f5 synthesis toronto february 2014 roadshow
DESCRIPTION
February 2014 Update on F5 Synthesis Program, delivered by Pat Fiorino in Toronto at the Hockey Hall of Fame. Prepared for IT decision- makers and administrators.TRANSCRIPT
February, 2014
F5 Synthesis Information Session
Agenda
• Welcome and Introduction to Customer Technology Challenges
• Software Defined Application Services
• Reference Architectures for Today’s Customer Challenges
• Total Cost of Ownership and New Business Models
• Multi-network Environment and Partner Ecosystem
• Making it Happen with Global Services
• Q & A
© F5 Networks, Inc 3
Mobility
SDDC/Cloud
Advanced threats
Internet ofThings
“Software defined”everything
HTTP is the new TCP
© F5 Networks, Inc 4
Impact on Data Center Architecture: Applications
MICRO-ARCHITECTURES
Each service is isolated and requires its own:Each service is isolated and requires its own:Each service is isolated and requires its own:Each service is isolated and requires its own:
• Load balancing
• Authentication / authorization
• Security
• Layer 7 Services
• May be API-based, expanding services required
API DOMINANCE
Proxies are used in emerging APIProxies are used in emerging APIProxies are used in emerging APIProxies are used in emerging API----centric centric centric centric
architectures for:architectures for:architectures for:architectures for:
• API versioning
• Client-based steering
• API Load balancing
• Metering & billing
• API key management
Service A
Service C
Service B Service D
API v1
API v2
More intelligence needed in services More intelligence needed in services More intelligence needed in services More intelligence needed in services More applications need servicesMore applications need servicesMore applications need servicesMore applications need services
© F5 Networks, Inc 5
Impact on Data Center Architecture: Network
SOLUTION SPRAWL
Increasing threats and client platforms result in Increasing threats and client platforms result in Increasing threats and client platforms result in Increasing threats and client platforms result in
need need need need for:for:for:for:
• Mobile device management
• Mobile access management
• Mobile security
• DDoS
• Application layer threats
• Malware
OPERATIONAL INCONSISTENCY
Introduction of offIntroduction of offIntroduction of offIntroduction of off----premise cloud solutions without premise cloud solutions without premise cloud solutions without premise cloud solutions without
architectural parity results in: architectural parity results in: architectural parity results in: architectural parity results in:
• Inconsistent enforcement of business and
operational policies
• Unpredictable application performance and
security
• Increased OpEx as new management paradigms
are introduced
SaaS
© F5 Networks, Inc 6
SDN Division of Labor
Architect Foreman Workers
© F5 Networks, Inc 7
SDN Applications /SDN Applications /SDN Applications /SDN Applications /MgmtMgmtMgmtMgmt
Components of SDN
Architect
ControllerControllerControllerController
Foreman
API
SwitchesSwitchesSwitchesSwitches
Workers
API
(REST,
OpenFlow)
“I define the blueprint
for what the network should look like to achieve some goal”
“I can use feedback to make adjustments to the blueprint as I see fit”
“I manage switches, and tell them how to connect to each other”
“I also collect and manage state, and can report back to the architect.”
“I take orders, and route packets accordingly”
“I can also report back info to the foreman”
© F5 Networks, Inc 8
• Automation & orchestration
• Repeatability, speed
• Less risk (avoid human error)
• Reduced operating cost
• Compliance
• Agility
• Faster app lifecycles and transient usage (dev/test)
• Security
• Network isolation
• Resource Utilization
• Dynamic allocation of resources
Core Benefits
© F5 Networks, Inc 9
SDN Applications /SDN Applications /SDN Applications /SDN Applications /MgmtMgmtMgmtMgmt
Who are the Players?
