F5 Synthesis Nilesh Mistry Field Systems Engineer firstname.lastname@example.org Advanced threats SDDC/Cloud Mobility © F5 Networks, Inc “Software defined” everything Internet of Things HTTP is the new TCP 2 Impact on Data Center Architecture: Applications MICRO-ARCHITECTURES API DOMINANCE Each service is isolated and requires its own: Proxies are used in emerging API-centric architectures for: • • • • • Load balancing Authentication / authorization Security Layer 7 Services May be API-based, expanding services required More applications needing services © F5 Networks, Inc • • • • • API versioning Client-based steering API Load balancing Metering & billing API key management More intelligence needed in services Service A Service C API v1 Service B Service D API v2 3 Impact on Data Center Architecture: Network SOLUTION SPRAWL OPERATIONAL INCONSISTENCY Increasing threats and client platforms result in need for: Introduction of off-premise cloud solutions without architectural parity results in: • • • • • • Mobile device management Mobile access management Mobile security DDoS Application layer threats Malware • Inconsistent enforcement of business and operational policies • Unpredictable application performance and security • Increased OpEx as new management paradigms are introduced SaaS © F5 Networks, Inc 4 F5 MISSION Deliver the most secure, fast, and reliable applications to anyone anywhere at any time. © F5 Networks, Inc 5 The Evolution of F5 3 2 1 © F5 Networks, Inc • Hypervisor/Cloud ubiquity • Multi-tenancy, all-active • Identity access management • Security • Mobility/LTE • Domain Name Services • Traffic management • Optimization • Acceleration 6 Application Environment Agile Development Speed, customerdriven, and quality of app development Rapid deployment─ network and operations velocity © F5 Networks, Inc 7 Application Environment Agile Development Cloud and DevOps Speed, customerdriven, and quality of app development Accelerate time to market Rapid deployment─ network and operations velocity Cloud SLA and control private network agility © F5 Networks, Inc 8 Application Environment Agile Development Cloud and DevOps SDN and Private Cloud Speed, customerdriven, and quality of app development Accelerate time to market Software defined data centers Failed to Address: Rapid deployment─ network and operations velocity © F5 Networks, Inc Cloud SLA and control private network agility L4–7 device sprawl and application awareness 9 The Time Is Right F5 VISION Agile Development Cloud and DevOps SDN and Private Cloud Speed, customerdriven, and quality of app development Accelerate time to market Software Defined Data Centers Applications without constraints Failed to Address: Rapid deployment─ network and operations velocity © F5 Networks, Inc Cloud SLA and control private network agility L4–7 device sprawl and application awareness 10 © F5 Networks, Inc. Inc 11 The Evolution of F5 4 3 2 1 © F5 Networks, Inc. Inc Software Defined Application Services Cloud Ready Broadened Application Services Application Delivery Controller 12 Software Defined Application Services Elements High-Performance Services Fabric Simplified Business Models © F5 Networks, Inc 13 High Performance Services Fabric High-Performance Services Fabric Virtual Edition Network Appliance Chassis [Physical • Overlay • SDN] High-Performance Services Fabric On-Demand Scaling All-Active Clustering Multi-Tenancy TMOS TMOS ScaleN Network [Physical • Overlay • SDN] TMOS TMOS High-Performance Services Fabric Throughput *40K when combining admin instances with vCMP Connections per second Network Concurrent connections Multi-tenant instances per device [Physical • Overlay • SDN] Device service clusters High-Performance Services Fabric Programmability Data Plane Virtual Edition Network Control Plane Appliance Management Plane Chassis [Physical • Overlay • SDN] High-Performance Services Fabric Programmability Data Plane Virtual Edition Network Control Plane Appliance Management Plane Chassis [Physical • Overlay • SDN] “Leave No Application Behind” 1000 Average number of applications deployed within an enterprise DDoS © F5 Networks, Inc WAF SSL Acceleration LTE Applications require services 21 The selected few © F5 Networks, Inc 22 BIG-IP © F5 Networks, Inc BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP 23 High-Performance Fabric BIG-IP © F5 Networks, Inc BIG-IP Application Services BIG-IP BIG-IP BIG-IP BIG-IP 24 Software Defined Application Services Software Defined Application Services F5 Software Defined Application Services (SDAS) are a rich set of services that address the delivery challenges faced by businesses today. Built and deployed