DEVELOPMENT, ADVANCED
Leslie Wong Client Manager, F5 Networks
SINGAPORE
F5 optimizations
for the Microsoft
platform
F5 and Microsoft
10-year Global partnership
Solution development across
products and technologies
Joint investment, shared
thought leadership and
strategic planning
F5 training for Microsoft
technical field, services and
support teams Windows
SSTP RDS /Terminal Services
IIS/ASP.NET
Availability | Reliability | Scalability | Security | Visibility | Manageability
System Center
Dynamics SharePoint Exchange
Lync Forefront
Globally managed technology partner since 2001
One of 60 MTC Alliance partners
MPSC Alliance partner with office and lab in Redmond
Founding member of System Center Alliance
F5 & Microsoft technologies
together
Application delivery networking
Server Virtualization
Management integration
Efficiency & Agility Costs
Reliability & Availability
Visibility & Control Costs
Risk
Architected for Integration iControl for Application Integration
F5 Products
TMOS Operating System
Shared Application Services
Shared Network Services
Application
Optimization
Application
Security
Application
Availability
F5’s Dynamic Control Plane Architecture
Users
Resources
Physical Virtual Multi-Site DCs
Private Public
Cloud
Availability
•Scale
•HA / DR
•Bursting
•Load-Balancing
Optimization
•Network
•Application
•Storage
•Offload
Security
•Network
•Application
•Data
•Access
Management
• Integration
• Visibility
• Orchestration
Ap
plic
atio
n a
nd
Dat
a D
eliv
ery
Net
wo
rk
Application delivery
Acceleration • TCP • Caching • Compression
Availability
• Intelligent health monitoring and load-balancing • Horizontal scaling • SSL offloading • Security operation offloading • Cross-site load-balancing and resilience
Security • Application layer protection • SPAM
Manageability • Templates that reduce deployment times • Fully extensible platform • System Center integration • Dynamic computing
F5 devices manage traffic within the context of the applications
running on the network, optimizing user experience and
providing visibility and control to IT.
BIG-IP Hardware Line-up
Dual core CPU 4 10/100/1000 + 2x 1Gb SFP 1x 160GB HD 4 GB memory SSL @ 5K TPS / 1 Gb Bulk 1 Gbps max software compression
1 Gbps Traffic
BIG-IP 3600
Dual core CPU 8 10/100/1000 + 2x 1Gb SFP 1x 160 GB HD + 8GB CF 4 GB memory SSL @ 10K TPS / 2 Gb bulk 1 Gbps max software compression
2 Gbps Traffic
BIG-IP 8900
BIG-IP 1600
2 x Dual core CPU 16 10/100/1000 + 8x 1Gb SFP 2x 320 GB HD (S/W RAID) + 8GB CF 8 GB memory SSL @ 25K TPS / 4 Gb bulk 5 Gbps max hardware compression
6 Gbps Traffic
BIG-IP 6900 2 x Quad core CPU 16 10/100/1000 + 8x 1Gb SFP + 2x 10Gb SFP+ 2x 320 GB HD (S/W RAID) + 8GB CF 16 GB memory SSL @ 58K TPS / 9.6Gb bulk 8 Gbps max hardware compression
12 Gbps Traffic
BIG-IP 3900
Quad core CPU 8 10/100/1000 + 4x 1Gb SFP 1x 300 GB HD + 8GB CF 8 GB memory SSL @ 15K TPS / 3.8 Gb bulk 3.8 Gbps max software compression
4 Gbps Traffic
BIG-IP 8950
2 x Quad core CPU 16 10/100/1000 + 8x 1GB SFP + 2x 10Gb SFP+ 2x 320 GB HD (S/W RAID) + 8GB CF ? 16 GB memory SSL @ 56K TPS / 9.6Gb bulk 8 Gbps max software compression
20 Gbps Traffic
BIG-IP 11050
2 x Hex core CPU 16 10/100/1000 + 8x 10 SFP+ 10Gbps 2x 320 GB HD (S/W RAID) + 8GB CF 32 GB memory SSL @ 100K TPS / 15Gb bulk 12 Gbps max software compression
40 Gbps Traffic
F5 Solution for P to V server application
migration
Common Virtualization Drivers
& Barriers
• Performance • Availability • Management • Integration
Risks • Missed ROI/Savings • Missed Agility/Speed • SLA impact • Over Budget
• Cost Savings • IT Agility / Speed • IT Efficiency
IMPACT to the
Business
Drivers CIO Objectives
Barriers Real World Challenges
