nilesh mistry field systems engineer [email protected] f5 synthesis

Nilesh Mistry

Field Systems Engineer

[email protected]

F5 Synthesis

mailto:[email protected]

© F5 Networks, Inc 2

Mobility

SDDC/Cloud

Advanced threats

Internet ofThings

“Software defined”everything

HTTP is the new TCP

Technology Shifts Are Creating Challenges and Opportunities


Impact on Data Center Architecture: Applications

MICRO-ARCHITECTURES

Each service is isolated and requires its own:• Load balancing• Authentication / authorization • Security • Layer 7 Services • May be API-based, expanding services required

API DOMINANCE

Proxies are used in emerging API-centric architectures for:• API versioning • Client-based steering • API Load balancing • Metering & billing • API key management

More applications needing services

Service A Service C

Service B Service D

More intelligence needed in services

API v1

API v2


Impact on Data Center Architecture: Network

SOLUTION SPRAWL

Increasing threats and client platforms result in need for:• Mobile device management • Mobile access management • Mobile security• DDoS • Application layer threats• Malware

OPERATIONAL INCONSISTENCY

Introduction of off-premise cloud solutions without architectural parity results in:

• Inconsistent enforcement of business and operational policies

• Unpredictable application performance and security

• Increased OpEx as new management paradigms are introduced

SaaS


Deliver the most secure, fast,and reliable applications to anyone anywhere at any

time.

F5 MISSION


The Evolution of F5

Broadened Application Services• Security• Mobility/LTE• Domain Name Services

Cloud Ready• Hypervisor/Cloud ubiquity• Multi-tenancy, all-active • Identity access management

Application Delivery Controller• Traffic management• Optimization• Acceleration

1

2

3


Agile Development

Application Environment

Failed to Address:Rapid deployment─network and operations velocity

Driver:Speed, customer-driven, and quality of app development


Cloud and DevOps

Failed to Address:Cloud SLA and controlprivate network agility

Driver:Accelerate time to market


Agile Development




SDN and Private Cloud

Driver:Software defined data centers

Cloud and DevOps




Agile Development



Failed to Address:L4–7 device sprawl and application awareness


F5 VISION

Applicationswithout constraints

The Time Is Right

SDN and Private Cloud

Driver:Software Defined Data Centers

Cloud and DevOps



Agile Development



Failed to Address:L4–7 device sprawl and application awareness


Software Defined Application Services

4

The Evolution of F5

Application Delivery Controller

1

Broadened Application Services

2

Cloud Ready3

© F5 Networks, Inc. 12


Software Defined Application Services Elements

IntelligentServices Orchestration

High-Performance Services Fabric

Simplified Business Models

High Performance Services Fabric


Network [Physical • Overlay • SDN]

Virtual Edition Chassis Appliance


Elastic, multi-tenant platform

All-active

Application-aware

On-Demand Scaling All-Active Clustering Multi-Tenancy

ScaleN

TMOS TMOS TMOS TMOS




All-active

Application-aware

Performance leader

Throughput

20Tbps Connections

per second

320M

Concurrentconnections

9.2BMulti-tenant

instances per device

80*

Device serviceclusters

32

Network [Physical • Overlay • SDN]*40K when combining admin instances with vCMP


All-active

Application-aware

Performance leader

Extensible andprogrammable




Data Plane

Programmability

Control Plane Management Plane


PerformanceIdentity & Access

AvailabilitySecurity

Mobility


All-active

Application-aware

Performance leader


Catalog of application services



Data Plane

Programmability

Control Plane Management Plane

“Leave No Application Behind”


DDoS WAF SSL LTE

1000Average number of

applications deployed within an

enterprise

Applicationsrequire services

Acceleration


The selected few


BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP


High-PerformanceFabric

Application Services

BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP



Service Provider and Enterprise

Device, Network and Applications

Performance and Scale


Automation and Orchestration

F5 Software Defined Application Services (SDAS) are a rich set of services that address the delivery challenges faced by businesses today. Built and deployed atop extensible F5 platforms, SDAS are all application and context-aware, highly scalable, and programmatic.

Provisioned and managed within the F5 Synthesis architecture through BIG-IQ, SDAS provides organizations with the opportunity to simplify application delivery architectures without compromising on service breadth and depth.



Eliminate single points of failure

Application fault isolation

Context-aware

Elastic scale


Public, private and hybrid cloud

Availability services from F5 focus on eliminating single points of failure to reduce downtime and disruption. Network, application and organizational availability is critical to ensuring business continuity and access to the applications that enable today’s businesses. Availability services span data center and cloud-hosted applications, ensuring scale and reliability regardless of where applications or users are located.

Availability

Authoritative DNS

Cloud Bursting

CGNAT

Disaster RecoveryBusiness Continuity

Global Load Balancing

Intelligent EPC node selection

Global Server LB Global

Server LB

DNS Caching& Resolving

Load Balancing



Any device, any user, anywhere

Performance-related protocol support

Context-aware

Cloud or data center

Performance

AccelerationCachingOptimizationSPDY Gateway

Application OptimizationTraffic Shaping and QoS

Compression

Web Performance Optimization

Traffic Manageme

nt

Performance services for F5 focus on improving the end-user experience regardless of location or device. Performance services enhance mobile and web application responsiveness by supporting protocols like SPDY and TCP optimizations and by enabling applications to dynamically take advantage of compression and caching technologies.



