virtualization / cloud / sdn

Virtualization / Cloud / SDNWhat most people don’t discuss

• Wim Zandee

• Director System Enigineering North&East EMEA

Amazon Prime Air

Delivery in 30 minutes


$7.2 MILLIONFINANCIAL IMPACT PER SECURITY BREACHDELAY AND CUSTOMER’S WILL ABANDON SESSION

4 SECOND$110,000LOST REVENUE PER HOUR OF DOWNTIME

Source: bloomberg.com/news/2011-03-08/security-breach-costs-climb-7-to-7-2-million-per-incident.htmlSource: evolven.com/blog/downtime-outages-and-failures-understanding-their-true-costs.htmlSource: manageengine.com/products/applications_manager/business-impact-app-performance-problems.pdf


Simplify, be flexible, and deploy faster


Provide the services all your applications need


Evolution in Application Environment

F5 VISION

Applicationswithout constraints

SDN and

Private Cloud

Software Defined Data Centers

Cloud and

DevOps

Cloud SLA and controlprivate network agility

Accelerate time to market

Agile Development

Rapid deployment─network and operations velocity

Speed, customer-driven, and quality of app development

Failed to Address:

L4–7 device sprawl and application awareness


High-Performance Services Fabric

Network [Physical • Overlay • SDN]

Virtual Edition Chassis Appliance

Data Plane

Programmability

Control Plane Management Plane

On-Demand Scaling All-Active Clustering Multi-Tenancy

ScaleN

TMOS TMOS TMOS TMOS

ThroughputConnections

per second

Concurrent

connectors

Multi-tenant

instances per device

Device service

clusters


High-Performance Services Fabric

Simplified Business Models

• New licensing models

• Easy to procure

• Save by purchasing bundles

f5 Synthesis


Application Provisioning in Today’s Data Centers

• Lacks application agility -requires provisioning across different layers by different organizations

• Time to operationalize purchased assets is longer due to inefficient provisioning

• Longer time to deploy Applications with scale and security

• Harder to achieve application elasticity

TENANT (HR) TENANT (FINANCE)

NETWORK CONNECTIVITY

L4-L7

COMPUTE + VM

STORAGE

App x

App y

App z

App p

App q

App r


L4-L7

COMPUTE + VM

STORAGE


L4-L7

COMPUTE + VM

STORAGE


L4-L7

COMPUTE + VM

STORAGE


L4-L7

COMPUTE + VM

STORAGE


L4-L7

COMPUTE + VM

STORAGE

Configure firewall rules as required by the

application

Configure Network to insert Firewall

Configure firewall

network parameters

Configure Load Balancer as required by the

application

Configure Load Balancer and L4-7 services

Configure Router to steer traffic to/from Load

Balancer

Traditional Network Service Insertion• Challenges

Service insertion takes days

Network configuration is time consuming and error prone

Difficult to track configuration on services

Service Insertion In traditional Networks

Server

vFW

Switch

Router

FW

Router

LB


10 min.

Provision VM

1-2 weeks

Request infrastructure services,

clarify/define needs (back-and-forth)

1-2 weeks

Sit in IT queue

2-4 hours

Infrastructure services

configuration complete

IT pre-defines catalog of

infrastructure services

Time to production for all

necessary infrastructure

services drops from weeks

to minutes

10 min.

Provision

VM

10 min.

Select correct

infrastructure policy

from catalog

5 min.

Auto-configure

infrastructure

services

Time to Market

Deploying apps in the Datacenter with Cisco Application Centric Infrastructure (ACI) and F5 synthesis

Application Centric Infrastructure (ACI) Vision

Rapid Deployment of Applications onto Networks with Scale, Security and Full Visibility

Cisco Nexus 9500

and 9300

Application Centric

Policy Controller

ACI

Building blocks of ACI

ACI Building Blocks Accelerate Application Deployments

F5 BIG-IPCONTROLLER POLICY MODEL NEXUS 9000 FABRIC

APPLICATIONNETWORK PROFILE

Traditional3-TierApplication

FWADC

WEB ACC APP DB

Physical + Virtual

Policy extended to L4-L7

Application: 3-tier application (WEB-APP-DB) This may use ADC, FW services

End point Group (EPG): Grouping of application Components

Policy model: Define QOS, Security, Network, L4-L7 and monitoring policies to be applied to EPG

