nilesh mistry field systems engineer [email protected] f5 synthesis
TRANSCRIPT
© F5 Networks, Inc 2
Mobility
SDDC/Cloud
Advanced threats
Internet ofThings
“Software defined”everything
HTTP is the new TCP
Technology Shifts Are Creating Challenges and Opportunities
© F5 Networks, Inc 3
Impact on Data Center Architecture: Applications
MICRO-ARCHITECTURES
Each service is isolated and requires its own:• Load balancing• Authentication / authorization • Security • Layer 7 Services • May be API-based, expanding services required
API DOMINANCE
Proxies are used in emerging API-centric architectures for:• API versioning • Client-based steering • API Load balancing • Metering & billing • API key management
More applications needing services
Service A Service C
Service B Service D
More intelligence needed in services
API v1
API v2
© F5 Networks, Inc 4
Impact on Data Center Architecture: Network
SOLUTION SPRAWL
Increasing threats and client platforms result in need for:• Mobile device management • Mobile access management • Mobile security• DDoS • Application layer threats• Malware
OPERATIONAL INCONSISTENCY
Introduction of off-premise cloud solutions without architectural parity results in:
• Inconsistent enforcement of business and operational policies
• Unpredictable application performance and security
• Increased OpEx as new management paradigms are introduced
SaaS
© F5 Networks, Inc 5
Deliver the most secure, fast,and reliable applications to anyone anywhere at any
time.
F5 MISSION
© F5 Networks, Inc 6
The Evolution of F5
Broadened Application Services• Security• Mobility/LTE• Domain Name Services
Cloud Ready• Hypervisor/Cloud ubiquity• Multi-tenancy, all-active • Identity access management
Application Delivery Controller• Traffic management• Optimization• Acceleration
1
2
3
© F5 Networks, Inc 7
Agile Development
Application Environment
Failed to Address:Rapid deployment─network and operations velocity
Driver:Speed, customer-driven, and quality of app development
© F5 Networks, Inc 8
Cloud and DevOps
Failed to Address:Cloud SLA and controlprivate network agility
Driver:Accelerate time to market
Application Environment
Agile Development
Failed to Address:Rapid deployment─network and operations velocity
Driver:Speed, customer-driven, and quality of app development
© F5 Networks, Inc 9
SDN and Private Cloud
Driver:Software defined data centers
Cloud and DevOps
Application Environment
Failed to Address:Cloud SLA and controlprivate network agility
Driver:Accelerate time to market
Agile Development
Failed to Address:Rapid deployment─network and operations velocity
Driver:Speed, customer-driven, and quality of app development
Failed to Address:L4–7 device sprawl and application awareness
© F5 Networks, Inc 10
F5 VISION
Applicationswithout constraints
The Time Is Right
SDN and Private Cloud
Driver:Software Defined Data Centers
Cloud and DevOps
Failed to Address:Cloud SLA and controlprivate network agility
Driver:Accelerate time to market
Agile Development
Failed to Address:Rapid deployment─network and operations velocity
Driver:Speed, customer-driven, and quality of app development
Failed to Address:L4–7 device sprawl and application awareness
© F5 Networks, Inc 11© F5 Networks, Inc. 11
© F5 Networks, Inc 12
Software Defined Application Services
4
The Evolution of F5
Application Delivery Controller
1
Broadened Application Services
2
Cloud Ready3
© F5 Networks, Inc. 12
© F5 Networks, Inc 13
Software Defined Application Services Elements
IntelligentServices Orchestration
High-Performance Services Fabric
Simplified Business Models
High Performance Services Fabric
High-Performance Services Fabric
Network [Physical • Overlay • SDN]
Virtual Edition Chassis Appliance
High-Performance Services Fabric
Elastic, multi-tenant platform
All-active
Application-aware
On-Demand Scaling All-Active Clustering Multi-Tenancy
ScaleN
TMOS TMOS TMOS TMOS
Network [Physical • Overlay • SDN]
High-Performance Services Fabric
Elastic, multi-tenant platform
All-active
Application-aware
Performance leader
Throughput
20Tbps Connections
per second
320M
Concurrentconnections
9.2BMulti-tenant
instances per device
80*
Device serviceclusters
32
Network [Physical • Overlay • SDN]*40K when combining admin instances with vCMP
Elastic, multi-tenant platform
All-active
Application-aware
Performance leader
Extensible andprogrammable
High-Performance Services Fabric
Network [Physical • Overlay • SDN]
Virtual Edition Chassis Appliance
Data Plane
Programmability
Control Plane Management Plane
High-Performance Services Fabric
PerformanceIdentity & Access
AvailabilitySecurity
Mobility
Elastic, multi-tenant platform
All-active
Application-aware
Performance leader
Extensible andprogrammable
Catalog of application services
Network [Physical • Overlay • SDN]
Virtual Edition Chassis Appliance
Data Plane
Programmability
Control Plane Management Plane
“Leave No Application Behind”
© F5 Networks, Inc 21
DDoS WAF SSL LTE
1000Average number of
applications deployed within an
enterprise
Applicationsrequire services
Acceleration
© F5 Networks, Inc 22
The selected few
© F5 Networks, Inc 23
BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP
© F5 Networks, Inc 24
High-PerformanceFabric
Application Services
BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP
Software Defined Application Services
© F5 Networks, Inc 26
Software Defined Application Services
Service Provider and Enterprise
Device, Network and Applications
Performance and Scale
Extensible andprogrammable
Automation and Orchestration
F5 Software Defined Application Services (SDAS) are a rich set of services that address the delivery challenges faced by businesses today. Built and deployed atop extensible F5 platforms, SDAS are all application and context-aware, highly scalable, and programmatic.
