f5 value for virtualization
TRANSCRIPT
F5 Value for Virtualization
Patricio Campos Olmedo
Territory Manager South Cone
F5 Networks www.f5.com
+562.431.5358 +1.206.501.2207
2
Delivering Applications is Complex
Availability
Security
Growth
End-userExperience
Efficiency
Application Architect
3
Application
How Do You Solve These Issues?Multiple Point Solutions
Network Administrator Application Developer
Add more infrastructure?
Hire an army of developers?
MoreBandwidth
4
The Infrastructure Must Be Agile
Business Drivers• Align IT to Business• Cost, ROI• Security, privacy, compliance• Workforce productivity• New applications / services• Consolidation• Shared resources• Managing change
Technology Drivers• Virtualization• Legacy application update• Unified networking/
communications• Web 2.0 • Green IT• Identity/access management• Mobile enablement
People and Budgets• Business and IT are not
optimized
5
A Shift Toward Innovation
Securing assets
Managing systems
Reducing costs
Developing new apps, services, SOA
Virtualization
Enabling interop
Maintaining legacy apps
Ensuring compliance
Driving people productivity
Enabling Mobility 80% 20%MAINTENANCE NEW INNOVATION
6
BIG-IP Local Traffic ManagerTurn your infrastructure into an agile application delivery network
• Scale the application infrastructure• Eliminate downtime• Improve application performance• Secure your applications and data• Increase server capacity, reduce bandwidth• Customize the delivery of the app for your needs
Users Applications
BIG-IP
7
It Starts with Load BalancingEnsure availability and plan for growth
TransactionAssurance
High PerformanceHardware
Dynamic LBMethods
Session Persistence
Application Health Monitoring
LTM load balances at the application level• Ensures the best resources are always selected• Has deep visibility into application health• Proactively inspects and responds to errors
Eliminate downtime and scale the application
8
Improve the End-User Experience
LTM improves the application performance• Optimize the connections and prioritize traffic• Reduce the amount of data sent, both to the
client and across the WAN
IntelligentCompression
TCP Express
WebAccelerator(add-on module) iSessions
9
Secure the Applications and Data
Security at Application, Protocol and Network Level• Meet compliance requirements (PCI, HPPIA, etc.)• Strong protection without interrupting legitimate traffic
Resource Cloaking and
Content Security
Network and Protocol Attack
Prevention
Application Security Manager
(add-on module)
Selective Encryption
“BIG-IP enabled us to improve security instead of having to invest time and money to develop a new more secure application”
Application MangerGlobal 5000 Media and Entertainment Company
TechValidate 0C0-126-2FB
10
Let Servers Serve
LTM offloads tasks from application servers• Reduce the number of servers required• Centralized SSL key management
One ConnectFast CacheSSL OffloadCompression
1/2 of BIG-IP owners have saved 20% or more on their total Capital Expenses with BIG-IP
Source: TechValidate Survey of F5 BIG-IP Users
11
Complete Control and Flexibility
Total Application Control• Complete payload inspection and transformation• Open API and SDK to integrate with infrastructure
iControl
iRules
64% of BIG-IP users said that they can respond more quickly to changing business needs after deploying F5 BIG-IP.
