f5 big-ip: secure application and data security services

F5 BIG-IP: Secure Application and Data Security ServicesNick Matthews Partner Solutions Architect, AWS

Robert Haynes Solution Architect, F5

Agenda Networking on AWS About F5 Customer story: Alberta Motor Association Q&A

Cloud Performance is Only as Good as Network PerformanceThe benefits of cloud computing are well-proven

But your networking performance determines to what degree you will derive those benefits

Scalability Security Global Footprint Cost-effectiveness

Core Networking Offerings

Amazon VPC AWS Direct Connect

Amazon Route 53Amazon Elastic Load Balancing

AWS offers a wide variety of networking services, with four at the center:

Layers of Networking on AWS

Region

AZ

VPC

Subnet

Routing Table

Network ACL

Security Group

Amazon VPC

Choose from multiple connectivity options including public internet, Network Address Translation, encrypted VPN, and more

Quickly and easily provision and configure using the AWS Management Console Leverage multiple layers of security to protect your applications and environment, including

access control lists, dedicated hardware, and more

Amazon Virtual Private Cloud (VPC) lets you provision a logically isolated section of the AWS cloud where you can launch resources in a virtual network you define

AWS Direct Connect

AWS Direct Connect gives you dedicated network connections between your on-premises data center and AWS

Can reduce bandwidth costs Delivers more consistent network performance with reduced latency Compatible with all AWS services Elastically scales to meet your specific needs

Direct ConnectLocation

IPVPN/ MPLS

Point to point

Customer Data Center

Customer Office

Customer Office

Customer Office

Elastic Load BalancingElastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances and Availability Zones

Enables fault tolerance, with less manual intervention in applications Ensures that only healthy Amazon EC2 instances receive traffic; traffic is re-routed to a

new Availability Zone if all Amazon EC2 instances are unhealthy Meets application traffic demands by automatically scaling its request handling capacity

Amazon Route 53Amazon Route 53 is designed to reliably and cost-effectively route end-users to internet applications

Connects user requests to infrastructure running in AWS, and can also be used to route users to infrastructure outside of AWS

Monitor application and end-point health, or re-route traffic to healthy end-points with DNS health checks

Meets application traffic demands by automatically scaling request handling capacity Manage traffic globally with Traffic Flows – route users to application end-points through a

single region, or around the globe

Augment Your Network with AWS Marketplace Offerings

ISVs in AWS Marketplace offer solutions for a wide variety of use cases:

Routing VPN Application Delivery Firewalling

F5 Networks

About F5 Seattle based company Develops products to strengthen application and network security,

performance, and availability 48 out of the Fortune 50 companies rely on F5 currently

1:1 9.2 24/7Personalized support Customer

satisfaction ratingWorldwide response

What makes us different?

ADC leader in Gartner Magic

Quadrant for 10 consecutive years

Minimizes risk and business impact when moving mission-critical apps to the cloud

Consolidates multiple security, remote access, performance, and app delivery functionalities into a single platform

Customers can apply same policies on-premises and on the cloud

F5 BIG-IP Virtual Edition provides

Intelligent traffic management

Enhanced network security

Total application security

F5 BIG-IP Virtual Edition (VE)F5 BIG-IP ensures business critical apps and networks are:

Fast Available Secure

F5 and AWS introduction

EfficiencyRapidly provision intelligent services into the cloud and in your existing datacenter using the same code, advanced app services, and breadth of features

AgilityQuickly and efficiently spin up or down the leading app resources you need to control app acceleration, security and availability

FlexibilityFlexible deployment options to meet your current goals and add modular BIG-IP application delivery services

When to use F5 BIG-IP

FunctionalityWhen you need features beyond basic load balancing or application load balancing

ProgrammabilityWhen you want to write code that programs the application traffic, the infrastructure, or the network

Compatibility When you want to deploy consistent application delivery and security policies both on-premises and in the cloud

Scaling and HA

Designed for HA Auto-Scale Aware Auto-Scale Ready

AZ1 AZ2

Leveraging existing AWS infrastructure• F5 offers 3 flexible licensing models: Good, Better, and Best• Offered through Amazon Test Drive• Option to Bring Your Own License (BYOL)

Amazon EC2 Amazon EBS Amazon VPC

F5 on AWS features and benefits

Hybrid Cloud ConfidenceProvides critical app delivery services consistently from existing datacenters to the Cloud

Secure Apps AnywhereUses deep app intelligence and visibility to provide a consistent level of protection wherever your apps reside

Increase Business AgilityProvides the flexibility to scale at will based on shifting hardware, software, and on-demand requirements

Customer success story: Alberta Motor Association

About Albert Motor Association (AMA)

Membership organization part of the Canadian Automobile Association and American Automobile Association family

Provides roadside assistance to motorists travelling in Alberta

Offers driver education, insurance, financial and travel agency services

Web team was presented with a difficult project and a tight timeline

Project included building staging, development, and production environments

AMA executive team concerned with security for confidential customer data

Web team needed faster turnaround to do their jobs effectively

AMA’s requirements

Why AMA chose F5 on AWS

AMA was familiar with F5’s cloud-optimized

licensing

Pay-as-you-go option from AWS

Intuitive web interface that allows their web team to adapt quickly

Deployed BIG-IP Local Traffic Manager to load balance the traffic between their AWS Cloud Availability zones

Utilized BIG-IP Application Security Manager to ensure that their web applications receive same high level protection as their on-premises applications

Built a platform that met both the web team’s agility needs and fulfilled their corporate security requirements

F5’s solution

Benefits realized/conclusion/future projects

Decreases IT workload, using fewer resources

Self-provisioning, boosting agility

Eases the transition to the

cloud

Delivers on-premises security –

on the cloud

Q&A