Upload
derron
View
63
Download
0
Tags:
Embed Size (px)
DESCRIPTION
How to achieve a fast, secure and available virtualization infrastructure. Luuk Dries. Why virtualization – a small recap. Efficiency Maximize CPU, RAM and Disk resources Energy savings Flexibility Quick response to business needs Quickly adding and removing applications. - PowerPoint PPT Presentation
Citation preview
How to achieve a fast, secure and available virtualization infrastructure
Luuk Dries
© F5 Networks
3
Why virtualization – a small recap
• Efficiency– Maximize CPU, RAM and Disk resources– Energy savings
• Flexibility– Quick response to business needs– Quickly adding and removing applications
© F5 Networks
4
Why virtualization ?
• Business Continuity
• Disaster Recovery
• Security
• Test and Development
© F5 Networks
5
Each Application has its own specific requirements:
99,999% Availability, Performance over the WAN, High Security, ....
Available
Fast Secure
SharePoint
Database
Siebel
BEA
.NET
SAP
PeopleSoft
IBM
ERP
SalesForce
Custom
Application Delivery Networking
Applications
© F5 Networks
6
Availability for the Web Tier…
99%
99%
99%
99%
99.99%
99.9999%
Internet
•Unmatched scalability and transparency•High Availability and Load Balancing•Centralized SSL offloading
© F5 Networks
7
… and for the Application Tier
99%
99%
99%
ApplicationWWW
99%
99%
99%
99% 98%
Accumulated Availability
Internet
•Full L7 application visibility •L7 content processing and switching •Application monitoring
© F5 Networks
8
Flexibility:Data Center Automation Real-time interfacing with vCenter to add new VMs to the load balancing pool (iControl) Advanced Health Checks to ensure that newly provisioned VMs are ready for traffic
© F5 Networks
9
Availability and Performance across ISP Links
Internet
ISP2ISP1
Select link on:
- Availability- Cost of route- Protocol- Source/Destination- Time
And apply:
- Bandwith Management- Traffic Prioritization
© F5 Networks
10
Availability and Performance across Datacenters
Internet
Local DNS
Primary DC Backup DC
© F5 Networks
11
My Web Applications are Slow..First time visits are slow
Users are increasingly remote and/or mobile
Dynamic Web content Network latency, packet loss,
verbose protocols
IT Manager & App Architect
Data center consolidation
=
Difficult to accelerate SSL content
© F5 Networks
12
Web Browser
MyWebApp.comWeb Servers
TimeWAN Latency
WAN Latency
WAN Latency
WAN Latency
A web page load with about 100 objects generates at least 100 round-trips
LAN: 100/2 x 1 ms = 50 ms WAN: 100/2 x 250 ms = 12.5 seconds!
Chatty Apps & Latency = Slow Apps
Get / HTTP/1.1
Index.html
Get /javascript.js HTTP/1.1
javascript.js
Get /stylesheet.css HTTP/1.1
stylesheet.css
Get /image(n).jpg HTTP/1.1
image(n).jpg
250 ms
250 ms
250 ms
250 ms
© F5 Networks
13
With Without
Impact of Web Acceleration
© F5 Networks
14
F5 Approach – Three Tiers of Acceleration
• Tier 1 Acceleration – Network Offload– Re-use downloaded objects/content (IBR)– Reduce data transferred (Compression)
• Tier 2 Acceleration – Server Offload– Servers are busy serving same data over and over (Caching)– Too many connections to back-end servers (OneConnect & spooling)– Overflow of connections to back-end servers (RateShape & conn limit)– SSL offload– Compression offload
• Tier 3 Acceleration – Application Offload– Browser re-downloads same content over and over (IBR)– Force multiple connections (MultiConnect)– Web apps are slow over the WAN (ESI, Compression, PDF linear..)