Architect
ControllerControllerControllerController
Foreman
SwitchesSwitchesSwitchesSwitches
Workers
• VMware NSX
• Cisco/Insieme
• OpenStack
• Smaller Startups
• Anunta Networks
• VMware NSX
• Cisco/Insieme APIC
• Smaller Startups
• BigSwitch
• PlumGRIDController
• Cisco Nexus 9300/9500
• NSX vSwitch (OVS)
• Arista
• Smaller Startups / Whitebox
• Pluribus
• PlumGRID
• L2-3 is just “plumbing”
• Dynamic L2-3 == easy, generally solved
• Dynamic L4-7: Application SDN
• Fundamentally harder!harder!harder!harder!
• No good solution today
Application SDN: L4-7
© F5 Networks, Inc 11
Deliver the most secure, fast,and reliable applications to anyone
anywhere at any time.
© F5 Networks, Inc 12
Driving Efficiency into Application DevelopmentAgile Development & Development & Operation (DevOps)
code
release
• In the past 5 years we’ve seen the push to Agile Development.
• Focused on speed and customer driven application solutions.
• Drove more efficient application development
• Agile wasn’t focused on rapid deployment of those applications
• This gap was closed by many by either deploying their applications on
the cloud and/or evolving their development and IT organizations with
the creation of DevOps
• DevOps describes what has also been called “agile system
administration” or “agile operations” joined together with the values of
agile collaboration between development and operations staff.
• The goal of DevOps was simply to getting applications deployed
quicker.
© F5 Networks, Inc 13
Agile
Development
Application Environment
Rapid deployment─network and operations velocity
Speed, customer-driven, and quality of app development
© F5 Networks, Inc 14
Cloud and
DevOps
Cloud SLA, security and control private network agility
Accelerate time to market
Application Environment
Agile
Development
Rapid deployment─network and operations velocity
Speed, customer-driven, and quality of app development
© F5 Networks, Inc 15
SDN and
Private Cloud
Software defined data centers
Cloud and
DevOps
Application Environment
Cloud SLA and controlprivate network agility
Accelerate time to market
Agile
Development
Rapid deployment─network and operations velocity
Speed, customer-driven, and quality of app development
Failed to Address:Failed to Address:Failed to Address:Failed to Address:
L4L4L4L4––––7 device sprawl and 7 device sprawl and 7 device sprawl and 7 device sprawl and application fluencyapplication fluencyapplication fluencyapplication fluency
© F5 Networks, Inc 16
F5 VISION
Applicationswithout constraints
The Time Is Right
SDN and
Private Cloud
Software Defined Data Centers
Cloud and
DevOps
Cloud SLA and controlprivate network agility
Accelerate time to market
Agile
Development
Rapid deployment─network and operations velocity
Speed, customer-driven, and quality of app development
Failed to Address:Failed to Address:Failed to Address:Failed to Address:
L4L4L4L4––––7 device sprawl and 7 device sprawl and 7 device sprawl and 7 device sprawl and application fluencyapplication fluencyapplication fluencyapplication fluency
“Leave No Application Behind”
© F5 Networks, Inc 18
DDoSDDoSDDoSDDoS WAFWAFWAFWAF SSLSSLSSLSSL LTELTELTELTE
1000Average number of
applications deployed
within an enterprise
Applicationsrequire services
AccelerationAccelerationAccelerationAcceleration
© F5 Networks, Inc 19
The selected few
© F5 Networks, Inc 20
ADC ADC ADC ADC ADC ADC
© F5 Networks, Inc 21
High-PerformanceFabric
BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP
© F5 Networks, Inc 22© F5 Networks, Inc. 22
© F5 Networks, Inc 23