Server Virtualization & F5
Windows Server Hyper-V
Improving VM Density
Typical virtualized server
SSL Caching Compression One Connect TCP Optimization
Offlo
ad
Same server with BIG-IP
Server Consolidation
How it works
1
2
3
4
5 Repeat for all physical servers
Microsoft and F5 technologies
Windows Server 2008 R2
Hyper-V
System Center – Operations Manager
– Virtual Machine Manager
Windows PowerShell
• BIG-IP Local Traffic
Manager (LTM)
• F5 Management Packs for
System Center
– F5 Management Pack for
Operations Manager
– F5 PRO-enabled
Management Pack for
Virtual Machine Manager
– F5 Live Migration Pack
– F5 Application Designer
Packs for SharePoint
Resources Video demo
– http://www.f5.com/news-press-events/web-media/webcasts/server-virtualization-f5-microsoft.html
F5 Managements Packs on DevCentral – http://devcentral.f5.com/mpack
Online community for Microsoft-F5 solutions – http://devcentral.f5.com/microsoft
Microsoft – Windows Server and Hyper-V
• http://www.microsoft.com/windowsserver • http://www.microsoft.com/virtualization
– System Center • http://www.microsoft.com/systemcenter
F5 solution for Microsoft SharePoint
SharePoint
SharePoint is a business collaboration platform that can be deployed with specific roles in these areas: Web portals and Web content management Business Intelligence and Analysis Collaboration Document management Enterprise Search Custom .NET Web application development F5 supports each of these server capabilities, providing performance, availability and security enhancements over the network and seamless to the application.
SharePoint Momentum
17K+ Customers, 100M Licenses
Leader in Gartner® Magic Quadrants, Forrester WaveTM
Continued Platform and Application Innovation
“SharePoint is the fastest-growing product in Microsoft’s history... And this is just the beginning: SharePoint continues to grow as customers are just beginning to apply it to a wide array of business issues and processes.” - AMR RESEARCH, APRIL 22, 2008
4,000+ Partners Today across Collaboration, Content Management and Search
SharePoint topology with BIG-IP
External
DMZ
Internal
Front end servers Application servers
Database Active Directory
Local Traffic Manager Web Accelerator
Global Traffic Manager Application Security Manager Edge Gateway
1
2
1
2
Session agenda
Application health and availability
Site-level health and
disaster recovery
Application layer security
and device access
Session agenda
Application health and availability
Site-level health and
disaster recovery
Application layer security
and device access
Considerations for availability
Increased SharePoint server availability =
– More productive users
– More efficient use of application computing resources
– Enhanced visibility for IT
BIG-IP LTM (Local Traffic Manager)
Session agenda
Application health and availability
Site-level health and
disaster recovery
Application layer security
and device access
Site level health
BIG-IP Global Traffic Manager (GTM)
– Starts with good server level health within 1 site
– Includes external link health
– Disaster Recovery and Active/Active
Site A
Users
Site B
Global Traffic Manager
Considerations for availability
• Site level health opens the door to service resilience
• Cross-site load-balancing increases infrastructure
ROI
• Flexible and powerful deployment options
• Best in class integration of geolocation
BIG-IP GTM (Global Traffic Manager)
Session agenda
Application health and availability
Site-level health and
disaster recovery
Application layer security
and device access
Mobile and Remote Users Growing
Dramatically
IDC Research 2010
Considerations for acceleration
