presentation network design and security for your v mware view deployment with vmware and f5
Post on 20-Jan-2017
472 Views
Preview:
TRANSCRIPT
Network Design and Security for
Your VMware View Deployment
with VMware and F5
Philippe Bogaerts
Senior Field Systems Engineer - Benelux
© F5 Networks, Inc.
F5 & VMware
• F5 & VMware are global partners
• 5+ years of history
• Primary partnership goals
Compatibility / Interoperability testing
New Solution Development & Documentation
• Across all major F5 and VMware products
• Ongoing cooperative solution development
© F5 Networks, Inc.
Recent Highlights
• F5 named Technology Innovator Partner of the Year
VMware awards highest honor to F5 at 2011 Partner Exchange
Recognition for deep integration and solution development
• “VMware-Ready” certifications
• F5 BIG-IP, ARX and FP Virtual Edition appliances
• vSphere, vCloud Director, View
• Single Unified Namespace
• iApp rapid solution deployment for View 4.6, 5.0
• vSphere 5.0 Metro-Distance Live Migration
• Netapp FlexCache, EMC VPLEX
© F5 Networks, Inc.
Common Desktop Virtualization Challenges
• User Experience
• Performance over the Wide Area Network
• Access methods / complexity
• Login steps / annoyance
• Security
• Encryption of all WAN traffic
• Unified Access (Local vs. Remote, Desktop vs. Smart Phone)
• Integration with existing authentication infrastructure
• Endpoint integrity inspection
• Scalability/Availability
• Ensuring total availability of connection servers, VMs
• Single unified namespace across datacenters
© F5 Networks, Inc.
• VMware abstracts all hosts and and storage into “one big
computer”
• F5 connects users to applications running on vSphere
F5 Networks: Application Delivery Networking
© F5 Networks, Inc.
Why Does Application Delivery Networking
Matter for Virtualization Projects?
Servers are more agile
Storage is more agile
Applications are more agile
Clients are more agile
Data centers are more agile
What’s missing?
The network!
© F5 Networks, Inc.
Taking A Step Back: What’s The Point?
Application Delivery Networking
F5 Networks
© F5 Networks, Inc.
Application Delivery Networking
• Control point for all traffic inbound and outbound
• Separate user connections from server connections
• Dynamically apply appropriate policies
Full Proxy
© F5 Networks, Inc.
Application Delivery Networking
• Encrypt application and data in transit
• User and Device authentication & authorization
Security
© F5 Networks, Inc.
Application Delivery Networking
• Caching
• Protocol optimization
Acceleration
© F5 Networks, Inc.
Application Delivery Networking
• Load balancing
• Persistence
• Connection Multiplexing
High Availability
© F5 Networks, Inc.
4 Key Functions of Application Delivery Networking
Scaling Migrating
Protecting Managing
© F5 Networks, Inc.
Architecture
© F5 Networks, Inc.
Connection Servers Connection Servers
BIG-IP LTM + APM
Remote Clients
Local LAN Clients
Local Mode Desktop
Primary Site
Centralized Virtual
Desktops
Internet
Encryption (DTLS or SSL)
Unencrypted RDP or Natively Encrypted PCoIP)
Security Servers Security Servers
Secondary
BIG-IP GTM
© F5 Networks, Inc.
User Experience
© F5 Networks, Inc.
Simplify Sign-On Frustrations
Step 1
Local
Login
Step 2
VPN
Login
Step 3
Desktop
Login
SSO
Login
Once
© F5 Networks, Inc.
Traffic QoS
View
Desktops
Rate Shape to ensure client-side View traffic receives priority
over client-outbound outbound traffic
Edge Client
Edge Client
Edge Client
© F5 Networks, Inc.
Security
© F5 Networks, Inc.
Unify Access to the Data Center
DMZ
Use existing user directories
View Servers
BIG-IP Edge Gateway
• One solution to manage all access policies regardless of access network
• Capacity and performance to secure all user traffic
• Optimizes application delivery to remote and mobile users
• Improves quality of real-time applications; soft phones and streaming media
Mobile Users
Wireless Users
Internet
Branch Office Users
Internal LAN
VLAN2
LAN Users
Internal LAN
VLAN1
© F5 Networks, Inc.
