What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics
Vision: Everything as a service Speed Scalability Speed to Market Cost Shift from CapEx to OpEx Alternative to Outsourcing Support growing requirements Stop paying for what you don t use Secure Legal compliance Encryption Business continuity F5 Agility 2014 5
Hybrid / On-Prem Cloud Physical Technology Shifts are Changing the Data Center SDN / Virtual
Physical Physical
How to Choose the Right Platform F5 Platforms 25M 200M 1G 3G 5G 10G VIPRION 2400 2000 series 4000 series 5000 Series 7000 Series 10000 Series 11000 Series VIPRION 4480 VIPRION 4800 Physical Hybrid Virtual F5 physical ADCs High-performance with specialized and dedicated hardware Physical ADC is best for: Fastest performance Highest scale SSL offload, compression, and accelerated DoS mitigation An all F5 solution: integrated HW+SW Edge and front door services Purpose-built isolation for application delivery workloads Physical + virtual = hybrid ADC infrastructure Ultimate flexibility and performance Hybrid ADC is best for: Transitioning from physical to virtual and private data center to cloud Cloud bursting Splitting large workloads Tiered levels of service F5 virtual editions Provide flexible deployment options for virtual environments and the cloud Virtual ADC is best for: Accelerated deployment Maximizing data center efficiency Private and public cloud deployments Application or tenant-based pods Keeping security close to the app Lab, test, and QA deployments F5 Agility 2014 8
Traditional Physical Deployments Use Virtual Editions for Development and Test Environments Data Center Stage and test with BIG-IP VE Lab before seamlessly moving apps and app configs to production BIG-IPs Development Env. vswitch Hypervisor 10M Lab Devices BIG-IP VE Lab Includes VE LTM VE AFM VE GTM VE APM VE AAM VE ASM F5 Agility 2014 9
Benefit from Adding Virtual Editions to Your Environment 72% 58% 52% 32% Customers indicate BIG-IP Virtual Edition is a valuable addition to their virtual infrastructure 1 Organizations benefited from server consolidation (less hardware) by combining server virtualization with BIG-IP 3 IT organizations increased scalability or availability by using F5 for their cloud deployment 2 Organizations benefited from faster application provisioning by combining server virtualization with BIG-IP 3 F5 Agility 2014 10
EMEA Case Cloud Provider in the Netherlands
Use case: Cloud provider in NL Business: Transforming from managed hosting to cloud services Billing customers on pay per use, based on throughput. (bursting is initially allowed) Target: Government and financial institutions Delivers: www, SharePoint and Office 365 Access over IPv4 and IPv6 USP: keeps customer data within Dutch national borders F5 Agility 2014 12
F5 usage and benefits Tier 1 LTM AFM ASM BIG-IP Local Traffic Manager BIG-IP Advanced Firewall Manager BIG-IP Application Security Manager Customer Load Balancing SSL Offloading DDoS Protection Firewall Tier 2 Firewall SSL Offloading Loadbalancing Web Application Firewall Services Internet VIPRION Platform Shared Cloud Services Consolidated architecture through less vendors. Dedicated (per Customer) Cloud Services Applications IPv4 and IPv6 support Same Layer 4 7 functionality, whatever footprint used. Potential to expand business use case by adding more Layer 4 7 functions F5 Agility 2014 13
Hybrid / On-Prem Hybrid On-Prem Physical
Hybrid Deployment Physical + On-Prem Virtual ADCs Data Center Deploy hardware on the edge of the datacenter for high-volume traffic management and L4 security Deploy VEs closer to the apps for right-sized app services Devices Load Balance SSL Offload HW Compression L4 DoS BIG- IQ RES T DC Orchestration & Automation (ex. vcd, vco) Virtual Infrastructure Hypervisor vswitch F5 Agility 2014 15
Physical + Virtual On-Premise ADCs The Ultimate in Flexibility and Performance 20 mins Deploy Virtual Editions in 20 Minutes Achieve Workload and Fault Isolation Consolidate App Services on Existing Servers F5 Agility 2014 16
