Session1 Room179 High Performance Fabric · • High availability for mission critical apps • Failover device need to handle 100% of traffic • Capacity to scale traffic • Reduced

High Performance Services Fabric

Vincent Lavergne – SED EMEA, South

Gary Newe – Sr SEM EMEA, UKISA

© F5 Networks, Inc 2

“Software defined”everythingSDDC/Cloud

Everything is webified

Internet ofthings

Mobility

Advancedthreats APIs

Quality ofexperience

Time toMarket

Technology shifts are centered on applications

F5 Agility 2014 3F5 Agility 2014 3

I want Corporate Apps deployed just

in seconds

I need to cut IT costs by running

this specific legacy service in the cloud

I want to pay for what I use, I don’t

want to overprovision my

infrastructure

I need to deploy this new

competitive service in less than X

months

The new IT challenges

I need to support the lattest trendy

device, NOW !


Today’s IT (R)Evolution :

Users want more choice, more comfort

BUT same SLAOPEX control

More Endpoints More with less More Apps

Number of applications double

every four years

Consume IT As A Service :DC infrastructure need to change


Software Defined Data Centre

<2008 2008-2012 FutureMonths/WEEKS DAYS/HOURS MINUTES


Software/Application Defined Data Centre

Network OperationsProvisioning• Flexibility• Scalability• Holistic management

• Efficiency • Lower operational and

capital expenses

• Automation• Speed• Agility

Source: Architecting for Hyperscale Datacenter Efficiency


Virtual

Physical

Cloud

CONTEXT AWAREFull TCP Proxy

Anywhere, any service, any device Intelligent Dynamic, agile, adaptive

Clients

F5 is application centric : it provides App and user contextWhich Application Request ?

Which device ?

Where from ?

Who ?

Hypervisor

F5 enables your Apps to be Fast, Secure and Available

What Security Policy to apply ?

Where is the best resource ?Application Health ?Response time ?User Proximity ?

Is it Secure ?


All these Apps need services


Provide the services all your applications need

High Performance Application Services Fabric


Pool of Resources

What is a Fabric?


• 1000’s of Applications are delivered : need to industrialize/Automate App delivery

• Application can delivered in different ways (On premise, Cloud) : need for a common framework

• Grow your Apps: Scale one node or gather mutliple nodes of the Fabric to achieve High Performance

Why do you need a Fabric ?


Why an Application Services Fabric ? Deliver and scale your applications anywhere

Public CloudHybrid CloudData Center

High Performance Services Fabric

Pool of Physical and Virtual ADC Resources


F5 High Performance Application Services Fabric

iRules

Programmability

iCall iControl

Virtual Edition Chassis Appliance

TMOS

TMOS The heart of our

fabric

TMOS : OS focused on Application Traffic Management

TMOS = SINGLE FIRMWARE



• Reduce the TCO of your Network / Security Infrastructure• CAPEX

• Simplify your infrastructure : Consolidate several devices into one single ADC• Benefits the best of F5 with G/B/B Licensing

• OPEX• Less demand for skilled people on several OS : invest on TMOS• Fewer power consumption , rack space, cooling

Benefits of TMOS for you


Consolidation Case Study• National Bank : Online Banking

• 17 000 + employees• 1 525 agencies• 4 million customers

• Consolidate 39 Critical Regional Online Banking environment into 1 new infastructure :• Layer 4-7 Server Load Balancing (8000 # App Services !)• HTTP Compression • Virtual Hosting, SSL Offloading, etc.• Web Application Firewall• Reverse Proxy• Global Load Balancing

• Customer Benefits: • Simplified infrastructure from 18 devices to 4 (2 pairs in D/R)• Significant Cost Reduction in terms of Hardware costs, maintenance and operations• Capacity to Scale


High-Performance Services Fabric

Network [Physical • Overlay • SDN]


Data Plane

Programmability

Control Plane Management Plane

ScaleN Powering the

Fabric



Network [Physical • Overlay • SDN]


TMOS


How does F5 enable you to scale?

