virtualization / cloud / sdn
TRANSCRIPT
Virtualization / Cloud / SDNWhat most people don’t discuss
• Wim Zandee
• Director System Enigineering North&East EMEA
© F5 Networks, Inc 2
Amazon Prime Air
Delivery in 30 minutes
© F5 Networks, Inc 55
© F5 Networks, Inc 6
© F5 Networks, Inc 7
© F5 Networks, Inc 8
$7.2 MILLIONFINANCIAL IMPACT PER SECURITY BREACHDELAY AND CUSTOMER’S WILL ABANDON SESSION
4 SECOND$110,000LOST REVENUE PER HOUR OF DOWNTIME
Source: bloomberg.com/news/2011-03-08/security-breach-costs-climb-7-to-7-2-million-per-incident.htmlSource: evolven.com/blog/downtime-outages-and-failures-understanding-their-true-costs.htmlSource: manageengine.com/products/applications_manager/business-impact-app-performance-problems.pdf
© F5 Networks, Inc 9
© F5 Networks, Inc 10
Simplify, be flexible, and deploy faster
© F5 Networks, Inc 11
Provide the services all your applications need
© F5 Networks, Inc 12
Evolution in Application Environment
F5 VISION
Applicationswithout constraints
SDN and
Private Cloud
Software Defined Data Centers
Cloud and
DevOps
Cloud SLA and controlprivate network agility
Accelerate time to market
Agile Development
Rapid deployment─network and operations velocity
Speed, customer-driven, and quality of app development
Failed to Address:
L4–7 device sprawl and application awareness
© F5 Networks, Inc 13
High-Performance Services Fabric
Network [Physical • Overlay • SDN]
Virtual Edition Chassis Appliance
Data Plane
Programmability
Control Plane Management Plane
On-Demand Scaling All-Active Clustering Multi-Tenancy
ScaleN
TMOS TMOS TMOS TMOS
ThroughputConnections
per second
Concurrent
connectors
Multi-tenant
instances per device
Device service
clusters
© F5 Networks, Inc 14
High-Performance Services Fabric
Simplified Business Models
• New licensing models
• Easy to procure
• Save by purchasing bundles
f5 Synthesis
© F5 Networks, Inc 15
Application Provisioning in Today’s Data Centers
• Lacks application agility -requires provisioning across different layers by different organizations
• Time to operationalize purchased assets is longer due to inefficient provisioning
• Longer time to deploy Applications with scale and security
• Harder to achieve application elasticity
TENANT (HR) TENANT (FINANCE)
NETWORK CONNECTIVITY
L4-L7
COMPUTE + VM
STORAGE
App x
App y
App z
App p
App q
App r
NETWORK CONNECTIVITY
L4-L7
COMPUTE + VM
STORAGE
NETWORK CONNECTIVITY
L4-L7
COMPUTE + VM
STORAGE
NETWORK CONNECTIVITY
L4-L7
COMPUTE + VM
STORAGE
NETWORK CONNECTIVITY
L4-L7
COMPUTE + VM
STORAGE
NETWORK CONNECTIVITY
L4-L7
COMPUTE + VM
STORAGE
Configure firewall rules as required by the
application
Configure Network to insert Firewall
Configure firewall
network parameters
Configure Load Balancer as required by the
application
Configure Load Balancer and L4-7 services
Configure Router to steer traffic to/from Load
Balancer
Traditional Network Service Insertion• Challenges
Service insertion takes days
Network configuration is time consuming and error prone
Difficult to track configuration on services
Service Insertion In traditional Networks
Server
vFW
Switch
Router
FW
Router
LB
© F5 Networks, Inc 17
10 min.
Provision VM
1-2 weeks
Request infrastructure services,
clarify/define needs (back-and-forth)
1-2 weeks
Sit in IT queue
2-4 hours
Infrastructure services
configuration complete
IT pre-defines catalog of
infrastructure services
Time to production for all
necessary infrastructure
services drops from weeks
to minutes
10 min.
Provision
VM
10 min.
Select correct
infrastructure policy
from catalog
5 min.