Source: TechValidate Survey of F5 BIG-IP Users
12
Unified System for Application Delivery
ApplicationsUsers
iRulesiRules
High Performance HardwareHigh Performance Hardware iControliControl
Full ProxyFull Proxy
ClientSide
ClientSide
Server Side
Server Side
Glo
bal T
raffi
c M
anag
er
Web
Acc
eler
ator
App
licat
ion
Sec
urity
WA
N D
eliv
ery
Ser
vice
s
F5’s TMOS Architecture
13
Specialized Hardware for App Delivery
Hardware designed specifically for Application Delivery• Industry’s best performance – up to 40 Gbps throughput• Hot-Swappable Components• Flexible deployment options – FIPS, NEBS, DC power• Always-on Management• Hardware SSL offload
14
BIG-IP Hardware Line-up
BIG-IP 3600
Dual core CPU8 10/100/1000 + 2x 1GB SFP1x 160 GB HD + 8GB CF4 GB memorySSL @ 10K TPS / 2 Gb bulk1 Gbps max software compression
2 Gbps L7 Traffic
BIG-IP 8900
BIG-IP 1600
Dual core CPU4 10/100/1000 + 2x 1GB SFP1x 160GB HD4 GB memorySSL @ 5K TPS / 1 Gb Bulk1 Gbps max software compression
1 Gbps L7 Traffic
2 x Dual core CPU16 10/100/1000 + 8x 1GB SFP2x 320 GB HD (S/W RAID) + 8GB CF8 GB memorySSL @ 25K TPS / 4 Gb bulk5 Gbps max hardware compression
6 Gbps L7 Traffic
BIG-IP 69002 x Quad core CPU16 10/100/1000 + 8x 1GB SFP2x 320 GB HD (S/W RAID) + 8GB CF16 GB memorySSL @ 58K TPS / 9.6Gb bulk8 Gbps max hardware compression
12 Gbps L7 TrafficBIG-IP 3900
Quad core CPU8 10/100/1000 + 4x 1GB SFP1x 300 GB HD + 8GB CF8 GB memorySSL @ 15K TPS / 3.8 Gb bulk3.8 Gbps max software compression
4 Gbps L7 Traffic
15
Platform Performance for LTM
BIG-IP 1600
BIG-IP 3600
BIG-IP 3900
BIG-IP 6900
BIG-IP 8900
VIPRIONWith 4 blades
Max. throughput 1 Gbps 2 Gbps 4 Gbps 6 Gbps 12 Gbps 40 Gbps
Layer 4 Connections/sec
60,000 115,000 175,000 220,000 400,000 1 Million
Layer 7 Requests/sec (inf-inf)
100,000 135,000 400,000 600,000 1,200,000 3,200,000
Max. conc. conn. 4 Million 4 Million 8 Million 8 Million 16 Million 32 Million
Max. SSL TPS 5,000 10,000 15,000 25,000 58,000 200,000
Max. SSL Bulk 1 Gbps 1.5 Gbps 3.8 Gbps 4 Gbps 9.6 Gbps 36 Gbps
Max. SSL conc. conn. 1 Million 1 Million 1 Million 2 Million 4 Million 8 Million
Max. compression 1 Gbps 1 Gbps 3.8 Gbps 5 Gbps 8 Gbps 16 Gbps
Switch backplane 14 Gbps 24 Gbps 34 Gbps 68 Gbps 112 Gbps 368 Gbps
16
Connect with 40,000 ADC ExpertsAt DevCentral
• Blogs
• Multimedia
• iRules and iControl samples
• Forums
• Tutorials
• Tools
http://devcentral.f5.com
17
Magic Quadrant for Application Delivery Controllers, 2009
Leadership Position
F5 Networks - Strengths• F5 Networks has a broad and comprehensive
vision with industry-leading understanding of the needs of application development, deployment and management.
• The vendor has a comprehensive feature set with a full range of extensibility delivered through iRules and iControl, and integration with popular integrated development environments (IDEs), such as Eclipse and .NET/Visual Basic.
• F5 has developed a very large community of committed users (using F5's DevCentral portal) that helps fuel the use of iRules to solve unique data center application challenges, creating a loyal and engaged user base.
• F5 has a solid financial position and continued market-leading position.
SOURCE: Gartner, Inc.
18
BIG-IP Local Traffic ManagerTurn your infrastructure into an agile application delivery network
• Scale the application infrastructure• Eliminate downtime• Improve application performance• Secure your applications and data• Increase server capacity, reduce bandwidth• Customize the delivery of the app for your needs
Users Applications
BIG-IP
Overview of F5 Value for VMware Deployments
20
F5 & VMware
• F5 & VMware are active partners
• Interoperability & Performance Testing– vSphere, vCenter, AppSpeed, SRM, View, etc.