Single Sign-on

Identity federation

Context-aware

Endpoint inspection and protection against fraud

Extensible andProgrammable

Any device, anywhere

Access &

Identity

Cloud Federation

Endpoint Inspection

Single Sign-OnAccess Control

SAML Federation

SSL VPN

Anti-MalwareWeb Access Management

Active Sync ProxySecure Web Gateway

Access & Identity services are critical to maintaining a positive security posture while enabling users to access applications from anywhere at anytime. F5 enables single-sign on and federation of application access across the data center and into the cloud, while maintaining the integrity of data through comprehensive endpoint inspective and anti-malware services.



Secures device, network and application

Protects critical infrastructure from disruptive attacks

Application-aware

Extends protection into the cloud


Security

DNSSECADF

Anti-Fraud

WAFDDoSSSL VPN

Anti-Phishing

DNS FirewallFirewall

SSL intelligenceSSL Inspection

Programmability

Security services are an integral component to the organization’s overall security strategy. F5 security services protect and mitigate threats at every layer of the network stack. From network DDoS to SYN floods to HTTP-focused attacks, F5 services are designed to provide comprehensive detection and defense against the growing volume of threats.

SSLInspection

LTE

Roam

in

g Au

thori

tati

ve

DN

S

Cloud Federation

Clo

ud

Bri

dgin

g

AccelerationMobile Optimization

Mobile App Management

SDN

VDIDiameter & Routing

Policy Enforcement

Cach

ing

Op

tim

izati

on

SPDY Gateway

CG

NA

T

Dis

aste

r Recovery

Bu

sin

ess

Con

tinu

ity

Endpoint Inspection

DNSSEC

Ap

p

Deliv

ery

Fir

ew

all

Anti-Fraud

DD

oS

Sin

gle

Sig

n-O

n

Access Control

SAML Federation

SSLVPN

Application Optimization

Traffic Shaping and QoS

Global Load BalancingM

DM

Mobile Acceleration

Anti-PhishingAnti-Malware

VAS Bursting Enrichment

DN

S Fire

wall

Qu

ota

Man

ag

em

en

t

ApplicationTraffic Control

ServiceChaining

Subscriber Traffic

Control Firewall

Compression

Web Performance

Optimization

SSLIntelligence

NfV

VO

LTE

Web Access Management

Activ

e S

yn

c

Pro

xy

Programmability

Traffi

c M

an

ag

em

en

t

Secure Web Gateway

Intelligent EPC node selection

Traffi

c M

an

ag

em

en

t

SAML Federation

Cloud Burstin

g

DNS Caching & Resolving

Web AppFirewall

Global Server Load Balancing

Application Services Portfolio


AvailabilitySecurity

Mobility

Gi Firewall

Intelligent Services Orchestration

Fabric Connectors

Module Connectors

Cloud Connectors

Orchestration Connectors


Single pane of glass

Rapid system andservice provisioning

Ecosystemenablement

BIG-IQ



•OpenStack, VMware─VCNS/VCO, Cisco/Insieme-ACI, third-party orchestrators

•REST API

Fabric Connectors

Module Connectors

Cloud Connectors

BIG-IQ



Ecosystemenablement


Fabric Connectors

Module Connectors

Cloud Connectors


BIG-IQ

•Multi-tenant•Elastic•Metered•Bare metal deployment



Ecosystemenablement


Fabric Connectors

Module Connectors

Cloud Connectors


BIG-IQ

•Security•Device•Cloud•ADC•MAM•And more



Ecosystemenablement

•Virtual editions─VMware, MSFT, XEN, KVM, and AWS

•Cloud bridging and health and performance monitoring─AWS, VMware, and extending to other cloud platforms


Fabric Connectors

Module Connectors

BIG-IQ


Cloud Connectors



Ecosystemenablement

DDoS

WAF

Public CloudHybrid CloudBIG-IP

BIG-IP

Data Center

DDoS

LTEAcceleration

SSO

Anti-fraud

LTE

Traffic

Management

SSLCentralized Management Platform

BIG - IQ

BIG - IQ

Traditional Enterprise

Perpetual

Subscriptions

New: Good, Better, Best

offerings


Public MSP Clouds

BYOL

Cloud Licensing Program

New: Utility

F5 Licensing: Good

BIG-IP Local Traffic Manager

Good Offering

Customer Needs:• Rapid deployment & optimization• Real-time analysis & load

balancing• SSL acceleration & offload• Easy protocol implementation

Target Customer:Organizations that require local intelligent traffic management to ensure application availability

• Load balancing and monitoring• Application Visibility and Monitoring• L7 intelligent traffic management• Core protocol optimization (HTTP, TCP,