Auto-configure
infrastructure
services
Time to Market
Deploying apps in the Datacenter with Cisco Application Centric Infrastructure (ACI) and F5 synthesis
Application Centric Infrastructure (ACI) Vision
Rapid Deployment of Applications onto Networks with Scale, Security and Full Visibility
Cisco Nexus 9500
and 9300
Application Centric
Policy Controller
ACI
Building blocks of ACI
ACI Building Blocks Accelerate Application Deployments
F5 BIG-IPCONTROLLER POLICY MODEL NEXUS 9000 FABRIC
APPLICATIONNETWORK PROFILE
Traditional3-TierApplication
FWADC
WEB ACC APP DB
Physical + Virtual
Policy extended to L4-L7
Application: 3-tier application (WEB-APP-DB) This may use ADC, FW services
End point Group (EPG): Grouping of application Components
Policy model: Define QOS, Security, Network, L4-L7 and monitoring policies to be applied to EPG
© F5 Networks, Inc. 21
Return
APIC
Application visibilityA Single View of your Application
HEALTH SCORE
LATENCY
DROP COUNT
VISIBILITY
VMs PhysicalLoad Balancer
Firewall
21
96%
Microsecond(s)
Packets Dropped
5
25
8 5
Deploying apps in the Datacenter with Vmware (NSX) and F5 synthesis
© F5 Networks, Inc 23
F5 Reference Architecture for VMware NSX
NSX Manager
NSX Management
GenericPlatform
iApps
NSXEdge
NSXvSwitch
User
GenericPlatform
Admin
Cloud Management & Orchestration
Cloud Management & Orchestration
Application Services
BIG-IPPlatform
Deploying L3–L7 Services
ApplicationWorkloads
BIG-IQ Cloud and BIG-IQ Device
BIG-IP Local Traffic Manager
Simplified Business Models
• Operational agility at the network services (Application Delivery Networking [ADN]) layer
• Operational agility for application-specific services for acceleration, availability, and security (a rich Layer 7 protocol)
• Delivering a consistent consumer experience without consuming IT resources better spent on strategic projects
NSX / F5 Management Plane Integration
VM VM
Logical
Networks
NSX Logical
Router
INTERNET
User
VMVMVMBIG-IQ
vCENTER
Server
Server Pool
F5 VE
VM
Configuration1
Management
NSX
Manager
One-time registration of
BIG-IQ with NSX
Manager
BIG-IQ publishes catalog
of iApps to NSX Manager
Cloud Admin specifies
ADC service template
and location for service
instantiation
© F5 Networks, Inc 26
Complete Hybrid App Services PortfolioAvailable in all app architectures
LAYER 4-7STATEFULSERVICES
NetworkFirewall
Identity and Access
DDoSProtection
Global Load Balancing
Malware Detection
Application Security
Local LoadBalancing
Application Performance
Secure Web Gateway
DNS Services
SSL VPNWeb ApplicationFirewall
IPv6 Services
HIGH PERFORMANCE SERVICES FABRIC
VIPRION BIG-IP Virtual Edition Silverline
Silverline
Deploying apps in the Public Cloud with F5 synthesis
© F5 Networks, Inc 28
• F5-verified BIG-IP Virtual Edition within a growing list of cloud providers
• Volume and variety of providers across the globe and across industries
• Flexible cloud licensing across utility, BYOL, or subscription
• Support for Microsoft Azure now available
Expand Industry-leading App Delivery to Public CloudF5 verifies cloud service providers
© F5 Networks, Inc 29
• Broadest set of app and security services in public cloud providers
• Including support for Microsoft Azure
• Dynamic scaling of app services in the cloud
• Integration of BIG-IP Virtual Edition (VE) with AWS Auto Scaling
• First and only ADC with SSL Crypto Offload
• SSL scalability for hybrid data centers, freeing up 66% capacity
• Enhanced virtualisation control
• Per-guest SSL and network rate limiting for ultimate flexibility in private clouds
Expand Control with F5 App Services in the CloudNew capabilities across hybrid environments
© F5 Networks, Inc 30
• F5 services and support
• Supports Cloud Licensing Program and Volume Licensing Subscription software models
• F5 Security Operations Center (SOC) ensures 24x7 threat monitoring and responses
• F5 community ecosystem
• DevCentral portal where 200,000+ community experts contribute depth content and support
• F5 Partners leverage depth and expertise of F5 partner ecosystem
Expansive Community of Experts for Greater ROI
OptimiseMaximise
performance,
health,
security
ArchitectDesign for best
practices
deployments
ImplementDeploy quickly
and optimally
MaintainEnsure
continued
availability
F5 Services
© F5 Networks, Inc 31
Apps
F5 for the App-centric Strategy
DDoS protection Access and identity
Management and orchestration
SSL enablement
Load balancing
Application security
Programmability
Business continuity
Data Center Private Cloud Public Cloud
DNS
services
Fraud protection
© F5 Networks, Inc 32