atop extensible F5 platforms, SDAS are all application and context-aware, highly scalable, and programmatic. Provisioned and managed within the F5 Synthesis architecture through BIG-IQ, SDAS provides organizations with the opportunity to simplify application delivery architectures without compromising on service breadth and depth. © F5 Networks, Inc 26 Software Defined Application Services Availability services from F5 focus on eliminating single points of failure to reduce downtime and disruption. Network, application and organizational availability is critical to ensuring business continuity and access to the applications that enable today’s businesses. Availability services span data center and cloud-hosted applications, ensuring scale and reliability regardless of where applications or users are located. Availability Global Server LB Load Global Server LB CGNAT Balancing Global Load Balancing DNS Caching & Resolving Authoritative DNS Disaster Recovery Cloud Bursting Business © F5 Networks, Inc Intelligent EPC node selection Continuity 27 Software Defined Application Services Performance services for F5 focus on improving the end-user experience regardless of location or device. Performance services enhance mobile and web application responsiveness by supporting protocols like SPDY and TCP optimizations and by enabling applications to dynamically take advantage of compression and caching technologies. Performance Compression Traffic Management Caching Acceleration Optimization SPDY Gateway Application Optimization Web Performance Optimization © F5 Networks, Inc Traffic Shaping and QoS 28 Software Defined Application Services Access & Identity services are critical to maintaining a positive security posture while enabling users to access applications from anywhere at anytime. F5 enables single-sign on and federation of application access across the data center and into the cloud, while maintaining the integrity of data through comprehensive endpoint inspective and antimalware services. SAML Federation Access & Identity Cloud Federation Single Sign-On Access Control Endpoint Inspection © F5 Networks, Inc SSL VPN Active Sync Proxy Secure Web Gateway Web Access Management Anti-Malware 29 Software Defined Application Services Security services are an integral component to the organization’s overall security strategy. F5 security services protect and mitigate threats at every layer of the network stack. From network DDoS to SYN floods to HTTP-focused attacks, F5 services are designed to provide comprehensive detection and defense against the growing volume of threats. Anti-Fraud Programmability DNS Firewall SSL Inspection WAF Anti-Phishing SSL intelligence DDoS ADF Firewall DNSSEC © F5 Networks, Inc Security SSL VPN 30 Application Services Portfolio Cloud Federation Anti-Phishing Diameter & Routing SAML Federation Mobile Optimization Firewall Traffic Management SAML Federation Access Mobile Acceleration Control Global Load Balancing Gi CGNAT Cloud Bridging Authoritative DNS App Delivery Firewall Caching Optimization Application Optimization Management DNS Firewall Compression Chaining Quota Management SSL VDI Inspection Firewall Mobile App Service Single Sign-On Anti-Malware Disaster Recovery DNSSEC VOLTE Traffic Shaping and QoS Intelligence Cloud Bursting DDoS SSL VPN NfV SSL Traffic Management Subscriber Traffic Control Business Continuity Active Sync Proxy LTE Roaming Endpoint Inspection Programmability MDM Access Management Global Server SPDY Web Web Performance DNS Caching & Resolving SDN Optimization Gateway VAS Bursting Load Anti-Fraud Enrichment Policy Intelligent EPC node Secure Web Gateway Balancing Enforcement selection Application Traffic Control Web App Firewall Acceleration Intelligent Services Orchestration Intelligent Services Orchestration Orchestration Connectors Fabric Connectors BIG-IQ Module Connectors Cloud Connectors Intelligent Services Orchestration Orchestration Connectors Fabric Connectors BIG-IQ Module Connectors Cloud Connectors Intelligent Services Orchestration Orchestration Connectors Fabric Connectors BIG-IQ Module Connectors Cloud Connectors Intelligent Services Orchestration Orchestration Connectors Fabric Connectors BIG-IQ Module Connectors Cloud Connectors Intelligent Services Orchestration Orchestration Connectors Fabric Connectors BIG-IQ Module Connectors Cloud Connectors Centralized Management Platform BIG - IQ BIG-IP BIG-IP Data Center Hybrid Cloud Public Cloud Simplified Business Models Simplified Business Models Perpetual Subscriptions BYOL Cloud Licensing Program F5 Licensing: Good Good Offering BIG-IP Local Traffic Manager Target Customer: Load balancing and