized application transactions, while automatically protecting critical web applications from HTTP and HTTPS-based threats such as Google hacking, cross-site scripting, and parameter tampering. TMOS and iRules enable full bidirectional session and payload inspection. End-point Security with remote users accessing SharePoint servers; Secure Virtual Workspace, pre-login endpoint security checks, and endpoint trust management. Centralize application security, eliminating need for multiple, redundant application security devices. Unified Security Enforcement and Access Control Access control and enforcement is especially critical for SharePoint, as it is a collaboration tool and repository for shared documents. Enable administrators to grant certain users, i.e. business partners using equipment not maintained by the company, access to SharePoint and other extranet applications and sites. F5 can partition the network into various segments to protect and monitor access from one segment to another (e.g., using IP addresses, VLANs, MAC addresses, etc) F5 provides simplified policy and group management, and provides central reporting and auditing, which reduces the overall cost of management.

  31. Live Communications Server & Office Communications Server 2007 Microsoft’s platform for Unified Communication Presence: Know who is available and how to contact them. Instant Messaging (supports MSN, AOL, Yahoo!, and extensible with SIMPLE) Real Time Collaboration Voice (VoIP, SIP) Exchange Attach campaign MS rep incentives, promotional pricing, marketing/advertising. Goal for FY07: Attach LCS to 30% of all Exchange licenses sold. F5 benefits to LCS deployment Scalability High availability Connection optimization (TCP Express) MS acknowledges NLB not sufficient for high availability; need HW load balancer. LCS product group relationship Microsoft selected F5 as sole vendor to present at Early Adopter Airlift. LCS development lab currently has over $500K of F5 equipment. SIP monitor: F5’s current health monitoring capability is far beyond any other load balancer on the market.

  32. Live Communications Server & Office Communications Server 2007

  33. Microsoft & F5 GISV Managed Partner MTC Alliance Partner VSIP Premier Partner MPSC Sponsor Partner Microsoft Interop Vendor Alliance http://interopvendoralliance.org/demos/Lab1/demo.swf Secure IT Alliance

  34. ControlPoint Project Overview Stand-alone F5 appliance Built on Microsoft Operations Manager 2007 Visibility into app delivery network Provide F5 device insights Available end of CY 2007 Customer Advisory Board Unequivocally Establish F5’s Leadership by Providing Visibility into the Application Delivery Network

  35. F5 Application Ready Network • F5 has shipped 50000+ BIG-IP appliances to 10000+ end customers • 1/3 to, telco, isp, hosting • 2/3 to corporate, government, .. • 50 % of previous to MS based application environments

  36. Digging Deeper into F5 for Oracle

  37. Oracle Maximum Availability Architecture (MAA)

  38. Application Server 9iAS,10g • No Single Point of failure • All Applications and Web Caches are now Virtualized on a single point • SSL terminated on the BIG-IP • 20,000+ new SID per second • 6+ Gb of Bulk encryption • 500K user connections available • FIPS 140/2 fully supported • All Application process are monitored for failures

  39. E-business Suite 11i • No Single Point of failure • All Applications are now Virtualized on a single point • All Identity Management Servers are now Virtualized on a single point • Single IP address and single point of management • All Application process are monitored for failures • All Identity Management services are monitored for failures

  40. F5 BIG-IP w/ Oracle Identity Management Third Party Oracle Identity Management Suite High Availability Authentication LDAP RADIUS Win NT/2K OID OVD OCSP Web Portals Web Hosts Web-mail • SSL • PKI • Auth. • Pack Inspection • Rate • Shaping • Proxy External Users SSL Encryption Portal Access Security Performance High Availability Policy Engine (iRules) Apps. Access Custom & Legacy Applications Network Access Corporate Network Administrative Console Internal Users F5’s BIG-IP (Application Traffic Management & Access Control) • Secures Network, Application and Portal Access • Advanced Authentication Integration with OIM & SSO • Increased Compliance and Audit Controls

  41. Oracle Enterprise Mngr. BIG-IP plug-in Solution • Monitors and logs all statistics and configurations • Resource planning and root cause analysis

More Related