Hybride Cloud Szenarien HHochverfügbar mit KEMP Loadbalancern Köln am 10.Oktober 2017
Manfred Pfeifer PreSales Consultant DACH & EE @ KEMP Technologies Email: mpfeifer@kemptechnologies.com Office: +49 511 367 393 17 Mobil: +49 151 252 085 57
Why the cloud? 1 2 3 Cloud 4 Physical server Microsoft Azure Virtualization 5 3
Cloud Computing Patterns & Scenarios
KEMP LoadMaster Core Functionality Common Look and Feel Across Platforms Complete RESTful API for Automation/Integration Windows PowerShell API Wrapper L4/7 Load Balancing SSL Acceleration/Termination and Re-encryption L7 Session Affinity Global Site Load Balancing Service Aware Health Checking Header Manipulation L7 Transparency Content Caching, Compression Application-Specific Templates Edge Security Services (TMG Replacement) Microsoft Azure and other cloud platforms Hyper-V and Other Hypervisors Bare-metal LMOS (ISO) Purpose-built Appliances
Virtual LoadMaster (VLM) for Azure
KEMP extends and completes Azure Application Delivery Azure Load Balancer Azure Application Gateway Azure Traffic Manager Funktion Azure with KEMP VLM for Azure Content/URL switching No, Use less IP-addresses SSL offload/re-encrypt Limited, Save Ressources Session persistence Limited, Data consistency Content caching No, Save Ressources Reverse Proxy No, Additional function Web Application Firewall (WAF) No, data security Client Authentisierung & SingleSignOn No, user friendly Optimized Installations Improved User Experience Improved Security Support for HA Application templates (SharePoint, ADFS etc..) Health checks (including SSL) Throughput up to 10Gbps Session persistence Caching and compression Intrusion detection/prevention Web Application Firewall Client Authentication
Common Use Cases with VLM in Azure
Common Use Cases with VLM in Azure Content Switching Aggregate multiple application front-ends into a unified experience for end-users using a single domain name or IP address with the following capabilities: Server Name Indicator (SNI) Host Header Matching Group Based Traffic Steering Hybrid Deployment Safely and securely extend on-premises ADFS, IIS, SharePoint or custom web applications to take advantage of extra capacity in, or failover to, the Microsoft Cloud Global Server Load Balancing (GSLB) Virtual LoadMaster for Azure s GEO capability allows for automatic re-routing across Azure regions in the event of failure Security KEMP VLM for Azure has a number of integrated security features including: Wide range of client authentication methods Reverse Proxy Web Application Firewall (WAF)
Common Use Cases with VLM in Azure SharePoint ADFS Proxy ADFS Farm RDS SharePoint ADFS Proxy Optional Site-to-Site VPN or Express Route On Premise Data Center ADFS Farm IIS RDS Enables O365 deployments w/adfs HA in Azure Supports Azure-only or hybrid deployments Supports DRaaS Provides HA for workloads now supported in Azure such as SharePoint and RDS Web Applications w/l7 proxy needs SNI and single IP use for multiple workloads in multitenant deployments
VLM-Azure for Application MSFT to Azure IaaS Problem Limited datacenter capacity Slow response to changing business and capacity needs Requirement for on premise cost reduction Need for minimal development efforts to transition apps Solution Azure provides a way to transition Tier 2/3 apps to cloud-hosted VMs freeing on premise resources Internal/External client access remains unchanged KEMP s VLM delivers unified experience in public/private cloud VLM s full Layer 7 load balancing, content switching and reverse proxy services minimizes required application augmentation Azure VPN Directory Replication Applications Data Azure Storage On Premise Private Cloud
VLM-Azure for SharePoint on MSFT Azure IaaS Problem High startup costs Need for comprehensive DR strategy Deployment time to market Solution Azure s flexible pricing drives down TCA Azure allows for automated provisioning Azure allows for simplified DR options VLM-Azure makes Intranet load balancing possible for clients on the private network
VLM-Azure for ADFS on Microsoft Azure IaaS Problem Costly disaster recovery Potential single points of failure Need for multi-factor authentication and SSO Solution Azure-hosted ADFS provides resiliency for corporate data center KEMP s VLM GSLB capabilities allows for automatic request rerouting in the event of failures Windows Azure allows customers to safely and securely extend their corporate AD authentication environment Microsoft Apps 3 rd Party Apps Custom Apps On Premise Active Directory Infrastructure ADFS Windows Azure Active Directory ADFS
Cloud Only Deployment Client request received by LoadMaster LoadMaster checks to see if client session exists Virtual LoadMaster for Azure Cloud Service Endpoint Public IP LoadMaster applies content rules, provides L7 services (IPS, SSL overlay, content switching, etc.) Cloud Service for Virtual LoadMaster VM LoadMaster distributes traffic based on scheduling method and health/status of VMs Application VM Application VM Application VM Application VM Application VM Cloud Service for Application VMs (optional) Virtual Network
Hybrid Deployment Cloud Service Endpoint Public IP Virtual LoadMaster for Azure Cloud Service for Virtual LoadMaster VM LoadMaster Application VM Application VM Application VM Cloud Service for Application VMs (optional) Application VM Application VM Virtual Network Enterprise Network
HA Deployment with GEO Client requests name resolution to access the service or application DNS entry for Service or application endpoint (URL i.e. cloud.kempdemo.com) is delegated to LoadMaster GEO LoadMaster uses GEO functionality to determine the health status of each participating LoadMaster and Virtual Service Virtual LoadMaster for Azure 1 Application VM Cloud Service Endpoint Public IP Cloud Service for Virtual LoadMaster VM Cloud Service for Virtual LoadMaster VM Application VM Application VM Application VM Application VM Cloud Service for Application VMs (optional) Cloud Service Endpoint Public IP Virtual LoadMaster for Azure 2 Virtual Network Client receives response with service IP to connect to Client application connects to resolved IP address VLM forwards the request to the application servers according to the configured load balancing mechanism and server s health state VLM 1 becomes unavailable! Future Connections Redirected to alternative LoadMaster
Cloud Anywhere Transition -Hybrid Cloud In-house Estate LoadMaster Real Server RS Docker Server RS Real Server Real Server Azure Cloud Virtual LoadMaster Real Server Real Server
Metered Licensing Capacity on-demand
KEMP Metered Licencing(MELA) An alternative Approach: KEMP MELA Flexible Licensing of ADCs Adaptive to the business demand On/Off Variable Peaks Fast Growth Predictable Peaks o Metered, usage-based pricing for all ADC platforms across the enterprise o Flexible tiers with predictable OpEx o Deploy unlimited ADC instances o No per-instance capacity limits
KEMP MELA METERED ENTERPRISE LICENSING 2000 1500 1000 500 0 VLM-1 Throughput (Mbps) 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 3 0 3000 2500 2000 1500 1000 500 0 VLM-2 Throughput (Mbps) 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 6000 5000 4000 3000 2000 1000 0 VLM-3 Throughput (Mbps) 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 1.5 Gbps 2.7 Gbps 5.3 Gbps 3 0 3 0 1.5 + 2.7 + 5.3 = 9.5 (Gbps)
How Metered Licensing (MELA) Works Licensing Daily Usage Reporting MELA Usage DB Monthly Usage Report Accounting & Billing Usage sampled every 5 minutes INVOICE Customer view of daily usage Monthly invoice Invoice Customer Partner
Best in price/performance ratio https://kemptechnologies.com/compare-kemp-f5-big-ip-citrix-netscaler-hardware-load-balancers/
Thank You