Software Defined Application Services Software Defined Application Services Software Defined Application Services Software Defined Application Services 4
The 4th Phase of the Evolution
Application Delivery ControllerApplication Delivery ControllerApplication Delivery ControllerApplication Delivery Controller1
Broadened Application ServicesBroadened Application ServicesBroadened Application ServicesBroadened Application Services2
Cloud ReadyCloud ReadyCloud ReadyCloud Ready3
© F5 Networks, Inc. 23
© F5 Networks, Inc 24
Software Defined Application Services Elements
HighHighHighHigh----Performance Performance Performance Performance Services Fabric
Simplified Simplified Simplified Simplified Business Models
© F5 Networks, Inc 25
Software Defined Application Services Elements
HighHighHighHigh----Performance Performance Performance Performance Services Fabric
High-Performance Services Fabric
Network [Physical • Overlay • SDN]
Virtual Edition Chassis Appliance
High-Performance Services Fabric
On-Demand Scaling All-Active Clustering Multi-Tenancy
ScaleN
TMOS TMOS TMOS TMOS
Network [Physical • Overlay • SDN]
High-Performance Services Fabric
Throughput Connections
per second
Concurrent
connections
Multi-tenant
instances per device
Device service
clusters
Network [Physical • Overlay • SDN]****40K when combining 40K when combining 40K when combining 40K when combining admin instances with vCMP admin instances with vCMP admin instances with vCMP admin instances with vCMP
High-Performance Services Fabric
Network [Physical • Overlay • SDN]
Virtual Edition Chassis Appliance
Data Plane
Programmability
Control Plane Management Plane
High-Performance Services Fabric
Network [Physical • Overlay • SDN]
Virtual Edition Chassis Appliance
Data Plane
Programmability
Control Plane Management Plane
Software Defined Application Services
© F5 Networks, Inc 32
Software Defined Application Services
F5 Software Defined F5 Software Defined F5 Software Defined F5 Software Defined
Application Services (SDAS) Application Services (SDAS) Application Services (SDAS) Application Services (SDAS)
A rich set of services that address
the delivery challenges faced by
businesses today.
© F5 Networks, Inc 33
Software Defined Application Services
Availability
Authoritative DNS
Cloud Bursting
CGNATCGNATCGNATCGNAT
Disaster RecoveryDisaster RecoveryDisaster RecoveryDisaster RecoveryBusiness Business Business Business ContinuityContinuityContinuityContinuity
Global Load Balancing
Intelligent EPC node selection
Global Server LBGlobal
Server LB
DNS Caching& Resolving
Load Balancing
© F5 Networks, Inc 34
Software Defined Application Services
PerformanceAccelerationCaching
OptimizationOptimizationOptimizationOptimization
SPDY Gateway
Application OptimizationTraffic Shaping and QoS
Compression
Web Performance Optimization
Traffic Traffic Traffic Traffic ManagementManagementManagementManagement
© F5 Networks, Inc 35
Software Defined Application Services
Access &
Identity
Cloud Federation
Endpoint Inspection
Single Sign-OnAccess ControlAccess ControlAccess ControlAccess Control
SAML Federation
SSL VPNAnti-Malware
Web Access Management
Active Sync ProxyActive Sync ProxyActive Sync ProxyActive Sync Proxy
Secure Web Gateway
.
© F5 Networks, Inc 36
Software Defined Application Services
Cloud Bridging
Mobile Optimization
MAMMAMMAMMAMSDN
VDIVDIVDIVDI
Diameter and RoutingPolicy Enforcement
MDM
Mobile Acceleration
VAS Bursting
Enrichment
Quota ManagementApplication Traffic Control
Service Chaining
Subscriber Traffic Control
NfV