• Joint Deployment Guides
• Future joint development plans in progress
• Dedicated alliance teams
21
Virtualization Challenges& How F5 can help
22
Virtualization Drivers and Barriers
22
• Cost Savings• IT Agility• IT Efficiency• Consolidation
CommonVirtualization Drivers = CIO Objectives
23
Virtualization Drivers and Barriers
23
CommonVirtualization Drivers = CIO Objectives
• Performance• Availability• Management• Integration
Common Virtualization Barriers = Real World Challenges
• Cost Savings• IT Agility• IT Efficiency• Consolidation
24
Virtualization Drivers and Barriers
• Performance• Availability• Management• Integration
COMMON RISKS • Inability to Meet SLAs• User Complaints• Application Downtime• Over Budget
• Cost Savings• IT Agility• IT Efficiency• Consolidation
IMPACT to the
Business
CommonVirtualization Drivers = CIO Objectives
Common Virtualization Barriers = Real World Challenges
25
Common App Challenges in a Virtualized Environment
• Application awarenessServer Virtualization focuses on virtual hardware, not apps
• Shared hardware resourcesHas the greatest impact on the apps, unpredictable
• Network integrationNetwork is hard-wired, but apps are mobile & agile
26
Underlying Customer Challenges
• Seamless access to new VMs as they come online
• Application performance on par with dedicated servers
• Simplified network config. management between
physical, virtual, and app networks
• Transparent application traffic flow during VM migrations
Key Performance Objectives• SLAs/uptime• Efficient use of IT resources• Application availability metrics
27
Overview of F5 Value Propositionfor VMware Virtualized Infrastructure
28
IT Challenges F5 Capabilities F5 Products
F5 Value for Virtualization
• Seamless and secure access to VMs as they come online
• Application performance and availability on par with physical servers
• Lower use of virtualized disk, memory, CPU resources
• Enforce IT security and access policies for applications
• More VMs per physical server due to reduced resource utilization
• Server life extension
• Application-specific templates for security and optimization
• Connection management, network and WAN optimization
• LTM
• GTM
• ASM
• APM
29
IT Challenges F5 Capabilities F5 Products
F5 Value for Virtualization
• Simplified network configuration and management
• Integrated single-point management with VMware vCenter and Microsoft System Center
• Bi-directional configuration and sharing of information between the virtual platforms and BIG-IP
• Route domains, Overlapping IPs
• Brings network intelligence to virtual platforms
• Tiered storage to manage VM sprawl
• LTM
• iControl
• ARX
30
IT Challenges F5 Capabilities F5 Products
F5 Value for Virtualization
• Transparent application traffic flow during VM migration
• Enhanced user experience
• Application traffic follows VM migrations, even between data centers or to the cloud
- Without downtime
- Without user disruption
- Accelerated data transmission
- Disaster Avoidance
- Capacity expansion
- Changeover between cloud providers
• LTM
• GTM
31
Real Results: F5 and Virtual Deployments
• 88% of F5 customers improved VM density between 10% and 40% on a typical server with F5
• “We eliminated over 100 IP addresses from the host layer of our internet facing servers because of virtualization and the ability for of the F5 hardware to handle SSL and compression.”
• “Using F5 BIG-IP and VMware we have been able to consolidate…physical servers, allowing us to reduce power consumption and heat generation.”
Tech Validated Survey Results – August 2009
32
Performance & Availability
Caching
SSL Offload
Compression
De-duplication
TCP Optimization
Rate Shaping
Security
Advanced Load Balancing
Advanced Persistence
Performance & Availability
Caching
SSL Offload
Compression
De-duplicationSecurity
Advanced Load Balancing
Advanced Persistence
OverviewF5 Value-Add for VMware Deployments
vCenter
SRM
View 3.0
vSphere 4.0
View 3.0
View 3.0
vSphere 4.0
vSphere 4.0
AppSpeed
vSphere 4.0
vSphere 4.0
vSphere 4.0vSphere
4.0
vSphere 4.0
SRM
View 3.0
vSphere 4.0
View 3.0
View 3.0
View 3.0
SRM
View 3.0
33
Server Virtualization & F5
34
Performance, Availability, Security
• BIG-IP is equally important to virtual application clusters as it is to physical application clusters.– Load balancing– Traffic Management– Traffic Optimization– Acceleration– Security
• Important for:– ESX/vSphere– View VDM Servers
35
Efficiency Purpose-Built ASICs
General Purpose CPU
Speed Serves from Cache
Serves from CPU/Disk
For Many Transactions, BIG-IP is more Efficient than the Server
36
Use of Server Offload Yields Higher VM Density
http://www.techvalidate.com/product-research/f5-big-ip/facts/975-FFD-F8D
Before After
37
Example: Reduced CPU Utilization on SAP Portal
Joint testing conducted at SAP Co-Innovation Lab
68%
38%
38
Integration for Automation
1. BIG-IP Local Traffic Manager and VMware vCenter are integrated for automatic provisioning of local virtual machines on demand.