F5 Solution: Deploy Virtual Editions in 20 Minutes Today, we can spin up a pair of BIG-IP LTM Virtual Edition instances with all of the configuration parameters we need in just 20 minutes. -Charlie Wehner, Network Engineer, Cerner Key benefits of F5 Isolates the risk of downtime to a per-client basis Speeds provisioning time to 20 minutes Uses IT staff more efficiently and effectively Reduces time to deployment F5 Reference Architectures Application Services View on F5.com F5 Agility 2014 17
F5 Solution: Deploy Virtual Editions Instantly Virtual Infrastructure Deploy Virtual Edition instances instantly with VE License Pools and BIG-IQ Hypervisor vswitch F5 licensing server BIG-IQ 25 Pack of LTM-VE-200M BIG-IQ manages licensing for all VEs in all pools. (3) x 25 Pack of BEST-VE-1G F5 Agility 2014 18
Gary-Physical + Virtual On-Premise ADCs The Ultimate in Flexibility and Performance 20 mins Deploy Virtual Editions in 20 Minutes Achieve Workload and Fault Isolation Consolidate App Services on Existing Servers F5 Agility 2014 19
Customer Challenge: Workload and Fault Isolation Different organizational groups needs access to shared infrastructure 1 An application failure, DoS attack, or misconfiguration 2 Data Center 2 Could cause the failure of the physical device front-ending several applications Devices 3 3 Affecting all applications Web Apps 1 F5 Agility 2014 20
F5 Solution: Achieve Workload and Fault Isolation with Data Center Virtual Editions 1 2 An application failure, DoS attack, or misconfiguration Could cause the failure of the virtual edition Devices 3 BIG- IQ RES T DC Orchestration & Automation (ex. vcd, vco) Virtual Infrastructure 2 1 Web Apps 3 Without impacting the physical device frontending the network F5 Agility 2014 21
Physical + Virtual On-Premise ADCs The Ultimate in Flexibility and Performance 20 mins Deploy Virtual Editions in 20 Minutes Achieve Workload and Fault Isolation Consolidate App Services on Existing Servers F5 Agility 2014 22
Consolidate App Services on Existing Servers New Physical ADC New Virtual ADC Higher Time to Deploy ADC Rapid No rack and stack time Just boot the VE Yes Additional Rack Space Required No Leverage existing servers with a virtual footprint as small as 7GB Yes Additional Power and cooling Required No Maximize power efficiency of your current infrastructure F5 Agility 2014 23
DDOS Hybrid On-Premise Use Cases
DDoS protection reference architecture hybrid enterprise Next-Generation Firewall Corporate Users Tier 2: Protecting L7 and apps Tier 1 Protecting L7 Legitimate Users DDoS Attacker Multiple ISP strategy ISPa/b Cloud Scrubbing Service Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS IPS HTTP attacks: Slowloris, slow POST, recursive POST/GET Virtualized Web Application Firewall provides fault isolation + Compliance Web Server Financial Services E- Commerce Subscriber Threat Threat Feed Intelligence Feed Intelligence Customers can run VE on the existing hypervisors already supporting their app infrastructure Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control F5 Agility 2014 25
DDoS protection reference architecture hybrid enterprise TIER 0 KEY FEATURES Legitimate Users DDoS Attacker Multiple ISP strategy ISPa/b Cloud Scrubbing Service Volumemetric defense Protects line Provides clean pipe Mitigates volumetric DDoS attacks F5 Agility 2014 26
DDoS protection reference architecture hybrid enterprise Next-Generation Firewall Corporate Users TIER 1 KEY FEATURES Legitimate Users DDoS Attacker Multiple ISP strategy ISPa/b Cloud Scrubbing Service Threat Threat Feed Intelligence Feed Intelligence Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Tier 1 Tier 2 The first tier at the Network and DNS IPS SSL attacks: perimeter SSL renegotiation, is layer 3 SSL flood and 4 network firewall services Simple load balancing Application to a second tier HTTP attacks: Slowloris, slow POST, recursive POST/GET IP reputation database Mitigates volumetric and DNS DDoS attacks Financial Services E- Commerce Subscriber Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control F5 Agility 2014 27