VO LTEVO LTEVO LTEVO LTE
LTE RoamingLTE RoamingLTE RoamingLTE Roaming
Mobility
© F5 Networks, Inc 37
Software Defined Application Services
Security
DNSSECADFADFADFADF
Anti-Fraud
WAFWAFWAFWAF
DDoSDDoSDDoSDDoSSSL VPNSSL VPNSSL VPNSSL VPN
AntiAntiAntiAnti----PhishingPhishingPhishingPhishing
DNS Firewall
FirewallFirewallFirewallFirewall
SSL intelligenceSSL intelligenceSSL intelligenceSSL intelligence
SSL InspectionProgrammabilityProgrammabilityProgrammabilityProgrammability
© F5 Networks, Inc 38
Software Defined Application Services Elements
Fabric Connectors Fabric Connectors Fabric Connectors Fabric Connectors
Module ConnectorsModule ConnectorsModule ConnectorsModule Connectors
Cloud ConnectorsCloud ConnectorsCloud ConnectorsCloud Connectors
Orchestration Orchestration Orchestration Orchestration ConnectorsConnectorsConnectorsConnectors
Intelligent Services Orchestration
BIGBIGBIGBIG----IQIQIQIQ
Completing the SDN Stack
F5 BIGF5 BIGF5 BIGF5 BIG----IQIQIQIQOPEN OPEN OPEN OPEN
REST REST REST REST APIsAPIsAPIsAPIs
LAYER 2-3 LAYER 4-7
SDN ControllerSDN ControllerSDN ControllerSDN Controller
BIG-IQ
Security™
BIG-IQ
Cloud™
BIG-IQ
Device™
NBI NBI
NVGRENVGRENVGRENVGRE VXLANVXLANVXLANVXLAN ETC…ETC…ETC…ETC…
Control Plane
Application Plane
Data Plane
So
ftw
are
-De
fin
ed
Da
ta C
en
ter
Virtual Networks
Service ChainingService ChainingService ChainingService Chaining
Public CloudHybrid Cloud
BIG-IP
BIG-IP
Data Center
Centralized Management Platform
BIG BIG BIG BIG ---- IQIQIQIQBIG BIG BIG BIG ---- IQIQIQIQ
Orchestration Modules
BIG-IQ Platform Services
BIG-IP Devices
Application Services Modules
VE License Pools VE License Pools VE License Pools VE License Pools
• One-time license
provisioning
• BIG-IQ manages
licenses for all VEs in
the pool
• Pools available in 25-
packs of Good, Better,
or Best offers
BenefitsBenefitsBenefitsBenefits
• Spin up a VE when it’s
needed
• Retire a VE and return
it to the pool
25 Pack of VEs
vSw
itch
vSw
itch
vSw
itch
vSw
itch
Hyp
ervis
or
Hyp
ervis
or
Hyp
ervis
or
Hyp
ervis
or
Virtual InfrastructureVirtual InfrastructureVirtual InfrastructureVirtual Infrastructure
BIG-IQ manages licensingfor all VEs in the pool.
F5 licensingserver
Simplify License Orchestration
Software Defined Application Services Elements
Simplified Simplified Simplified Simplified Business Models
� Perpetual Perpetual Perpetual Perpetual
� Subscriptions Subscriptions Subscriptions Subscriptions
�
Simplified Business Models
� BYOLBYOLBYOLBYOL
� Cloud Licensing ProgramCloud Licensing ProgramCloud Licensing ProgramCloud Licensing Program
�
Good | Better | Best
Fle
xib
ilit
yF
lexi
bilit
yF
lexi
bilit
yF
lexi
bilit
y Make it easierMake it easierMake it easierMake it easier to adopt to adopt to adopt to adopt
advanced F5 advanced F5 advanced F5 advanced F5
functionalityfunctionalityfunctionalityfunctionality
Sim
plicit
yS
imp
licit
yS
imp
licit
yS
imp
licit
y
Consolidate into fewer Consolidate into fewer Consolidate into fewer Consolidate into fewer
common configurationscommon configurationscommon configurationscommon configurations
Be
st
Va
lue
Be
st
Va
lue
Be
st
Va
lue
Be
st
Va
lue
Save Save Save Save when purchasing when purchasing when purchasing when purchasing
bundlesbundlesbundlesbundlesGood Better Best
VE Price VE Price VE Price VE Price ComparisonComparisonComparisonComparison
Bought As Bundle Bought As Components
Good Better Best
ApplianceApplianceApplianceApplianceComparison Comparison Comparison Comparison
BIG-IP Local Traffic Manager � � �
BIG-IP Global Traffic Manager � �
Application Acceleration Manager � �
