27. Q/Q Revenue Growth: -2%*Advanced Platform Segment Includes: ADCs that integrate several functions (typically more than four) on a single platform (for example, load balancing, TCP, connection management, SSL offload, compression and caching) Radware 10.3% Others 17.5% Citrix 17.8% F5 NETWORKS 54.4% SOURCE: Gartner
29. Organizations Worldwide Trust F5 to Keep Their Businesses RunningIncluding 9 out of 10 of the world’s top financial services firms and 60% of the Global 1000 Financial Media Other IT Transport Telco/ISP
32. Traditional Methods of Resolution Multiple Point Solutions Application More Bandwidth Application Developer Network Administrator Add more infrastructure? Hire an army of developers?
33. F5 BIG-IP TechnologyTurn your infrastructure into an agile application delivery network BIG-IP Users Applications Optimizeyour Applications, Network and Client Connections Secureyour Applications Customizethe delivery of your Applications ensure Scalable, Adaptable, Highly Available Applications provideManageability to administrators
34. Optimizations F5’s Traffic Management Operating System Leveraging Clustered Multiprocessing iSessions Optimizing at the Client Benefit to: Client Network Server
35. TMOS ArchitectureA unified system for application delivery Applications Users Full Proxy Server Side Client Side App Security WAN Accel 3rd Party Microkernel Rate Shaping TCP Express SSL Caching XML Compression OneConnect TCP Express iRules High Performance Hardware iControl
36. Clustered Multi-Processing Benefits of Asymmetric Processing Symmetric Processing No Overhead of CPU Context Switching Load Balances processes across ALL Cores
37. WAN Application Delivery ServicesSecure and optimize site-to-site BIG-IP BIG-IP WAN Firewall Firewall iSessions Symmetric Adaptive Compression SSL Encryption Complete L7 QoS TCP Express 2.0 Servers Servers iSessions secure, optimized connection between two BIG-IPs
38. Improve Connections Starting from Client EDGE Client Smart reconnect feature survives endpoint IP address change (such as AP hop) detects domain changes for automatic VPN tunnel setup/teardown Adaptive compression effort level automatically dials up/down with server/CPU load) Datagram TLS optimizes traffic especially on lossy WAN connections and real time traffic Client side traffic shaping prioritizes sensitive applications (such as VOIP traffic )
54. Secure the Applications & Data Industry Recognized ICSA Certified SC Magazine’s 2009 Best Web Application Security Solution Simplified Administration Rapid Deployment Policies Automatic policy builder with templates Flexible Architecture Bridge or Routed Blocking or Passive Modes Strong Security Protocol Anomaly Detection (DoS, Brute Force) Full XML schema validation Data Guard & Cloaking Protocol Security for FTP, HTTP and SMTP Forceful Browsing & Logical Flaw Mitigation OWASP top 10 and “0 Day” Protections
55. Secure the Applications and Data Network and Protocol Attack Prevention Resource Cloaking and Content Security Positive & Negative Security Models Selective Encryption Security at Application, Protocol and Network Level Meet compliance requirements (PCI, HPPIA, etc.) Strong protection without interrupting legitimate traffic “BIG-IP enabled us to improve security instead of having to invest time and money to develop a new more secure application” Application Manger Global 5000 Media and Entertainment Company TechValidate 0C0-126-2FB
56. Adaptive Application SecurityUnique Attack Detection, L7 DoS and Brute Force Protection Remediate unwanted clients while servicing desired clients Improved application availability Focus on higher value productivity while automatic controls intervene
57. Provide Trust-Based Access User Trust: LDAP Windows Domain Active Directory Radius Single Sign On Two-Factor Auth Client Side Certificates The EDGE is Fluid! Resources / Applications Access Policy Manager (APM) Corporate Network Internet Access and Control Network Access Web Application Access Role Based Access Control L4, L7 ACLs Integration with 3rd Party IAM vendors Device Trust: Antivirus Personal Firewall Files and Registry Settings OS & Browser Patches Trusted IP REMEDIATION – When End Point Scan Fails Manageability BIG-IP GUI, tmsh, iRules, iControl Visual Policy Editor – Easy to Build & Maintain end point security access policies Role Based Admin – admin access based on organizational role End User Experience WAN Optimization and Web Acceleration Standalone Client Web based Client
59. Customize your Delivery with iRules Programming language integrated into TMOS TMOS (Traffic Management Operating System) Based on industry standard TCL language TCL (Tool Command Language) Inbound or outbound traffic can be: intercepted inspected transformed directed tracked 0101010101010101010101010101010101010101010101010101010101010101
67. DLL in Visual StudioWeb Client Web Client Web Server Virtualization BIG-IP iContol Web Server Web Server Web Server Application Server Virtualization BIG-IP iContol App. Server App. Server App. Server Storage Virtualization Storage Storage Storage
68. Available, Scalable & Adaptable Applications Load Balancing Hardware Resilience Stateful, High Availability Blade-based capabilities Adaptability with Dynamic Infrastructure Concepts
69. It Starts with Load BalancingEnsure availability and plan for growth 8 Dynamic LB Methods Application Health Monitoring High Performance Hardware Session Persistence TransactionAssurance LTM load balances at the application level Ensures the best resources are always selected Has deep visibility into application health Proactively inspects and responds to errors Eliminate downtime and scale the application
70. Intelligent Monitoring: Monitor real traffic instead of probing In-Band Monitors Monitor is based on live traffic connections Detects true state of application without active monitor overhead Alleviates active monitors constantly sending traffic to the servers; catches downed nodes in between the active monitor probe internals Marks node down after pool member does not respond to a connection within a certain amount of time Can automatically attempt to send a connection to a downed node Can only force the active monitor to be used for probing if the passive monitor detected the node as down 01010101010101010101010101010101010101010101010101010101010101010
71. Offering Resiliency & High Availability Hardware designed specifically for Application Delivery Industry’s best performance – up to 40 Gbps throughput Hot-Swappable Components Flexible deployment options – FIPS, NEBS, DC power Always-on Management All Hardware supports intelligent High Availability Stateful Failover for session-based applications
