f5 it agility. your way. - etouches · f5 – it agility. your way. ... – distributed...
TRANSCRIPT
F5 – IT Agility. Your Way.
Guaranteed Application Fluency with F5
Presented by: Brendon Thwaites
Midmarket & Alliances Manager – Australia & New Zealand
0412663858
2
AGENDA
• Evolution of the Internet
• Drivers for IT Agility
• Components of Application Delivery
• Challenges around Application Delivery
• Strategic Control Points
• Summary
3
Cloud Computing – Is it market hype? http://www.newsweek.com/id/106554
4
Cloud Computing – Is it market hype? http://www.newsweek.com/id/106554
5
Time warp 1996 Today
• The Internet had 20 million users in 1996 (most connecting via 14.4k or
28.8k dialup). Today in India alone there are 150 million households that
are connected.
• In 1996 the average user spent 30min / month online (today this is more
like 27hrs / month).
• The average household today creates more Internet traffic than the
entire Internet back in 1996.
• Today most people have a Terabyte of content in their homes (I-pod,
backup HDD, digital photos, thumb drives etc). In 1996 we had a 40MB
HDD and moved things around using a 1.44MB floppy disks.
• Evolution of online productivity (e.g. e-Commerce, You-tube, Social
Networking, real-time applications etc)
6
What’s my point?
• Initially the Internet was uncomplicated
• Over time our usage of the Internet has evolved
• Innovations are facilitating new online services/applications
• Users and consumers have expectations that they can complete tasks and transactions online
• Static infrastructures don’t accommodate change very well
• Customers are less responsive to demands
• Rapidly accelerating complexity
Right now there is a large shift towards
IT Agility for online applications
7
Global Leader in Application Delivery
• Layer 7-4 Load Balancing
• Traffic Management / Full Proxy
• Web Application Acceleration
• Web Application Firewall
• Server Offload (e.g. SSL, cache etc)
8
>10,000 customers globally
9
Application
Availability
Application
Performance
Datacenter
Flexibility
Application
Security
Components of Application Delivery
10
ST
OR
AG
E
SE
RV
ER
S
AP
PL
ICA
TIO
NS
WE
B &
PO
RTA
L
GA
TE
WA
Y
WID
E A
RE
A
TE
LC
O
EN
D P
OIN
T
Challenges in Application Delivery
Enterprise application traffic flows both ways between every tier of the datacenter
These tiers are often designed/implemented individually
– Interoperability challenges
– Performance issues are hard to pinpoint
– Distributed architecture decisions
11
ST
OR
AG
E
SE
RV
ER
S
AP
PL
ICA
TIO
NS
WE
B &
PO
RTA
L
GA
TE
WA
Y
WID
E A
RE
A
TE
LC
O
EN
D P
OIN
T
Business Initiatives – Today’s climate
End point
Security
Cloud
Computing
Application
Performance Virtualization
End user
experience Unified
Computing
Compliance
& Security High
Availability
12
How does this look inside your team?
Remote office
user
Bloated data Security risks
Application Attacks
XML, SOAP, ActiveX, JS
Network
Architect
Slow responses Many servers
Oracle, SAP, SharePoint
*@#! ?
*@#!
Storage
Architect
Data growth
Security
Architect
?
*@#! Application
Architect
14
End Point Gateway App Tier Web Tier StorageTier
Application
Security Mgr
WA
N O
pti
miz
ati
on
Mod
ule
Access
Policy
Mgr
Web Accelerator
F5 & Dell – 6 Strategic points of control
15
Control Point #1 - Datacenter Virtualization
DR
Data Center Primary
Data Center Dev/Test/Pre-Prod
Remote
Employees
Mobile
Employees
Branch Employees
LAN & wLAN
Customer, Partners, or
Suppliers
16
DR
Data Center Primary
Data Center Dev/Test/Pre-Prod
Remote
Employees
Mobile
Employees
Branch Employees
LAN & wLAN
Customer, Partners, or
Suppliers
Control Point #1 - Datacenter Virtualization
17
How to make it better
Data Center
2
Data Center
1
Virtual Data Centre
18
Data Center
2
Data Center
1
Virtual Data Centre
Data Center
n
19
Data Center
2
Data Center
1 Data Center
n
Remote
Employees
Mobile
Employees
Branch Employees
LAN & wLAN
Customer, Partners, or
Suppliers
Virtual Data Centre
Production
Pre-Production
Test
Development
Development
20
Dell Power Connect
Application Layers 4-7
Network Layers 1-3
ROUTERS
SWITCHES
FIREWALLS
Intelligent Clients
Data Center
Applications
Control Point #2 – Web & App Tier Virtualization
Cloud Computing
Virtualization
Application & Remote
Access
Application Security /
PCI DSS
High Availability / BCP
/ DR
Application
Acceleration
Content
Transformation
Application Switching
Application
Optimization
Network Acceleration
Identity & Access
Management (IAM)
• iRules
• iControl
F5 Local Traffic Manager
21
• Virtualized Global Namespace for unstructured data
– Storage vendor interoperability (CIFS & NFS)
– Live transparent migrations
(e.g. during business hrs)
– Automatic tiering policies
– Reduce Backup windows
2006 2007 2008 2009 2010 2011
35
30
25
20
15
10
5
0
(EB)
File-based Exabytes
Block-based Exabytes
Control Point #3 – File Virtualization
22
Legitimate Web Traffic
Malicious Application Activity
Application Floods
Network Attacks & Floods
Unsupported Services
Positive Security
(L7 Application Firewall)
Control Point #4 - Web Application Security
Web Servers
Application Servers
Databases
Web traffic
Other traffic
Intre
net
Intra
net / E
xtra
net
Positive Security
(L3-4 Network Firewall)