Provisioned and managed within the F5 Synthesis architecture through BIG-IQ, SDAS provides organizations with the opportunity to simplify application delivery architectures without compromising on service breadth and depth.
© F5 Networks, Inc 27
Software Defined Application Services
Eliminate single points of failure
Application fault isolation
Context-aware
Elastic scale
Extensible andprogrammable
Public, private and hybrid cloud
Availability services from F5 focus on eliminating single points of failure to reduce downtime and disruption. Network, application and organizational availability is critical to ensuring business continuity and access to the applications that enable today’s businesses. Availability services span data center and cloud-hosted applications, ensuring scale and reliability regardless of where applications or users are located.
Availability
Authoritative DNS
Cloud Bursting
CGNAT
Disaster RecoveryBusiness Continuity
Global Load Balancing
Intelligent EPC node selection
Global Server LB Global
Server LB
DNS Caching& Resolving
Load Balancing
© F5 Networks, Inc 28
Software Defined Application Services
Any device, any user, anywhere
Performance-related protocol support
Context-aware
Cloud or data center
Performance
AccelerationCachingOptimizationSPDY Gateway
Application OptimizationTraffic Shaping and QoS
Compression
Web Performance Optimization
Traffic Manageme
nt
Performance services for F5 focus on improving the end-user experience regardless of location or device. Performance services enhance mobile and web application responsiveness by supporting protocols like SPDY and TCP optimizations and by enabling applications to dynamically take advantage of compression and caching technologies.
© F5 Networks, Inc 29
Software Defined Application Services
Single Sign-on
Identity federation
Context-aware
Endpoint inspection and protection against fraud
Extensible andProgrammable
Any device, anywhere
Access &
Identity
Cloud Federation
Endpoint Inspection
Single Sign-OnAccess Control
SAML Federation
SSL VPN
Anti-MalwareWeb Access Management
Active Sync ProxySecure Web Gateway
Access & Identity services are critical to maintaining a positive security posture while enabling users to access applications from anywhere at anytime. F5 enables single-sign on and federation of application access across the data center and into the cloud, while maintaining the integrity of data through comprehensive endpoint inspective and anti-malware services.
© F5 Networks, Inc 30
Software Defined Application Services
Secures device, network and application
Protects critical infrastructure from disruptive attacks
Application-aware
Extends protection into the cloud
Extensible andprogrammable
Security
DNSSECADF
Anti-Fraud
WAFDDoSSSL VPN
Anti-Phishing
DNS FirewallFirewall
SSL intelligenceSSL Inspection
Programmability
Security services are an integral component to the organization’s overall security strategy. F5 security services protect and mitigate threats at every layer of the network stack. From network DDoS to SYN floods to HTTP-focused attacks, F5 services are designed to provide comprehensive detection and defense against the growing volume of threats.