• Respond instantly to changes in traffic volume
• Provision to mean rather than peak
• Reduce manual labor
2. BIG-IP Global Traffic Manager and VMware SRM are integrated to enable failover between sites.
• When SRM fails over from site-A to site-B, it can instruct GTM to redirect application traffic automatically and instantly to site-B.
• Zero application downtime
39
Web Clients
FrontEnd
AppServers Virtualization
App. Server App. Server App. Server
Storage Virtualization
Frontends VirtualizationBIG-IP LTM
BIG-IP LTM
FrontEnd FrontEnd
Web Clients
iControl
iControl
Mon
itori
ng &
Manag
em
ent
vCenter
+
AppSpeed
(optional)
Demand ↑ ↑ ↑
F5 Provision
Detection
Automation
VM Provision
Demand ↓ ↓ ↓
VM Deprovision
Detection
Automation
F5 Deprovision
Illustration: LTM & vCenter Integration
40
Illustration: GTM & SRM Integration
SRM Failover
Ongoing Replication
(a) GTM Health checks reveal unhealthy site 1. GTM self-executes a redirection to site 2.
(b) SRM instructs GTM via iControl to failover to site 2
Site 1 Site 2
41
WAN Acceleration for VMwarevMotion, Storage vMotion & View
• Overcome latency, packet loss and low bandwidth• BIG-IP iSessions™
– Free feature of LTM, no additional boxes required
– Compression, Optimization
• WAN Optimization Module – Add-on Module for LTM– Accelerates VMware View remote desktop traffic on average 12:1– Can accelerate vMotion up to 25:1– Improved user experience over any link– Acceptable connections over weak links– Compression, Optimization, De-duplication
44
Desktop Virtualization & F5
45
LTM Offload from View Manager Servers
View Manager load grows over time
But LTM can improve View Manager Server Efficiency, Resulting in fewer servers needed and better performance
46
LTM Acceleration of RDP Traffic
LTM can also accelerate RDP traffic up to 12:1 using its WAN Optimization Module
Encrypted, Accelerated, Deduplicated Tunnel
47
VDI/View Deployment Wizard
50
Cloud Computing & F5
51
Global Traffic Management for the Cloud
• The combination of BIG-IP Global Traffic Manager and Local Traffic Manager enables VMware vMotion of live applications between data centers, or to the cloud.– Without downtime– Without user disruption– Accelerated data transmission– Disaster Avoidance– Capacity expansion– Changeover between
cloud providersiSession tunnel
Live Demo Here
52
On-Demand Scalability in the Cloud
LAN
Internal Cloud External Cloud
On-DemandScaleability
Scale-up by simply plugging in a new blade.
Zero configuration
On-Premise Servers
53
Dynamic & Intelligent Traffic Management between Cloud & DC
Enterprise Manager
Firewalls
BIG-IPGlobal Traffic Manager
DatabaseServers
BladeServers
HQ Site 1
BIG-IPLocal Traffic Manager
BIG-IPLink Controller
DMZ
Enterprise Manager
Firewalls
BIG-IP Global Traffic Manager
DatabaseServers
BladeServers
BIG-IPLocalTraffic
Manager
FirePass
BIG-IPLink Controller
DMZ
BranchOffice
FirePass
Remote User
Site 2
BIG-IP SAM
Internet or WANInternet or WAN
Dynamically load balance between data centers based on application availability, time of day, etc. Take into account all tiers of the application
54
Symmetric Compression• Adaptive• Deflate• LZO
SSL Encryption
Integrated and free with BIG-IP LTM v10
Note: Not available on the 1500 and 3400
Secure & Optimized Tunnel between Cloud & DC“BIG-IP iSessions”