BIG-IP Advanced Firewall Manager � �
SDN Service � �
Advanced Routing � �
BIG-IP Access Policy Manager �
BIG-IP Application Security Manager �
Better
BIG-IP Local Traffic
Manager
BIG-IP Global Traffic
Manager
BIG-IP Application
Acceleration Manager
BIG-IP Advanced Firewall
Manager
Key BenefitsKey BenefitsKey BenefitsKey Benefits
• Protect and optimize the data
center
• Optimize application delivery
• Ensure optimal application
availability and performance
• Future-proof the business
• Leverage the power of integrated
SDN services
• High-performance ICSA firewall
• Network DDoS protection
• Application-centric firewall policies
• Protocol anomaly detection
• Web performance optimization
• WAN optimization (data deduplication,
FEC)
• Mobile optimization (smart client
cache, image optimization)
• SaaS acceleration (reduce bandwidth
usage & page load times)
• Global server load balancing
• DNS services
• Real-time DNSSEC solution
• Global application high availability
• Geolocation
• DNS DDoS attack protection
Best
Key BenefitsKey BenefitsKey BenefitsKey Benefits• Manage application access
• Support BYOD initiatives
• Accelerate remote access
• Protect IP and minimize vulnerability
exposure
• Free development resources to
create value
• PCI Compliant Web
Application Firewall
• Web scraping prevention
• Integrated XML firewall
• Violation correlation &
incident grouping
• Application DDoS protection
• 500 concurrent users,
scalable up to 200K
• BYOD enablement
• Full Proxy for VDI (Citrix,
VMware)
• Single sign-on enhancements
(Identity Federation with
SAML 2.0)
BIG-IP Local Traffic
Manager
BIG-IP Global Traffic
Manager
BIG-IP Application
Acceleration Manager
BIG-IP Advanced Firewall
Manager
BIG-IP Application
Security Manager
BIG-IP Access Policy
Manager
Choose the
Appropriate Platform
2Choose the Licensing
You Need
3
1Match Reference Architecture
To Business Need
Synthesis and Good/Better/Best Licensing
Streamline the architecture processStreamline the architecture processStreamline the architecture processStreamline the architecture process
ReferenceArchitecturesFor Today’s Customer Challenges
© F5 Networks, Inc 52
Reference ArchitecturesDevice, Network, Applications
Bill of Materials • White Paper (Business)
• Solution diagram(s)
• Architecture diagram(s)
• Product map diagram(s)
• Customer Presentation
• Solution Animation/Video
• White paper (Technical)
• Placemat leave-behind
© F5 Networks, Inc.
DDoS
Protection
S/Gi Network
Simplification
Security for
Service Providers
Application
Services
Migration to
Cloud DevOps
LTE
Roaming
Intelligent
DNS Scale
Cloud
Federation
Cloud
Bursting
© F5 Networks, Inc 53
Reference Architectures
Solution Documents…
© F5 Networks, Inc 54
DDoS Protection Reference Architecture
LegitimateUsers
Threat Feed Intelligence
DDoSAttacker
ISPa/b
CloudScrubbing
Service
Scanner AnonymousProxies
AnonymousRequests
Botnet Attackers
Network attacks:ICMP flood,UDP flood,SYN flood
DNS attacks:DNS amplification,
query flood,dictionary attack,
DNS poisoning
IPS
Next-Generation Firewall
Tier 2
SSL attacks:SSL renegotiation,
SSL flood
HTTP attacks:Slowloris,
slow POST,recursive POST/GET
Application
Corporate Users
FinancialServices
E-Commerce
Subscriber
Tier 2
Threat Feed Intelligence
Strategic Point of Control
Multiple ISP strategy
Network
and DNS
Tier 1
© F5 Networks, Inc 55
DDoS Protection Reference Architecture
LegitimateUsers
Threat Feed Intelligence
DDoSAttacker
ISPa/b
CloudScrubbing
Service
Scanner AnonymousProxies
AnonymousRequests
Botnet Attackers