SSLInspection
LTE
Roam
in
g Au
thori
tati
ve
DN
S
Cloud Federation
Clo
ud
Bri
dgin
g
AccelerationMobile Optimization
Mobile App Management
SDN
VDIDiameter & Routing
Policy Enforcement
Cach
ing
Op
tim
izati
on
SPDY Gateway
CG
NA
T
Dis
aste
r Recovery
Bu
sin
ess
Con
tinu
ity
Endpoint Inspection
DNSSEC
Ap
p
Deliv
ery
Fir
ew
all
Anti-Fraud
DD
oS
Sin
gle
Sig
n-O
n
Access Control
SAML Federation
SSLVPN
Application Optimization
Traffic Shaping and QoS
Global Load BalancingM
DM
Mobile Acceleration
Anti-PhishingAnti-Malware
VAS Bursting Enrichment
DN
S Fire
wall
Qu
ota
Man
ag
em
en
t
ApplicationTraffic Control
ServiceChaining
Subscriber Traffic
Control Firewall
Compression
Web Performance
Optimization
SSLIntelligence
NfV
VO
LTE
Web Access Management
Activ
e S
yn
c
Pro
xy
Programmability
Traffi
c M
an
ag
em
en
t
Secure Web Gateway
Intelligent EPC node selection
Traffi
c M
an
ag
em
en
t
SAML Federation
Cloud Burstin
g
DNS Caching & Resolving
Web AppFirewall
Global Server Load Balancing
Application Services Portfolio
PerformanceIdentity & Access
AvailabilitySecurity
Mobility
Gi Firewall
Intelligent Services Orchestration
Fabric Connectors
Module Connectors
Cloud Connectors
Orchestration Connectors
Intelligent Services Orchestration
Single pane of glass
Rapid system andservice provisioning
Ecosystemenablement
BIG-IQ
Orchestration Connectors
Intelligent Services Orchestration
•OpenStack, VMware─VCNS/VCO, Cisco/Insieme-ACI, third-party orchestrators
•REST API
Fabric Connectors
Module Connectors
Cloud Connectors
BIG-IQ
Single pane of glass
Rapid system andservice provisioning
Ecosystemenablement
Intelligent Services Orchestration
Fabric Connectors
Module Connectors
Cloud Connectors
Orchestration Connectors
BIG-IQ
•Multi-tenant•Elastic•Metered•Bare metal deployment
Single pane of glass
Rapid system andservice provisioning
Ecosystemenablement
Intelligent Services Orchestration
Fabric Connectors
Module Connectors
Cloud Connectors
Orchestration Connectors
BIG-IQ
•Security•Device•Cloud•ADC•MAM•And more
Single pane of glass
Rapid system andservice provisioning
Ecosystemenablement
•Virtual editions─VMware, MSFT, XEN, KVM, and AWS
•Cloud bridging and health and performance monitoring─AWS, VMware, and extending to other cloud platforms
Intelligent Services Orchestration
Fabric Connectors
Module Connectors
BIG-IQ
Orchestration Connectors
Cloud Connectors
Single pane of glass
Rapid system andservice provisioning
Ecosystemenablement
DDoS
WAF
Public CloudHybrid CloudBIG-IP
BIG-IP
Data Center
DDoS
LTEAcceleration
SSO
Anti-fraud
LTE
Traffic
Management
SSLCentralized Management Platform
BIG - IQ
BIG - IQ
Simplified Business Models
Traditional Enterprise
Perpetual
Subscriptions
New: Good, Better, Best
offerings
Simplified Business Models
Public MSP Clouds
BYOL
Cloud Licensing Program
New: Utility
F5 Licensing: Good
BIG-IP Local Traffic Manager
Good Offering
Customer Needs:• Rapid deployment & optimization• Real-time analysis & load
balancing• SSL acceleration & offload• Easy protocol implementation
Target Customer:Organizations that require local intelligent traffic management to ensure application availability
• Load balancing and monitoring• Application Visibility and Monitoring• L7 intelligent traffic management• Core protocol optimization (HTTP, TCP,
SPDY, SSL)• SSL proxy and services• IPv6 support• Programmability (iRules, iCall, iControl,
iApps)• ScaleN: On demand, application &
operational scaling• AAM Core (Caching, Compression,
Bandwidth Controller, more)• APM Lite (User Authentication, SSL VPN
for 10 concurrent users)• SYN flood protection
F5 Licensing: Better
BIG-IP Local Traffic Manager
BIG-IP Global Traffic Manager
BIG-IP Application Acceleration Manager
BIG-IP Advanced Firewall Manager
Better Offering
Customer Needs:• Protect and optimize the data
center• Optimize application delivery• Ensure optimal application
availability and performance• Future-proof the business• Leverage the power of
integrated SDN services
Target Customer:Organizations that require network security and improved end user experience with local and global intelligent traffic management
• High-performance ICSA firewall• Network DDoS protection• Application-centric firewall
policies• Protocol anomaly detection