monitoring Application Visibility and Monitoring L7 intelligent traffic management Core protocol optimization (HTTP, TCP, SPDY, SSL) SSL proxy and services IPv6 support Programmability (iRules, iCall, iControl, iApps) ScaleN: On demand, application & operational scaling • AAM Core (Caching, Compression, Bandwidth Controller, more) • APM Lite (User Authentication, SSL VPN for 10 concurrent users) • SYN flood protection • • • • • • • • Organizations that require local intelligent traffic management to ensure application availability Customer Needs: • • • • Rapid deployment & optimization Real-time analysis & load balancing SSL acceleration & offload Easy protocol implementation F5 Licensing: Better Better Offering BIG-IP Local Traffic Manager BIG-IP Global Traffic Manager BIG-IP Application Acceleration Manager BIG-IP Advanced Firewall Manager Target Customer: • • • • • • Global server load balancing DNS services Real-time DNSSEC solution Global application high availability Geolocation DNS DDoS attack protection • Web performance optimization • WAN optimization (data deduplication, FEC) • Mobile optimization (smart client cache, image optimization) • SaaS acceleration (reduce bandwidth usage & page load times) • • • • High-performance ICSA firewall Network DDoS protection Application-centric firewall policies Protocol anomaly detection Organizations that require network security and improved end user experience with local and global intelligent traffic management Customer Needs: • Protect and optimize the data center • Optimize application delivery • Ensure optimal application availability and performance • Future-proof the business • Leverage the power of integrated SDN services F5 Licensing: Best Best Offering BIG-IP Local Traffic Manager BIG-IP Global Traffic Manager Target Customer: • PCI Compliant Web Application Firewall • Web scraping prevention • Integrated XML firewall • Violation correlation & incident grouping • Application DDoS protection BIG-IP Application Acceleration Manager BIG-IP Advanced Firewall Manager BIG-IP Application Security Manager BIG-IP Access Policy Manager • 500 concurrent users, scalable up to 200K • BYOD enablement • Full Proxy for VDI (Citrix, VMware) • Single sign-on enhancements (Identity Federation with SAML 2.0) Organizations that require advanced access management and total web security in addition to network security with local and global intelligent traffic management Customer Needs: • • • • • Manage application access Support BYOD initiatives Accelerate remote access Protect IP and minimize vulnerability exposure Free development resources to create value F5 Synthesis High-Performance Fabric Intelligent Services Orchestration Simplified Business Models Utilizing F5 ScaleN to provide the most scalable, high-density, high-performance fabric in the industry to leave no application behind. Offering BIG-IQ for the deployment of application services, cloud orchestration, and ADC management─ one push button provisioning and all necessary API management. Providing capacity- and volumebased licensing, software module mobility, and the unique bundling of application services. F5 Synthesis F5 in Every Cloud Performance Leadership Reference Architectures F5 deployed and serviced in every cloud marketplace to ensure consistent Synthesis application services deployment. Meet every performance requirement from Micro ADC 25 MB virtual editions to terabit-sized chassis solutions. Provide fully documented and tested business outcome solutions for F5 customers to consume Synthesis. F5 Synthesis Drives Shift to Software Defined Data Center Traditional Environment SILO APPROACH BY APPLICATIONS COST UN-EFFICIENCY NO PROGRAMMABILITY, SCALABILITY © F5 Networks, Inc SOFTWARE-DEFINED DATACENTER ARCHITECTURE BECAME “FABRIC” WITH HIGH PROGRAMMABILITY AND SCALABILITY IMPROVE COST EFFICIENCY 46 High-Performance Services Fabric Simplified Business Models • New licensing models • Easy to procure • Save by purchasing bundles © F5 Networks, Inc 47 Reference Architectures Solving Customer Issues Reference Architectures Device, Network, Applications S/Gi Network Simplification DDoS Protection Bill of Materials © F5 Networks, Inc. Inc Security for Service Providers LTE Roaming • • • • Application Services Intelligent DNS Scale Solution diagram(s) Architecture diagram(s) Product map diagram(s) Customer deck Migration to Cloud Cloud Federation DevOps Cloud Bursting • RA video overview • White paper(s) • Placemat leave-behind 49 Benefits of F5 Synthesis Drive © F5 Networks, Inc. Increase Reduce Future 50 F5 Synthesis Partner Ecosystem / DevOps © F5 Networks, Inc. 51 Solutions for an Application World.