• Network Firewalls protect the Network
• Applications are prone to targeted Layer-7 attacks
• Attacks look like trusted traffic at Layers 3/4
23
Control Point #5 – Web Application Performance
Previous Attempts
1. Fix application performance issues by upgrading network
2. Throw more bandwidth at it - the problem still exists?
3. Add more CPU and Memory
4. Add more servers
5. Add Quality of Service
6. Symmetric Acceleration - appliances on both ends of pipe
Why are web apps are still slow?… What about remote users?
7. Restrict the functionality of the application
8. Remove rich content
E
E
120
Intelligent Browser
Referencing
24
Internet
First Page load:
150 objects x 100ms latency + D/L time
2 objects at a time
= 75 roundtrips + download
= 7.5s + 10s
= 17.5s
CACHE
Control Point #5 – Web Application Performance
25
Internet
Second Page load:
150 objects x 100ms latency + Zero D/L
2 objects at a time
= 75 roundtrips to validate content
= 7.5s + 0s
= 7.5s
CACHE
Still Valid ???
Yes it’s valid
Control Point #5 – Web Application Performance
26
Internet
Second Page Load using WA:
= One roundtrip for new JPG + D/L
= 0.1s + 1s
= 1.1s
CACHE CACHE
98% still valid
• Less roundtrips
• Mitigates the effects of latency
• Makes Web Applications usable
Control Point #5 – Web Application Performance
27
Control Point #6 – Virtual Infrastructure
View Manager load grows over time
Improve efficiency by offloading SSL
Session ID persistence (vs. Source IP)
Load balancing for View Manager servers
Accelerates RDP 12:1
Supportsa Native PCoIP over DTLS
28
Web Clients
FrontEnd
AppServers Virtualization
App. Server App. Server App. Server
Storage Virtualization
Frontends Virtualization BIG-IP LTM
BIG-IP LTM
FrontEnd FrontEnd
Web Clients
iControl
iControl
Monitoring &
Managem
ent
vCenter
+
AppSpeed
Demand ↑ ↑ ↑
F5 Provision
Detection
Automation
VM Provision
Demand ↓ ↓ ↓
VM Deprovision
Detection
Automation
F5 Deprovision
Elastic Applications /
Automatic Provisioning
Control Point #6 – Virtual Infrastructure
29
Use API calls to associate VM with vCenter in Site B.
During this transfer, GTM & LTM maintain connectivity to
VM. Since all new connections are routed directly to Site
B, and the old connections gradually bleed off, eventually
all connections are made directly into Site B. Process
complete.
GTM reroutes any new app connections/sessions
directly to Site B. Existing sessions are routed
indirectly through Site A to Site B until they complete.
VMotion VM from cloud 1 to cloud 2, using the same
iSession tunnel. vCenter A still in control.
Use Storage VMotion to move VM’s datastore from
Site A to Site B. vCenter A still in control.
Storage Vmotion over iSession
BIG-IP Local
Traffic Manager
BIG-IP Global
Traffic Manager
BIG-IP Local
Traffic Manager Link Site A to Site B via BIG-IP iSession tunnel
2
3
vCenter A vCenter B Transfer VM from vCenter A to B 5
iSession secure, accelerated tunnel 1
GTM Switch 4
Long Distance
V-Motion Accelerated iSCSI
Replication
Control Point #6 – Virtual Infrastructure
30
F5 & Dell – Solution Summary
• Datacenter Virtualization & HA
• Web & App tier Virtualization & HA
• File Virtualization & Management
• Web Application Security
• Web Application Performance
• Virtual Infrastructure
31
32
Solution Architecture L
ocal T
raff
ic m
an
ag
er
(LT
M)
Glo
bal T
raff
ic M
an
ag
er
(GT
M)
Web
Ac
cele
rato
r
(WA
)
Ap
pli
cati
on
Secu
rity
Man
ag
er
(AS
M)
Acce
ss P
oli
cy M
an
ag
er
(AP
M)
Pro
toco
l S
ecu
rity
Man
ag
er
(PS
M)
WA
N O
pti
miz
ati
on
Mo
du
le
(WO
M)
BIG-IP/VIPRION Hardware
Traffic Management Operating System (TMOS)
iRu
les
iCo
ntr
ol
Edge Gateway (EGW)
Fil
e V
irtu
ali
zati
on
(A
RX
)
33
1. Risk Mitigation
2. Cost Control
3. Best Practices (Reference Architecture for SAP, MS, Oracle)
4. Adaptability & Scalability
5. App fluency (i.e. over the network)
6. High Availability (Web, App, Datacenter)
7. Performance (Application / Network / Server / Client)
8. Web Application Security (e.g. PCI Compliance)
9. Access Control (Physical or Virtual Desktops)
10.7 Tiers of Virtualization
F5’s top 10 for IT Agility
The flexibility to add capabilities as you grow