Network attacks:ICMP flood,UDP flood,SYN flood
DNS attacks:DNS amplification,
query flood,dictionary attack,
DNS poisoning
IPS
Next-Generation Firewall
Tier 2
SSL attacks:SSL renegotiation,
SSL flood
HTTP attacks:Slowloris,
slow POST,recursive POST/GET
Application
Corporate Users
FinancialServices
E-Commerce
Subscriber
Tier 2
Threat Feed Intelligence
Strategic Point of Control
Multiple ISP strategy
Network
and DNS
Tier 1 • The first tier at the perimeter is layer 3 and 4 network firewall services
• Simple load balancing to a second tier
• IP reputation database
• Mitigates volumetric and DNS DDoS attacks
TIER 1 KEY FEATURES
© F5 Networks, Inc 56
DDoS Protection Reference Architecture
LegitimateUsers
Threat Feed Intelligence
DDoSAttacker
ISPa/b
CloudScrubbing
Service
Scanner AnonymousProxies
AnonymousRequests
Botnet Attackers
Network attacks:ICMP flood,UDP flood,SYN flood
DNS attacks:DNS amplification,
query flood,dictionary attack,
DNS poisoning
IPS
Next-Generation Firewall
Tier 2
SSL attacks:SSL renegotiation,
SSL flood
HTTP attacks:Slowloris,
slow POST,recursive POST/GET
Application
Corporate Users
FinancialServices
E-Commerce
Subscriber
Tier 2
Threat Feed Intelligence
Strategic Point of Control
Multiple ISP strategy
Network
and DNS
Tier 1• The second tier is for application-aware, CPU-intensive defense mechanisms
• SSL termination
• Web application firewall
• Mitigate asymmetric and SSL-based DDoS attacks
TIER 2 KEY FEATURES
© F5 Networks, Inc 57
Recommended Practices Configuration Guide
2.2.2.2.3.3.3.3.2.2.2.2.5555 ThroThroThroThro tttt tttt le GEle GEle GEle GET ReqT ReqT ReqT Req uuuuestestestest F F F F lolololooooods vds vds vds v iaiaiaia S S S Scriptcriptcriptcript
The F5 DevCentral community has developed several powerful iRules that automatically throttle GET requests. Customers are continually refining these to keep up with current attack techniques.
Here is one of the iRules that is simple enough to be represented in this document. The live version can be found at this DevCentral page: HTTP-Request-Throttle
when RULE_INIT {
# Life timer of the subtable object. Defines how long this object exist in the subtable set static::maxRate 10
# This defines how long is the sliding window to count the requests.
# This example allows 10 requests in 3 seconds set static::windowSecs 3
set static::timeout 30
}
when HTTP_REQUEST {
if { [HTTP::method] eq "GET" } { set getCount [table key -count -subtable [IP::client_addr]]
if { $getCount < $static::maxRate } {
incr getCount 1 table set -subtable [IP::client_addr] $getCount "ignore" $static::timeout $static::windowSecs
} else {
HTTP::respond 501 content "Request blockedExceeded requests/sec limit."
return
} }
}
Another iRule, which is in fact descended from the above, is an advanced version that also includes a way to manage the banned IPs address from within the iRule itself:
• URI-Request Limiter iRule – Drops excessive HTTP requests to specific URIs o r from an IP
2.2.2.2.3.3.3.3.2.2.2.2.4444 EnEnEnEn forforforforcececece R R R Reeeeal Bral Bral Bral Browowowowseseseserrrrs s s s
Besides authentication and tps-based detection (section Error! Reference source not found. ), there are additional ways that F5 devices can separate real web browsers from probable bots.
The easiest way, with ASM, is to create a DoS protection profile and turn on the “Source IP-Based Client Side Integrity Defense” option. This will inject a JavaScript redirect into the client stream and verify each connection the first time that source IP address is seen.