© F5 Networks
15
Effect of 3 Tiers of AccelerationPage Load Time
Up to 90% reduction in
Page load time
© F5 Networks
16
Effect of 3 Tiers of AccelerationCPU Utilization
Up to 90% reduction in
CPU utilization
© F5 Networks
17
Intelligent Browser Referencing
This is the onlydynamic content
Problem
Repeated Content Retrieval Slows Web ApplicationDynamic pages contain mostly static content that is retrieved repeatedly
© F5 Networks
18
Intelligent Browser ReferencingInitial Request
CompressionCache
SolutionWebAccelerator Enables Browser Re-use of Cacheable Contents
No client to downloadNo changes to browser
Subsequent Client Requests Cache
Apply IBR cache expiration
RepeatVisits
Retrieve from Browser Cache
© F5 Networks
19
Easy to Deploy – Easy to Integrate
• Validated in vendor application labs– Certified policies pre-configured
© F5 Networks
20
Web Acceleration Performance
SharePoint 2007 Portal
Siebel
PeopleSoft
SAP Portal
Ecommerce
IBM Websphere
Plumtree
Outlook Web Access
BEA Weblogic
0.00 5.00 10.00 15.00 20.00 25.00 30.00 35.00
Without Acceleration With Asymmetric Acceleration With Symmetric Acceleration
Seconds
2X to10XPerformance
Increase
© F5 Networks
23
…of a virtualized application and its storage
F5 and VMware can enable a secure, live migration
…from one siteto another
…without downtime and without user disruption.
© F5 Networks
24
BIG-IP LocalTraffic Manager
Initial Environment
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
© F5 Networks
25
BIG-IP LocalTraffic Manager
Step 1: F5 BIG-IP Local Traffic Manager Opens WAN Optimization Tunnel
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
1• Compressed• De-Duplicated• Encrypted
© F5 Networks
26
BIG-IP LocalTraffic Manager
Step 2: Storage vMotion Executed Across WAN Optimized Tunnel
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
2 This step can be avoided if storage is already being synchronously
replicated between sites
© F5 Networks
27
BIG-IP LocalTraffic Manager
Step 2: Pending App vMotion, transactions rely on VM in Site A, but Storage in Site B
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
vCenter A still managing VM
© F5 Networks
28
BIG-IP LocalTraffic Manager
Step 3: Application vMotion Executed Over WAN Optimized Tunnel
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
3
© F5 Networks
29
BIG-IP LocalTraffic Manager
Step 4: vCenter Instructs F5 BIG-IP Global Traffic Manager to Cut Over to Site-B
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
4
© F5 Networks
30
BIG-IP LocalTraffic Manager
F5 BIG-IP Global Traffic Manager Routes All NEW Application Connections/Sessions Directly to Site B.
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
© F5 Networks
31
BIG-IP LocalTraffic Manager
F5 BIG-IP Local Traffic Manager in Site A Redirects EXISTING Sessions Temporarily to Site B Until Clients Register DNS Change
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
© F5 Networks
32
BIG-IP LocalTraffic Manager
Eventually, ALL Connections Go Directly to Site B. The Process Can Be Reversed When Necessary.
BIG-IP Global Traffic Manager
vCenter B
BIG-IP LocalTraffic Manager
vCenter A
Successful Application Migration Complete
© F5 Networks
33
Web Application Security
!UnauthorisedAccess
WAF allowslegitimate requests
Stops badrequests /responses
Browser
UnauthorisedAccess
!
Non-compliantInformation
!
InfrastructuralIntelligence
!
Who is this??
What is he doing ??
© F5 Networks
34
Challenges of Web Application Security
• HTTP attacks are valid requests• HTTP is stateless, application is stateful• Web applications are unique
– there are no signatures for YOUR web application• Good protection has to inspect the response as well• Encrypted traffic facilitates attacks…• Organizations are living in the dark
– missing tools to expose/log/report HTTP(s) attacks
© F5 Networks
35
• Provides comprehensive protection for all web application vulnerabilities
• Provides out of the box security• Logs and reports all application traffic • Provides L2->L7 protection• Unifies security and acceleration services• Stop attacks unseen by traditional WAFs (anti-evasion)• Provide On-Demand WAF scaling• Sees Application level performance
ASM: Powerful Adaptable Solution
© F5 Networks
36
Layer 7 DoS and Brute Force Unique Attack Detection and Protection
• Unwanted clients are remediated and desired clients are serviced• Improved application availability
© F5 Networks
38
Why F5? The F5 Advanced ADN
Available
Fast Secure
SharePoint
Database
Siebel
BEA
.NET
SAP
PeopleSoft
IBM
ERP
SalesForce
Custom
Application Delivery Networking
Applications
© F5 Networks
41
Gartner Magic Quadrant for ADC
niche players visionaries
challengers leaders
| completeness of vision |
| a
bilit
y to
exe
cute
|
F5 Networks• Offers the most feature-rich AP ADC,
combined with excellent performance and programmability via iRules and a broad product line.