© F5 Networks, Inc. 21

Return

APIC

Application visibilityA Single View of your Application

HEALTH SCORE

LATENCY

DROP COUNT

VISIBILITY

VMs PhysicalLoad Balancer

Firewall

21

96%

Microsecond(s)

Packets Dropped

5

25

8 5

Deploying apps in the Datacenter with Vmware (NSX) and F5 synthesis


F5 Reference Architecture for VMware NSX

NSX Manager

NSX Management

GenericPlatform

iApps

NSXEdge

NSXvSwitch

User

GenericPlatform

Admin

Cloud Management & Orchestration

Cloud Management & Orchestration

Application Services

BIG-IPPlatform

Deploying L3–L7 Services

ApplicationWorkloads

BIG-IQ Cloud and BIG-IQ Device

BIG-IP Local Traffic Manager

Simplified Business Models

• Operational agility at the network services (Application Delivery Networking [ADN]) layer

• Operational agility for application-specific services for acceleration, availability, and security (a rich Layer 7 protocol)

• Delivering a consistent consumer experience without consuming IT resources better spent on strategic projects

NSX / F5 Management Plane Integration

VM VM

Logical

Networks

NSX Logical

Router

INTERNET

User

VMVMVMBIG-IQ

vCENTER

Server

Server Pool

F5 VE

VM

Configuration1

Management

NSX

Manager

One-time registration of

BIG-IQ with NSX

Manager

BIG-IQ publishes catalog

of iApps to NSX Manager

Cloud Admin specifies

ADC service template

and location for service

instantiation


Complete Hybrid App Services PortfolioAvailable in all app architectures

LAYER 4-7STATEFULSERVICES

NetworkFirewall

Identity and Access

DDoSProtection

Global Load Balancing

Malware Detection

Application Security

Local LoadBalancing

Application Performance

Secure Web Gateway

DNS Services

SSL VPNWeb ApplicationFirewall

IPv6 Services

HIGH PERFORMANCE SERVICES FABRIC

VIPRION BIG-IP Virtual Edition Silverline

Silverline

Deploying apps in the Public Cloud with F5 synthesis


• F5-verified BIG-IP Virtual Edition within a growing list of cloud providers

• Volume and variety of providers across the globe and across industries

• Flexible cloud licensing across utility, BYOL, or subscription

• Support for Microsoft Azure now available

Expand Industry-leading App Delivery to Public CloudF5 verifies cloud service providers


• Broadest set of app and security services in public cloud providers

• Including support for Microsoft Azure

• Dynamic scaling of app services in the cloud

• Integration of BIG-IP Virtual Edition (VE) with AWS Auto Scaling

• First and only ADC with SSL Crypto Offload

• SSL scalability for hybrid data centers, freeing up 66% capacity

• Enhanced virtualisation control

• Per-guest SSL and network rate limiting for ultimate flexibility in private clouds

Expand Control with F5 App Services in the CloudNew capabilities across hybrid environments


• F5 services and support

• Supports Cloud Licensing Program and Volume Licensing Subscription software models

• F5 Security Operations Center (SOC) ensures 24x7 threat monitoring and responses

• F5 community ecosystem

• DevCentral portal where 200,000+ community experts contribute depth content and support

• F5 Partners leverage depth and expertise of F5 partner ecosystem

Expansive Community of Experts for Greater ROI

OptimiseMaximise

performance,

health,

security

ArchitectDesign for best

practices

deployments

ImplementDeploy quickly

and optimally

MaintainEnsure

continued

availability

F5 Services


Apps

F5 for the App-centric Strategy

DDoS protection Access and identity

Management and orchestration

SSL enablement

Load balancing

Application security

Programmability

Business continuity

Data Center Private Cloud Public Cloud

DNS

services

Fraud protection

virtualization / cloud / sdn

Technology