Figure 1. Insert a Javascript Redirect to verify a real browser
32 Page Detailed Guide…
© F5 Networks, Inc 58
Blended AttacksBlended AttacksBlended AttacksBlended Attacks
25 + new DDoS
Attack Vector
Control options in
Hardware
Technical Validation & Performance Testing
UDP Flood
2x Competition
ICMP Flood
10x Competition
TCP Syn-Flood
16x Competition
© F5 Networks, Inc 59
Mapping F5 Products to Synthesis Solutions
Use Reference
Architectures to
Implement F5
Synthesis
Solutions
© F5 Networks, Inc 60
Key Customer Benefits
ALL BACKED BY WORLD-CLASS SUPPORT AND PROFESSIONAL SERVICES
Maintain application
availability
Save money for
your company
Protect network
infrastructureSafeguard your
brand reputation
Defend against
targeted attacks
Stay one
step ahead
© F5 Networks, Inc. 61
TCO Study─Details
Data Center Consolidation DDoS DDoS Market Study
83% 83% 83% 83% LLLLower TCOower TCOower TCOower TCO
85% Savings
• Service Contracts
92% Savings
• Space/Power/Cooling
62% Savings
• Training
82% Savings
• Upgrades/Patching
81% 81% 81% 81% LLLLower TCOower TCOower TCOower TCO
81% Savings
• Service Contracts
94% Savings
• Space/Power/Cooling
66% Savings
• Training
82% Savings
• Upgrades/Patching
• DDoS Products and Services
• $870 Million Market by 2017
• FSI Represents 23% of DDoS Market
• Services Accounts for 46% of DDoS TAM
• Financial Services, Gaming, and Online Retail are top verticals
Making it Happen with Global Services
© F5 Networks, Inc 63
F5 Global Services and Synthesis
Packaged Packaged Packaged Packaged Core Core Core Core ServicesServicesServicesServices
• Implementation• Migration• Upgrades
1
Advanced Advanced Advanced Advanced ServicesServicesServicesServices
• Security• Mobility• Service Provider
2
Consultative and Consultative and Consultative and Consultative and StrategicStrategicStrategicStrategic
• Solution Definition Workshops • Security Envisioning • Remote Services
3
© F5 Networks, Inc 63
PRODUCT FOCUSED SERVICE LED SOLUTION DRIVEN
Architecture Architecture Architecture Architecture and Integrationand Integrationand Integrationand Integration4
• Reference Architectures• Managed Services / SOC• F5aaS
APPLICATION ENABLED
© F5 Networks, Inc. CONFIDENTIAL 64
Services to Support Reference Architecture Lifecycle
OPTIMIZE
ARCHITECT IMPLEMENT
MAINTAINProactive Assessments and Integration Managed Services and Live Monitoring
Installation and MigrationsSolution Definition Workshop
DDoS
S/Gi Network
Simplification
Security for
Service Providers
Application
Services
Cloud
Migration DevOps
Secure
Mobility
LTE
Roaming
DNS Cloud
Federation
Cloud
Bursting
Multi-network Environment and Partner Ecosystem
© F5 Networks, Inc 66
F5 Synthesis Partner Ecosystem
////
© F5 Networks, Inc. 66
DevOps
© F5 Networks, Inc 67
Completing the SDN Stack
F5 BIGF5 BIGF5 BIGF5 BIG----IQIQIQIQOPEN OPEN OPEN OPEN
REST REST REST REST APIsAPIsAPIsAPIs
LAYER 2-3 LAYER 4-7
SDN ControllerSDN ControllerSDN ControllerSDN Controller
BIG-IQ
Security™
BIG-IQ
Cloud™
BIG-IQ
Device™
NBI NBI
NVGRENVGRENVGRENVGRE VXLANVXLANVXLANVXLAN ETC…ETC…ETC…ETC…
Control Plane
Application Plane
Data Plane
So
ftw
are
-De
fin
ed
Da
ta C
en
ter
Virtual Networks
Service ChainingService ChainingService ChainingService Chaining
© F5 Networks, Inc 68
F5 Platforms
Hardware | Software | Cloud
Programmability
F5 SDAS Service F5 SDAS Service F5 SDAS Service F5 SDAS Service
Fabric Fabric Fabric Fabric
Programmability
BIG IQ CloudBIG IQ CloudBIG IQ CloudBIG IQ Cloud
Provisioning and orchestration
of BIG-IP in AWS
Two-way communication
Configure application networking services
Automated network and service provisioning
Auto-scaling, application
provisioning, and
automated system
maintenance and
patching.