Unified AAA Services for View
• Pre-Logon Checks:
• OS, AV, firewall, process, file, registry, extended windows info,
client and machine certs, etc.
• Remediation:
• Group Policy enforcement (Corp & Non-Corp Assets)
• Protected Workspace
• Intuitive, Visual Policy Editor
© F5 Networks, Inc.
Optimize Authentication & Authorization
• Integration with existing authentication mechanisms
• AD, LDAP, RADIUS, 2-Factor, Client Certs, Etc.
• Support for PKI infrastructures
• Extensible and scriptable
• Comprehensive auditing/accounting
• Check the device prior to logon
• OS, AV, firewall, process, file, registry, 2-factor auth,
client/machine certs, etc.
• Remediate if necessary, automatically
• Use protected workspaces for untrustworthy devices
• Enforce Group Policies on all assets (even non-corporate assets)
• Meets FIPS compliance requirements
© F5 Networks, Inc.
DMZ
Stringent Corporate Security Policies
View Security Server
Running on
Windows Server
2008 R2
BIG-IP APM
FIPS Compliant
Appliance
Connection Server
Connection Servers
BIG-IP provides a high capacity, FIPS compliant alternative to the View Security Server
Up to 2,000
concurrent
users per
server, 10,000
per pod.
Up to 40,000
concurrent
users on a
single device
© F5 Networks, Inc.
Maintain Native PCoIP Performance
Connection
Brokers
Mobile Users
Remote Users
Branch Office Users
LAN Users
DTLS Encryption
View
Servers
DTLS Encryption
SSL Encryption
PCoIP
PCoIP
RDP
DT
LS
Encry
ption
PC
oIP
Support for DTLS (UDP) encryption
Support for SSL (TCP) encryption
Avoids the alternative method of
encapsulating UDP into TCP for SSL
encryption (thus degrading UDP).
© F5 Networks, Inc.
Availability & Scalability
in the Data Center
© F5 Networks, Inc.
Enable Scalability by Offloading Processes from View Connection Servers
1. Improve efficiency by offloading SSL
2. HA & load balancing for View Connection Servers
Connection
Servers
© F5 Networks, Inc.
Local Mode Acceleration
BIG-IP Edge Gateway
View pod
BIG-IP Edge Gateway
WAN
Optimized
Link
Branch Office
Datacenter
Local Mode
Check-out
Check-in
Synch
© F5 Networks, Inc.
DMZ
Ubiquitous View Client Support for Large Deployments
View Security Server
BIG-IP LTM
FIPS Compliant
Appliance
Connection Servers
BIG-IP allows thick, thin, and zero clients access to View deployments, which are > 2000 users
© F5 Networks, Inc.
DMZ
Maximum Scalability for View
BIG-IP APM
BIG-IP Global
Traffic Manager
BIG-IP Local
Traffic Manager
Pod 2
Pod 1
DMZ
BIG-IP APM
BIG-IP Local
Traffic Manager
Pod 3
Max 10,000 users
Per Cluster
Global Load
Balancing Among
Multiple Sites
Local Load
Balancing >70,000
concurrent users
@ 1Mbps each on
a single device
BIG-IP enables you to make multiple sites and multiple clusters, look like one big cohesive unit
© F5 Networks, Inc.
• iApps: Rapid, tested, streamlined, best practice deployment
iApp for VMware View 5.0
Deploy F5 LTM and APM in a matter of
minutes
Provide best practice configuration
Avoid human error
F5 iApps: Rapid Deployment for Enterprise Applications
© F5 Networks, Inc.
• Rapid, tested, streamlined, best practice deployment of F5
functionality for VMware View environments
F5 iApp for VMware View
© F5 Networks, Inc.
Summary – VMware View & F5
• Improve and streamline User Experience
• Integrate, simplify, and unify Security
• Scale and provide global High Availability
• Reduce OPEX and CAPEX
Flexible deployment architectures and product
Platforms to support any size enterprise View deployment
© F5 Networks, Inc.
Thank You F5 Networks
www.f5.com/vmware
top related