• Strong focus on applications, including long-term relationships with major application vendors, including Microsoft, Oracle and SAP.
• Strong balance sheet and cohesive management team with a solid track record for delivering the right products at the right time.
• Strong underlying platform allows easy extensibility to add features.
• Support of an increasingly loyal and large group of active developers tuning their applications environments specifically with F5 infrastructure.
Source: Gartner (July 2008)
F5 Networks
Citrix Systems
Cisco Systems
Foundry Networks
Nortel NetworksZeus Technology
Radware
© F5 Networks
42
BIG-IP Hardware Line-upPrice
Function / Performance
BIG-IP 3600
Dual core CPU8 10/100/1000 + 2x 1GB SFP1x 160 GB HD + 8GB CF4 GB memorySSL @ 10K TPS/2 Gb bulk1 Gbps max software compression1.5 Gbps Traffic1 Advanced Product Module
2 x Quad core CPU16 10/100/1000 or 2 10GE SFP+2x 320 GB HD + 8GB CF16 GB memorySSL @ 58K TPS/ 9.6 Gb Bulk8 Gbps max hardware compression12 Gbps TrafficMultiple Product Modules
BIG-IP 8900 36 Gbps TrafficMultiple Product ModulesUltimate redundancy in a single chassis
VIPRION
BIG-IP 1600
Dual core CPU4 10/100/1000 + 2x 1GB SFP1x 160GB HD4 GB memorySSL @ 5K TPS/1 Gb Bulk750 Mbps max software compression750 M Traffic1 Basic Product Module
2 x Dual core CPU16 10/100/1000 + 8x 1GB SFP2x 320 GB HD (S/W RAID) + 8GB CF8 GB memorySSL @ 25K TPS/ 4 Gb bulk5 Gbps max hardware compression6 Gbps TrafficMultiple Product Modules
BIG-IP 6900
© F5 Networks
43
F5’s Data Center Vision – Unified Application & Data Delivery
EMC
PC - Home
App. Server
App. ServerWeb Server
Web Server
App. Server
App. Server
Web Server
Web Server
PC - LAN
WLAN
Windows file storage
Windows file storage
NetApp
Cell
Remote - WAN
File
Sto
rage
Virt
ualiz
ation
: Ser
vice
s & P
olic
y
Appl
icati
on S
erve
r Virt
ualiz
ation
: Ser
vice
s & P
olic
y
Web
Ser
ver V
irtua
lizati
on: S
ervi
ces &
Pol
icy
Data
Cen
ter &
Link
Virt
ualiz
ation
: Ser
vice
s & P
olic
y
Link 1
Link 2
Link 3
DC 2: U.K.
DC 1: U.S.
Link 1
Link 2
Link 3
BIG-IP LTM,GTM & LC BIG-IP LTM, WA, ASM BIG-IP LTM, SAM F5 ARX
© F5 Networks
44
ARX – File Virtualization
User / application access tightly coupled to physical file storage – Inflexible: change is disruptive– Complex: multiple mappings to
heterogeneous storage devices– Inefficient: low aggregate utilization
File access decoupled from physical storage location– Flexible: change is non-disruptive– Simple: single mapping to unified
storage pool – Efficient: maximize utilization
BEFORE AFTER
© F5 Networks
45
Tiering / ILM / Data Migration
• Match cost of storage to business value of data– Files are automatically
moved between tiers based on flexible criteria such as age, type, size, etc.
• Drivers:– Storage cost savings, backup
efficiencies, compliance• Benefits:
– Reduced CAPEX– Reduced backup windows
and infrastructure costs
© F5 Networks
46
Summary
F5 offers you the scalability both in performance and functionality to optimize all your applications
F5 makes your applications– SECURE– FAST– AVAILABLEin the most flexible and stable solution
F5 optimizes your storage environment