• Web performance optimization• WAN optimization (data
deduplication, FEC)• Mobile optimization (smart
client cache, image optimization)
• SaaS acceleration (reduce bandwidth usage & page load times)
• Global server load balancing• DNS services• Real-time DNSSEC solution• Global application high
availability• Geolocation• DNS DDoS attack protection
F5 Licensing: Best
Best Offering
Customer Needs:• Manage application access• Support BYOD initiatives• Accelerate remote access• Protect IP and minimize vulnerability
exposure• Free development resources to create
value
Target Customer:Organizations that require advanced access management and total web security in addition to network security with local and global intelligent traffic management
• PCI Compliant Web Application Firewall
• Web scraping prevention• Integrated XML firewall• Violation correlation &
incident grouping• Application DDoS
protection
• 500 concurrent users, scalable up to 200K
• BYOD enablement• Full Proxy for VDI (Citrix,
VMware)• Single sign-on
enhancements (Identity Federation with SAML 2.0)
BIG-IP Local Traffic Manager
BIG-IP Global Traffic Manager
BIG-IP Application Acceleration Manager
BIG-IP Advanced Firewall Manager
BIG-IP Application Security Manager
BIG-IP Access Policy Manager
F5 Synthesis
Offering BIG-IQ for the deployment
of application services, cloud orchestration, and ADC
management─one push button provisioning
and all necessary API management.
Providing capacity- and volume-based licensing,
software module mobility, and the unique bundling of application services.
Utilizing F5 ScaleN to provide the most scalable, high-density, high-performance fabric in the industry
to leave no application behind.
Intelligent Services Orchestration
Simplified BusinessModels
High-PerformanceFabric
Performance Leadership
Reference Architectures
F5 in Every Cloud
Meet every performance requirement from Micro ADC 25 MB virtual editions to terabit-
sized chassis solutions.
Provide fully documented and tested business outcome
solutions for F5 customers to consume Synthesis.
F5 deployed and serviced in every cloud marketplace to ensure
consistent Synthesis application services deployment.
F5 Synthesis
© F5 Networks, Inc 46
F5 Synthesis Drives Shift to Software Defined Data Center
PerformanceIdentity & Access
AvailabilitySecurityMobility
Traditional Environment
SOFTWARE-DEFINED
DATACENTER
ARCHITECTURE BECAME “FABRIC” WITH HIGH PROGRAMMABILITY AND SCALABILITY
IMPROVE COST EFFICIENCY
SILO APPROACH BY APPLICATIONS COST UN-EFFICIENCY NO PROGRAMMABILITY,
SCALABILITY
© F5 Networks, Inc 47
IntelligentServices Orchestration
High-Performance Services Fabric
Simplified Business Models
• Single pane of glass• Rapid system and
service provisioning• Ecosystem enablement
• Elastic, multi-tenant platform, all-active
• Application services–aware• Performance leader• Extensible and programmable• Catalog of application services
• New licensing models• Easy to procure• Save by purchasing bundles
ReferenceArchitecturesSolving Customer Issues
© F5 Networks, Inc 49
Reference ArchitecturesDevice, Network, Applications
Bill of Materials • Solution diagram(s)• Architecture diagram(s)• Product map diagram(s)• Customer deck
• RA video overview• White paper(s)• Placemat leave-behind
© F5 Networks, Inc.
DDoS Protection
S/Gi Network
Simplification
Security for Service
Providers
Application Services
Migration to Cloud DevOps
LTE Roaming
Intelligent DNS Scale
Cloud Federation
CloudBursting
© F5 Networks, Inc.
Benefits of F5 Synthesis
DriveBusiness Value
• Improve application availability, reliability, recoverability, performance, security, and velocity
IncreaseIT Capabilities
• Common platform physical | virtual | cloud
• Moving from managing devices
to services
ReduceCosts
• Lower TCO• Consolidate user,
network, and application services
FutureProof
• Programmability and orchestration
• Open APIs, open standards
• Application awareness
50
F5 Synthesis Partner Ecosystem
/
Network/SDN System Integrators Cloud Security Orchestration
© F5 Networks, Inc. 51
Application
DevOps
devcentral.f5.com
facebook.com/f5networksinc
linkedin.com/companies/f5-networks
twitter.com/f5networks
youtube.com/f5networksinc
synthesis.f5.com
Solutions for an Application World.