SPDY, SSL)• SSL proxy and services• IPv6 support• Programmability (iRules, iCall, iControl,

iApps)• ScaleN: On demand, application &

operational scaling• AAM Core (Caching, Compression,

Bandwidth Controller, more)• APM Lite (User Authentication, SSL VPN

for 10 concurrent users)• SYN flood protection

F5 Licensing: Better


BIG-IP Global Traffic Manager

BIG-IP Application Acceleration Manager

BIG-IP Advanced Firewall Manager

Better Offering

Customer Needs:• Protect and optimize the data

center• Optimize application delivery• Ensure optimal application

availability and performance• Future-proof the business• Leverage the power of

integrated SDN services

Target Customer:Organizations that require network security and improved end user experience with local and global intelligent traffic management

• High-performance ICSA firewall• Network DDoS protection• Application-centric firewall

policies• Protocol anomaly detection

• Web performance optimization• WAN optimization (data

deduplication, FEC)• Mobile optimization (smart

client cache, image optimization)

• SaaS acceleration (reduce bandwidth usage & page load times)

• Global server load balancing• DNS services• Real-time DNSSEC solution• Global application high

availability• Geolocation• DNS DDoS attack protection

F5 Licensing: Best

Best Offering

Customer Needs:• Manage application access• Support BYOD initiatives• Accelerate remote access• Protect IP and minimize vulnerability

exposure• Free development resources to create

value

Target Customer:Organizations that require advanced access management and total web security in addition to network security with local and global intelligent traffic management

• PCI Compliant Web Application Firewall

• Web scraping prevention• Integrated XML firewall• Violation correlation &

incident grouping• Application DDoS

protection

• 500 concurrent users, scalable up to 200K

• BYOD enablement• Full Proxy for VDI (Citrix,

VMware)• Single sign-on

enhancements (Identity Federation with SAML 2.0)


BIG-IP Global Traffic Manager

BIG-IP Application Acceleration Manager

BIG-IP Advanced Firewall Manager

BIG-IP Application Security Manager

BIG-IP Access Policy Manager

F5 Synthesis

Offering BIG-IQ for the deployment

of application services, cloud orchestration, and ADC

management─one push button provisioning

and all necessary API management.

Providing capacity- and volume-based licensing,

software module mobility, and the unique bundling of application services.

Utilizing F5 ScaleN to provide the most scalable, high-density, high-performance fabric in the industry

to leave no application behind.


Simplified BusinessModels

High-PerformanceFabric

Performance Leadership

Reference Architectures

F5 in Every Cloud

Meet every performance requirement from Micro ADC 25 MB virtual editions to terabit-

sized chassis solutions.

Provide fully documented and tested business outcome

solutions for F5 customers to consume Synthesis.

F5 deployed and serviced in every cloud marketplace to ensure

consistent Synthesis application services deployment.

F5 Synthesis


F5 Synthesis Drives Shift to Software Defined Data Center


AvailabilitySecurityMobility

Traditional Environment

SOFTWARE-DEFINED

DATACENTER

ARCHITECTURE BECAME “FABRIC” WITH HIGH PROGRAMMABILITY AND SCALABILITY

IMPROVE COST EFFICIENCY

SILO APPROACH BY APPLICATIONS COST UN-EFFICIENCY NO PROGRAMMABILITY,

SCALABILITY


IntelligentServices Orchestration



• Single pane of glass• Rapid system and

service provisioning• Ecosystem enablement

• Elastic, multi-tenant platform, all-active

• Application services–aware• Performance leader• Extensible and programmable• Catalog of application services

• New licensing models• Easy to procure• Save by purchasing bundles

ReferenceArchitecturesSolving Customer Issues


Reference ArchitecturesDevice, Network, Applications

Bill of Materials • Solution diagram(s)• Architecture diagram(s)• Product map diagram(s)• Customer deck

• RA video overview• White paper(s)• Placemat leave-behind

© F5 Networks, Inc.

DDoS Protection

S/Gi Network

Simplification

Security for Service

Providers

Application Services

Migration to Cloud DevOps

LTE Roaming

Intelligent DNS Scale

Cloud Federation

CloudBursting

© F5 Networks, Inc.

Benefits of F5 Synthesis

DriveBusiness Value

• Improve application availability, reliability, recoverability, performance, security, and velocity

IncreaseIT Capabilities

• Common platform physical | virtual | cloud

• Moving from managing devices

to services

ReduceCosts

• Lower TCO• Consolidate user,

network, and application services

FutureProof

• Programmability and orchestration

• Open APIs, open standards

• Application awareness

50

F5 Synthesis Partner Ecosystem

/

Network/SDN System Integrators Cloud Security Orchestration

© F5 Networks, Inc. 51

Application

DevOps

devcentral.f5.com

facebook.com/f5networksinc

linkedin.com/companies/f5-networks

twitter.com/f5networks

youtube.com/f5networksinc

synthesis.f5.com

http://devcentral.f5.com/

http://www.facebook.com/f5networksinc

http://www.linkedin.com/company/f5-networks

http://twitter.com/f5networks

http://www.youtube.com/f5networksinc

Solutions for an Application World.

nilesh mistry field systems engineer [email protected] f5 synthesis

Documents

f5 synthesis slide

f5 mission slide

application awareness

services service

vcmp slide

saas slide

services api v1 api

f5 vision applications