Dynamically update
state of servers in
load balancing pool
Automate network and
service provisioning,
Integrate network
virtualization and
ADN services
Partner Integration with Synthesis
Cisco ACI Design Philosophy
Why Cisco/ACI matters for CustomersWhy Cisco/ACI matters for CustomersWhy Cisco/ACI matters for CustomersWhy Cisco/ACI matters for Customers
• Cisco and F5 share a common vision for simplifying networking end to end by taking an application-centric approach to solving key pain points in customer’s next generation data centers while meeting their critical data center requirements today.
• Working with Cisco on Application Centric Infrastructure, F5 has a unique opportunity to deliver on vision of shaping infrastructure to the needs of the applications.
• Cisco ACI integrates F5 Big-IP appliances (physical and virtual) to deliver application-centric, ADC-enabled network automation in existing and next generation data centers
© F5 Networks, Inc 71
VMware NSX and F5 joint solution
Any Application(without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
FirewallLogical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
Logical
Load Balancer
Virtual IP: 172.168.1.1
Member pool: 10.0.0.1, 10.0.0.2
ADN template: Web Gold
OverviewOverviewOverviewOverview
� NSX integrates with F5 BIG-IQ and BIG-IPs
� F5 Admin defined iApps get published to NSX Manager as
ADN service templates
� BIG-IPs VEs get automatically deployed, licensed and
configured
� User can instantiate and consume F5 iApps from NSX UI
or API
BenefitsBenefitsBenefitsBenefits
� Compatible with all NSX features
� Compatible with all F5 BIG-IQ and BIG-IP features
� Seamless support for virtual networks and traditional
networking with VLANs
� Support for any CMP including vCAC
� Familiar workflows for all teams (in NSX , and in F5 BIG-IQ)
� Supports virtual and physical form factor of F5 appliances
© F5 Networks, Inc. 72
F5 + NSX : Application delivery needs for enterprise virtualized workloads in NSX environments
Context Aware Context Aware Context Aware Context Aware Network Services:Network Services:Network Services:Network Services:
•Insertion of Application, user and resource awareness in NSX Insertion of Application, user and resource awareness in NSX Insertion of Application, user and resource awareness in NSX Insertion of Application, user and resource awareness in NSX environmentsenvironmentsenvironmentsenvironments
Speed of Speed of Speed of Speed of provisioning:provisioning:provisioning:provisioning:
•Intelligent services orchestration enhances timeIntelligent services orchestration enhances timeIntelligent services orchestration enhances timeIntelligent services orchestration enhances time----totototo----production for production for production for production for all the necessary infrastructure services from weeks to minutesall the necessary infrastructure services from weeks to minutesall the necessary infrastructure services from weeks to minutesall the necessary infrastructure services from weeks to minutes
Simplified Simplified Simplified Simplified Operations:Operations:Operations:Operations:
•Meet needs for simplified operations and programmability needs Meet needs for simplified operations and programmability needs Meet needs for simplified operations and programmability needs Meet needs for simplified operations and programmability needs for network servicesfor network servicesfor network servicesfor network services
Application Application Application Application visibility and visibility and visibility and visibility and correlationcorrelationcorrelationcorrelation
•Enhanced visibility and correlation for the application Enhanced visibility and correlation for the application Enhanced visibility and correlation for the application Enhanced visibility and correlation for the application
© F5 Networks, Inc.
Benefits
Drive Increase Reduce Future
73
SDDC/Cloud
Coming to a City Near You….Cloud and Security Events
Ask your Account Team for More Information…