Application delivery (ADC) benefits start with asymmetric deployment WA improves end user experience for repeat
visitors by eliminating network chatter Best in class caching
– Intelligent Browser Referencing (IBR) is unique
WOM reduces file load time by 95% Explore Windows Server 2008 R2 BranchCache to
reduce bandwidth use
BIG-IP WA (Web Accelerator Module)
Considerations for application
access
Next generation remote access solution
• Converged security and acceleration services platform
Optimize access for mobile users and remote offices
BIG-IP EG (Edge Gateway)
• New BIG-IP Solution for the Network Edge
– Includes new BIG-IP Edge Client solution
– Up to 8 Gbps, 600 log-ins per second, 40,000 users
– Mobile devices, notebooks, PCs supported
– Redirect for mobile users (SharePoint Mobile View)
Edge Portal
Unified and Optimized Access to the Data Center
DMZ
Utilize existing user directories
Datacenter Resouces
BIG-IP Edge Gateway
• One solution to manage all access policies regardless of access network
• Capacity and performance to secure all user traffic
• Optimizes application delivery to remote and mobile users
• Improves quality of real-time applications; soft phones and streaming media
Internet www.abc.com
Extranet Extranet.abc.com
Intranet //abc
New BIG-IP Edge Client Flexible deployment:
– Mac, Windows, iPhone, iPad
Security
– End-point security
– Protected workspace
Mobility
– Smart Connection roaming
– Uninterrupted application sessions
Acceleration
– Dynamic compression
– Client-side cache
– Client-side QoS
FREE
Unified Access to SharePoint
Competitor SSL VPN = 211s = 47s
BIG-IP Edge Gateway = 114s = 16s
Twice as Fast User Downloads
Test includes a user logging onto VPN, navigating through SharePoint content, and downloading a 4 MB document
First Time Repeat
Considerations for application
layer security
SC Magazine's 2010 Reader Trust Award for Best Web Application Security solution
BIG-IP ASM (Application Security Module)
• Security or performance? Fastest layer 7 (application layer) security product
• Compliance regulations PCI DSS, SOX, Basel II, HIPAA compliance
• New malicious behavior Built-in security policy for SharePoint
• Beyond HTTP protection ICSA Web Application Firewall Certification
Application health and availability
Site-level health and disaster recovery
Application layer security and device access
One solution for access policy
management
Secure access for remote and
mobile users
Highest availability of SharePoint for all types of devices
Resources
F5 Networks – Solution page for SharePoint Server 2010
• Solution Overview | Solution Guide | Deployment Guide
– F5 Management Pack on DevCentral – Microsoft community on DevCentral
• http://devcentral.f5.com/microsoft
– Free 90-day trial of BIG-IP VE
Microsoft – SharePoint Web site @ http://sharepoint.microsoft.com – IT Admin Related Content @
http://technet.microsoft.com/en-us/sharepoint – Developer Related Content @
http://msdn.microsoft.com/en-us/sharepoint/
B
A
F
E
D
C
F5 solution for Microsoft Exchange
What does F5 have to do with
Exchange? Exchange 2010 Client Access Servers (CAS)
need load balancing
Customers need to choose software or
hardware load balancing
Exchange 2010 Architecture
External SMTP
servers
Edge Transport Routing and AV/AS
Phone system (PBX or VoIP)
Client Access Client connectivity
Web services
Hub Transport Routing and policy
Web browser
Outlook (remote user)
Mobile phone
Outlook (local user)
Line of business application
Mailbox Storage of mailbox
items
Unified Messaging Voice mail and
voice access
BIG-IP
Software or hardware load
balancing? Answering “yes” to any of these indicates a key reason for hardware load balancing Yes No