All Active Clustering

Multi-TenancyOn Demand Scaling

• Any device can be clustered together in all active deployment model

• Application workloads can be moved due to capacity, failures, maintenance

• Consolidate devices and services

• Create partitions or virtual instances on shared infrastructure

• Scale performance and capacity when needed

• Modular chassis and software license upgrade keys

TMOS TMOS TMOS TMOS


On Demand Scaling

Appliance Virtual EditionChassisIncrease key performance

via software license upgrade.

Increase to higher throughput versions.

Linear on demand performance by adding

blades without rebooting or reconfiguration.

VIPRION Platform PAYG License


“With VIPRION, we can deploy the same ADCs and architecture for years to come, despite tremendous projected growth.”

Key benefits of F5• Scales to serve tens of millions of users • Delivers superior uptime • Eases server maintenance • Improves performance, resulting in Pandora top

ranking in speed and reliability

F5 Reference Architectures• Application Services

-James Kelty, Director of Network Engineering, PandoraLTM GTM VIPRION

View on F5.com


Device Service Clustering : All-Active Clusters

Pool of hardware and virtual resources

Automatic config sync

Heterogeneous devices

Scale beyond HA pair

Load aware and user defined failover

Migrate/failover at application level


Traditional HA Pair

VIPRION2VIPRION1

HA Pair

Status: ActiveCapacity: 40%

Status: StandbyCapacity: 0%

Requirements

• 50% idle resource• Failover entire device

• High availability for mission critical apps

• Failover device need to handle 100% of traffic

• Capacity to scale traffic

Challenges


Device Service Clustering

VIPRION3VIPRION2

Device Group1


VIPRION1

Status: StandbyCapacity: 0%


Config Sync

Config Sync

Config Sync

Requirements

• High availability for mission critical apps

• Failover device need to handle 100% of traffic

• Capacity to scale traffic

• Reduced Capex and protect your initial investment when scaling

Benefits


“F5 provides us with added network capacity, improved scalability, and greater security in a single solution that is easy and cost effective to operate.”

Key benefits of F5• Increases network capacity from 5 Gbps to 80 Gbps• Scales to increase capacity to 160 GB per second• Improves resistance to DDoS attacks• Saves time and costs from simplified network

management• Improved utilization by deploying two VIPRION

devices in each of its data centres in an active-active configuration

F5 Reference Architectures• DDoS Protection

-Gonen Wilf, Head of Production, LivePersonLTM AFM VIPRION

View on F5.com


Three ways to implement multi-tenancy

Virtual Editions Route Domain/PartitionsvCMPFull BIG-IP virtual

instances on general purpose hypervisors on

commodity servers

Network isolation and/or admin separation

Fully isolated BIG-IP virtual instances on F5

purpose built ADC hypervisor and hardware

TMOS TMOS TMOS TMOS


Multi-tenancy with virtual Clustered Multi-Processing (vCMP)

Provides the agility of virtualization with performance of F5 hardwareSpin up independent, virtual ADCs on-demand with complete control over resource allocation

IsolateSecure the traffic and administration of each virtual application service instance with network and resource isolation

ConsolidateConsolidate application services onto one shared device while serving different customers

DedicateAllocate dynamically the right amount of dedicated resources to run different services for your specific application needs


Multi-Tenancy with Admin Partitions/Route Domains

Data Center

Route Domain 1

Route Domain 2

Use Cases

• Simple to setup and manage• Thousands of tenants• Use with vCMP and VE’s

• Consolidation of multiple business units (e.g. finance, HR, IT, sales, marketing)

• Consolidation of multiple customers

Benefits

Data Center

Partition1 Partition2

Partition3 Partition4


“The multi-tenancy and complete network isolation that vCMP brings about is key to the school district’s BYOD initiative.”

Key benefits of F5• Consolidated resources• Streamlined administration • Created a highly available application environment• Kept costs low• Deployed a secure, separate BYOD network

dedicated solely to providing wireless Internet access from personal devices.

F5 Reference Architectures• Secure Mobility, Application Services

-Jason Baekey, Coordinator of Network Enterprise Infrastructure Services, Gwinnett County Public SchoolsLTM GTM VIPRION

View on F5.com


“Today, we can spin up a pair of BIG-IP LTM Virtual Edition instances with all of the configuration parameters we need in just 20 minutes.”