DDoS protection reference architecture hybrid enterprise Corporate Users Legitimate Users DDoS Attacker Multiple ISP strategy ISPa/b Cloud Scrubbing Service Threat Threat Feed Intelligence Feed Intelligence TIER 2 KEY FEATURES Tier 1 The second tier is for Network attacks: application-aware, ICMP flood, UDP flood, SYN flood CPU-intensive defense mechanisms SSL termination Network and DNS DNS attacks: Virtualized DNS web amplification, query flood, application firewall dictionary attack, DNS poisoning provides fault isolation Mitigate asymmetric and SSL-based DDoS attacks IPS Tier 2: Protecting L7 and apps HTTP attacks: Slowloris, slow POST, recursive POST/GET Protecting L7 Virtualized Web Application Firewall provides fault isolation + Compliance Web Server Customers can run VE on the existing hypervisors already supporting their app infrastructure Financial Services ASM E- Commerce Subscriber Scanner Anonymou s Proxies Anonymou s Requests Botnet Attacker s Strategic Point of Control F5 Agility 2014 28
DDoS protection reference architecture hybrid enterprise Next-Generation Firewall Corporate Users Tier 2: Protecting L7 and apps Tier 1 Protecting L7 Legitimate Users DDoS Attacker Multiple ISP strategy ISPa/b Cloud Scrubbing Service Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS IPS HTTP attacks: Slowloris, slow POST, recursive POST/GET Virtualized Web Application Firewall provides fault isolation + Compliance Web Server Financial Services E- Commerce Subscriber Threat Threat Feed Intelligence Feed Intelligence Customers can run VE on the existing hypervisors already supporting their app infrastructure Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control F5 Agility 2014 29
Hybrid / On-Prem Cloud Cloud Physical
F5 in Amazon Web Services Marketplace F5 and Amazon Web Services (AWS) have partnered to help you rapidly deploy application workloads without incurring the capital expenditures of new infrastructure. You can now deploy the F5 BIG-IP platform in the AWS cloud utilizing either your own license via Bring Your Own License (BYOL) or an hourly license. F5 Agility 2014 31
F5 Offerings in AWS Good Better Best GBB Offering Offerings Component Offerings Virtual Editions Offerings $/Hr. Good Better Best 25M $0.33 $0.83 $1.33 200M $0.83 $1.67 $2.50 1G $1.67 $2.29 $3.06 Hourly based Good, Better, or Best Instances Virtual Editions Lab 25M 200M 1G BIG-IP Versions 25M 200M 1G BIG-IP Versions: F5 Agility 2014 32
Hybrid / On-Prem Cloud SDN / Virtual SDN / Virtual Physical
Enterprise Software Defined Data Center Virtual Deployment Model Deploy private clouds Accelerate deployments and dynamic changes between DCs Implement DR architectures Minimize CAPEX and OPEX Keep security close to applications Different groups protected against misconfigurations Clients BIG- IQ Virtual Infrastructure Hypervisor vswitch Data Center RES T DC Orchestration & Automation (ex. vcd, vco) RECOMMENDED VE CONFIGURATIONS 25M to 1G VE per app + Better or Best offer with VE License Pools Hypervisor vswitch 25M 200M 1G F5 Agility 2014 34
Cerner: Enterprise Software Defined Data Center Redundant F5 VE instances per major customer for Risk Mitigation With 300 customers, we deployed an HA VE pair (A/S) for each customer replacing Cisco physical appliances With a software defined data center from F5, Cerner reduces the risk for major outages by eliminating single points of failure User Clients Internet or Customer WAN Software Defined Data Center Active Directory Web Interface Servers Citrix XenApp Servers XML Brokers Zone Data Collector F5 Agility 2014 35 LTM LTM BIG-IP Local Traffic Manager A/S HA Pair
Evolve Your Data Center with Software Defined Application Services from F5 Programmability Data Plane Control Plane Management Plane Virtual Edition Appliance Chassis Network [Physical Overlay SDN] F5 Agility 2014 36
F5 Virtual Editions
F5 Virtual Editions Product Portfolio F5 offers virtual editions of every market-leading product with the same code, advanced application delivery services, and breadth of features. Virtual Editions F5 Agility 2014 38
F5 s delivers unmatched flexibility and performance across all major hypervisors VMware vsphere KVM and Community Xen Citrix XenServer Microsoft Hyper-V Amazon AWS Lab 25M 200M 1G 3G 5G 10G F5 Agility 2014 39
Get Started
Try BIG-IP Virtual Edition in Your Environment https://f5.com/trials 100 % 90 Download Free Trial 90-day BIG-IP LTM VE Free Trial 30 Get an Eval. License 30-day Virtual Edition evaluation licenses of all solutions Buy BIG-IP for your Lab Low-cost BIG-IP lab license F5 Agility 2014 41