72. Dynamic Infrastructures using VMWARE / F5 Matching Network Automation with Computer Resource Automation Demand ↑ ↑ ↑ Web Clients Web Clients Monitoring & Management Frontends Virtualization Detection BIG-IP LTM iControl Automation VM Provision Frontend Frontend Frontend vCenter + AppSpeed F5 Provision AppServers Virtualization BIG-IP LTM iControl Demand ↓ ↓ ↓ Detection App. Server App. Server App. Server Storage Virtualization Automation F5 Deprovision VM Deprovision
73. Global (Site) Adaptability Data Center Asia Data Center North America ISP-2 ISP-1 Firewalls BIG-IP Firewalls BIG-IP Internet Data Center Europe Firewalls BIG-IP Leverage Global DNS capabilities within BigIP
91. Central Policy Management & DeploiymentIT Staff IT Staff IT Staff IT Staff Web Web SharePoint Exchange Web SharePoint Exchange Accounting Real-time Monitors ADC ADC ADC ADC ADC ADC ADC ADC
Notes de l'éditeur
Delivering IT apps is not a simple exercise. There are a lot of issues to figure out:How do I make sure the app is always available?How can plan for growth?How do I make sure the delivery is optimized for the best end-user experience?How do I secure the app?How can I make sure I’m using my resources (servers, bandwidth) efficiently?
There’s a better way – the Application Delivery Controller. It’s a platform designed specifically to solve these issues, by making decisions in your network to ensure that your applications are always fast, secure, and available. BIG-IP Local Traffic Manager is the market-leading application delivery controller. It load balances, secures, and optimizes application traffic, giving you the control to add servers easily, eliminate downtime, improve application performance, and meet your security requirements.
asymmetric multiprocessing (ASMP), which uses separate specialized processors for specific tasks (which increases complexity), and computer clustered multiprocessing (such as Beowulf), in which not all memory is available to all processors.
TDR-1 After TDR-2 has removed all previously transferred byte patterns, WANJet applies a second class of data reduction routines called TDR-1. While TDR-2 is optimized to enhance repeat transfer performance, TDR-1 is designed to improve first transfer performance through the use of advanced encoding techniques and dictionaries optimized for very small repetitive patterns.
When you’re delivering an application, you also have to worry about security. Again you have a few options – you can try to modify the application, you can put in point solutions, or you can use your ADC as a strategic point of control to secure both your applications and your data. BIG-IP LTM has a number of features that provide security at the application level.Resource cloaking and content security – Prevent error codes and sensitive content from being presented to hackersCustomized application attack filtering – search for and apply rules to block known application level attacksPacket filtering – L4 based filtering rules to protect at the network levelNetwork attack prevention – protect against DoS, SYN floods, and other network attacks while delivering uninterrupted service for legitimate connections.MSM (add-on module)PSM (add-on module)ASM (add-on module)A "positive" security model identifies scenarios with a known degree of trust, only allowing access to trusted resources. The positive model assumes that a new scenario is un-trusted, and requires that trust be assigned before access and usage is granted. In the classic positive security model, only known good requests and known good results are delivered.
Layer 7 DoS Protection – Block application DoS attacks and increase end-user application performance with accurate triggers and automatic controls. This is based on a detection element and three different prevention methods which are applied one after another for in-depth prevention measures and techniques.Brute Force Protection – Detect and mitigate high volume failed login requests. ASM monitors server responses and when it detects multiple login failures related to a Brute Force Attack, ASM slows the requesting browser down.
Let’s start with the first two issues for application delivery – how do I make sure the app is always available and plan for growth? In the past, you could solve this with a simple load balancer. Spread the traffic among several servers and you’re done. But as applications get more complex, your method for load balancing has to keep up. You can’t just look at spreading traffic around, the load balancer needs to actually understand the application to distribute the traffic appropriately. LTM provides the advanced features you need to make application level decisions to direct users to the best possible resources.Static and dynamic LB methodsApplication health monitoring with specialized monitors for specific applicationsMultiple persistence methods (sticky sessions)Transaction insurance to inspect and respond to server and application errors
BIG-IP hardware is designed specifically for application delivery. Features such as hardware SSL, hardware compression, and multi-core processing enable BIG-IP hardware to deliver even the most demanding applications. Options for dual hard drives, dual power, and hot swappable components give you the highest reliability.
NOTE: The install will appear to hang at 87% for several minutes. This is normal.
Chances are you already implement administrative virtualization throughout your IT organization, but you probably don’t refer to it by this phrase.If you implement separate passwords for your root/administrator accounts between your mail and web servers, and your mail administrators don’tknow the password to the web server and vise versa, then you’ve deployed management virtualization in its most basic form. The paradigm can beextended down to segmented administration roles on one platform or box, which is where segmented administration becomes “virtual.” User andgroup policies in Microsoft Windows XP, 2003, and Vista are an excellent example of virtualized administration rights: Alice may be in the backupgroup for the 2003 Active Directory server, but not in the admin group. She has read access to all the fi les she needs to back up, but she doesn’thave rights to install new fi les or software. Although she is logging into the same sever that the true administrator is logs into, her user experiencediffers from the administrator. Management virtualization is also a key concept in overall data center management. It’s critical that the networkadministrators have full access to all the infrastructure gear, such as core routers and switches, but that they not have admin-level access to servers