Key benefits of F5• Isolates the risk of downtime to a per-client basis• Speeds provisioning time to 20 minutes• Uses IT staff more efficiently and effectively • Reduces time to deployment

F5 Reference Architectures• Application Services

-Charlie Wehner, Network Engineer, CernerLTM

View on F5.com

Programmability



iRules

Programmability

iApps iControl


TMOS


Programmability : Adapt F5 product to your needs

• 0 day protection• Adapt quickly

• Reduce Operation Costs• Reduce time to market

Custom Traffic Scripting Application Templates Automation and orchestration API

• Reduce Operation Costs• Reduce time to market

79% of F5 Customers deploy iRules on productionBIG-IP devices

84% fasterdeploy time

90% accuracyof configuration

=Interoperate


Top Things iRules Can Do for You

Transformapplication data

Protect Your applications

Manageapplication access and availability

Createcustom solutions

View the state of yournetwork

• Deploy cookie proxy, encryption, rewrite

• Match traffic data to a variable list or array

• Use URL-based redirection

• Utilize dynamic HTTP to HTTPS rewriting

• Allow SSL renegotiation

• Provide immediate security mitigation at the edge until application code can be patched

• Control bot access to your applications

• Protect against data leaks (screen and clean outbound application data, such as CC and SSN #s)

• Utilize advanced application persistence

• Take advantage of high-performance and ratio-based rate limiting

• Enable client auth using HTML forms

• Manage users and application access during downtime and maintenance windows

• Integrate Google Authentication with anyapplication

• Create a pie chart showing your top website referrers

• Build entire SMTP and file servers, right from an iRule

• Track and display site usage statistics in a heatmap

• Distribute email based on source IP

• Monitor application code performance (Gomez)

• Achieve real-time logging of any traffic state, event, and data

• Employ persistence cookie logger

• Track referrals


App optimization services

Securityservices

Firewall

iAPP how it works

SummaryNext Steps


Throughput Connections per second

Concurrentconnections

Multi-tenantinstances per device

Devices in cluster

*40K when combining route domains/admin instances with vCMP

F5 SDAS Fabric help you address your application and traffic growth

On-Demand Scaling All-Active Clustering Multi-Tenancy

ScaleN

TMOS TMOS TMOS TMOS

32x VIPRION 4800


• Isolated silos of app services, point products, and legacy devices• Inefficient utilization (overprovisioning, idle resources)• Quickly deploy app services to meet surging demand• New deployment models (cloud, XaaS, hybrid)• Less budget, increasing opex costs

F5 High Performance App Services Fabric

CHALLENGES

SERVICES FABRIC PROVIDES AGILITY, OPERATIONAL EFFICIENCY, AND REDUCED COSTS

Provisioning• Automated config syncing• Spin up BIG-IP instances quickly• Tie into orchestration engine

Network•Flexibility•Dynamic scaling•Holistic management (TMOS/BIG-IQ).

Operations•Higher resource utilization •Lower opex/capex•Fine grain app services control


Deploy an app services fabric in Data Center/Cloud today

Devices

Data Center

Load BalanceSSL Offload

HW CompressionL4 DoS

Image OptimizationBrowser caching

Content assy

Sync GroupFW Policy

Device Group1

Device Group2

TMOS enables your to:• Simplify / consolidate your

infrastructure with multi modules• Reduce your operation costs• Deploy Apps Faster

ScaleN enables you to:• Easily scale capacity when you need it• Deploy and split app services where

you need them• Multi-tenancy for workload isolation

Hybrid data center or cloud:• HW for performance and accelerated

offload functions• Virtual instances for workload and fault

isolation, rapid deployment, closer to apps


Good Better Best

Scalable and flexible hardware or virtual editions + simplified software purchase

Virtual EditionChassis Appliance

BESTBetterGood

Data Center

Hybrid Cloud PrivateCloud


ScaleN Resources

www.f5.com1 datasheets3Whitepapers2

https://f5.com/products/platformshttp://www.f5.com/pdf/white-papers/scalen-elastic-infrastructure-white-paper.pdf

https://f5.com/products/technologies/scalen

Documents

Session1 Room179 High Performance Fabric · • High availability for mission critical apps • Failover device need to handle 100% of traffic • Capacity to scale traffic • Reduced