1 Will there be a reverse proxy or NAT between users and Exchange servers?
2 Will you deploy Outlook Anywhere, Active/Sync mobile and web clients?
3 Will you deploy multi-role servers (Mailbox and CAS on the same server?)
4 Do you need continuous Exchange availability during CAS server maintenance?
5 Do you need Exchange service health awareness (not merely server health)?
6 Will you use client IP addresses from a small number of Class C subnets?
7 Will you deploy more than 8 CAS servers?
Load balancing guidance from
TechNet
http://technet.microsoft.com/en-us/library/ff625247.aspx
View the Microsoft presentation
http://www.msteched.com/2010/Europe/UNC311 Skip to 47:48 in this video presentation
Microsoft guidance summarized
Microsoft recommends load balancing
Customers can choose software or hardware based load balancing
It is crucial to clearly understand the implications of Windows NLB limits
After the first year in market, Microsoft voice concerns over using Windows NLB for Exchange
Windows NLB limits
IP affinity only works if reverse proxy/NAT is not used and “tends” to group all class C IP subnet addresses on one CAS server
Performance limit due to broadcast flooding of internal CAS network
Add/remove node causes a re-connect of all active connections
Cannot be used with MCS Server aware, not service aware. Requires manual
detection and intervention Maximum 8 CAS servers
The F5 Solution for Exchange
Server 2010 Prevent these pains
– Dropped sessions re-authentication, reconnection
– Failed network connections retries, delay
– Slow response trapped users
These capabilities
– Health monitoring and intelligent load-balancing
– Client persistence
– Server off-load
– Availability of servers, arrays and sites
Pages 59 and 70
Use hardware load balancers to publish Client Access servers Microsoft IT capitalizes on a single load-balancing infrastructure to provide load balancing for both internal and external access to Client Access server resources. This ensures a uniform load across the Client Access servers and a single point of security control.
NLB and Hardware-Based Load
Balancing…
For Exchange 2010, the choice is clear…
Which way to go?...
Microsoft internal Exchange design: http://technet.microsoft.com/en-us/library/ff829232.aspx
TechNet guidance for high-availability: http://technet.microsoft.com/en-us/library/ff625247.aspx
The F5 Solution for Exchange
Server 2010
User - Client to CAS server
Mail - Mail flow through Edge Farms
Availability Performance Security Configuration
• Intelligent load balancing
• Server and site level
health monitoring
• SSL offload
• Cross-site resilience
• Robust persistence
• Server optimization
• Caching and compression for Web clients
• Reduced bandwidth use
• Bi-directional proxy
• AuthN/AuthZ from the perimeter
• Protection against application layer attacks
• SPAM filter
• Application template for error-free, fast configuration
• DevCentral online user community
• Integration with systems management
Configuration - we have a template for that
Customer testimonial
Arthur Braune Manager of Information Technology Sysmex America
A
D
B
C
Summary
Highest availability
Dramatically increase server capacity
Cross-site availability and resilience
Pre-authenticate users in the perimeter network
Seamless integration with systems management
Exchange related resources
F5 Solution page for Exchange Server – http://www.f5.com/solutions/microsoft/exchange
Video demo of BIG-IP deployment for Exchange Server 2010 – http://www.vimeo.com/album/1537190
F5 Deployment Guide for Exchange Server 2010 – http://www.f5.com/pdf/deployment-guides/f5-exchange-2010-dg.pdf
F5 developer/IT admin user community – http://devcentral.f5.com/microsoft
Microsoft Exchange Tested Solution with F5 – http://technet.microsoft.com/en-us/library/gg513522.aspx
Technical white paper by Microsoft on their internal deployment – http://download.microsoft.com/download/8/5/D/85D61478-8719-4219-96BA-
E5C53DD4F436/0941_ExchangeServer2010ArchitectureTWP.docx
Load-balancing requirements from TechNet – http://technet.microsoft.com/en-us/library/ff625247.aspx
Thank You