introduktion-f5 networks men …€¢ introduktion-f5 networks • use case: undvikcloud lock-in...
TRANSCRIPT
• Introduktion - F5 Networks• Use Case: Undvik Cloud Lock-in och säkerhetsproblem,
men behåll alla fördelarna med Automation och Cloud• Summering
F5 is everywhere
47 of the Fortune 50Companies
9 of thetop 10 US
Airlines 29 of thetop 30 US
CommercialBanks
10 of thetop 10 USTelecoms
9 of thetop 10 USWirelessCarriers
10 ofthe top 10
GlobalBrands
10 of thetop 10 GlobalAutomotiveCompanies
9 of thetop 10 Global
Oil & GasCompanies
F5 2000+ Partners
© F5 Networks, Inc. 4
Network/SDN Cloud Security Orchestration Application Service Provider
F5 - Market leader - Application Delivery Controllers• Den enda Enterprise leverantören i alla Gartner Magic Quadrants: ADC, WAF och
Enterprise Network Firewalls
• Perfekt val för Konsolidering av Datacenter Firewall-, L3-7- DDoS mitigering, SSL/TLS-skalning, Web application-, säkerhets- och applikations-optimering.
Magic Quadrant for Web Application Firewalls Magic Quadrant for Enterprise Networks FirewallsMagic Quadrant for Application Delivery Controllers
Devices
Employees
Contractors
Customers
1.2.3.4
Data Center
Hypervisor
Virtual
Physical
Private/PublicCloud
BIG-IP Platform
IPv4 IPv4IPv6
VLAN VXLAN
HTTP/2 HTTP/1.1
TLSv1.2 SSLv3
SSLv3
Private Cloud
ADC & Security
Application
Data
Application
Data
ADC & Security AWS Tools
ADC & Security Azure Tools
How about migrating/scaling or adding new apps to a public cloud provider to get the benefits of public cloud : cost, time to market and scale ?
Application
Data
Public Internet
Time to MarketLow initial costs (Pay per use)
Flexible & unlimited capacity growth
• Security: private keys, policy, sensitive data• Storage: cost, data to/from the cloud• Cloud lock-in: policy, data transfer cost• Performance: Higher latency C
ON
S
Private Cloud
ADC & Security
Application
Data
ADC & Security AWS Tools
ADC & Security Azure Tools
Application
Data
PRO
S
New Green App to Azure
Application
Data
Migrate/Scale out Orange App to AWS
Public Internet
• Security: private keys, policy, sensitive data• Storage: cost, data to/from the cloud• Cloud lock-in: policy, data transfer cost• Performance: Higher latency C
ON
S
ADC & Security AWS Tools
ADC & Security Azure Tools
Unifying your L4-L7 application services and policies across your Private and Public Cloud
deployments (BYOL, Utility Billing)
Private Cloud
ADC & Security
Application
Data
Application
Data
Application
Data
Public Internet
PRO
S
Securing and automating app delivery in public cloud
• F5 Solution for Private–Public Cloud inter-connect• Secure reverse tunnel between Private–Public cloud (SSL keys on BIG-IP in Private Cloud/DC)• Public cloud resources auto-discovered and managed by BIG-IP in Private Cloud/DC
Application Connector
Private Cloud
ADC & Security
App Connector
App Connector
AC
AC
Private keys
Application
Data
Application
Data
Public Internet
Application
Data Secure Reverse Tunnel
• Security: private keys, sensitive data• Storage: cost, data to/from the cloud• Cloud lock-in: data transfer cost• Performance: Higher latency C
ON
SPrivate keys stored in Private CloudApp front-end via BIG-IP in Private CloudAuto-discovery of Public Cloud resourcesAll resources managed from Private Cloud
Private Cloud
ADC & Security
App Connector
App Connector
AC
AC
Private keys
Application
Data
Application
Data
Public Internet
Application
Data
PRO
S
Secure Reverse Tunnel
Private Cloud
ADC & Security
AC
AC
Application
Storage
ADC & Security
• Security: sensitive data• Storage: cost, data to/from the cloud• Cloud lock-in: data transfer cost• Performance: Higher latency C
ON
SSensitive data securely stored in ColoColo brings app closer to end usersMoving data in/out colo at low cost
Low latency towards all public cloud providers
Application
Data
Application
Data
Application
Data
App Connector
App Connector
Public Internet
Colo Facility
Public CloudXChangePrivate
Interconnect
Extend your Private Cloud into Colo Facility
PRO
S
Secure Reverse Tunnel
Private Cloud
ADC & Security
AC
AC
Application
Storage
ADC & Security
Application
Data
Application
Data
Application
Data
App Connector
App Connector
Public Internet
Colo Facility
Public CloudXChangePrivate
Interconnect
Extend your Private Cloud into Colo Facility
Secure Reverse Tunnel
SilverlineServices
Deploy any application, anywhere, with consistent application services and security
Traditional Data Center
Private CloudCoLo/Public
Cloud
Consistent PoliciesCloud independency
Fastest Time to ServiceVisibility + Compliant
Lowest TCO
SaaSAppsManaged Hosting
F5 Cloud Vision Delivered
SaaS
SaaS
SaaS
SaaS
SaaS
DIRECTCONNECT
BIG-IP
AWS Google
Azure
IBM
Rackspace
© 2016 F5 Networks 23
© F5 Networks, Inc
F5 Licensing: Good
BIG-IP Local Traffic Manager
Good OfferingWhat you get:
o Load-Balancing• Load balancing and monitoring• Application Visibility and Monitoring• L7 intelligent traffic management• Core protocol optimization (HTTP, TCP, SPDY,
SSL)• SSL proxy and services• IPv6 support• Programmability (iRules, iCall, iControl, iApps)• ScaleN: On demand, application & operational
scaling• AAM Core (Caching, Compression, Bandwidth
Controller, more)• APM Lite (User Authentication, SSL VPN for 10
concurrent users)• SYN flood protection
© F5 Networks, Inc
F5 Licensing: Better
BIG-IP Local Traffic Manager
BIG-IP Global Traffic Manager
BIG-IP Application Acceleration Manager
BIG-IP AdvancedFirewall Manager
Better Offering
• High-performance ICSA firewall• Network DDoS protection• Application-centric firewall policies• Protocol anomaly detection
• Web performance optimization• WAN optimization (data
deduplication, FEC)• Mobile optimization (smart client
cache, image optimization)• SaaS acceleration (reduce
bandwidth usage & page load times)
• Global server load balancing• DNS services• Real-time DNSSEC solution• Global application high availability• Geolocation• DNS DDoS attack protection
What you get:
o Load-Balancing
o Global Load-Balancing (DNS)
o Acceleration
o Network Firewall (L2-4)
© F5 Networks, Inc
F5 Licensing: Best
Best Offering
• PCI Compliant Web Application Firewall
• Web scraping prevention• Integrated XML firewall• Violation correlation &
incident grouping• Application DDoS
protection
• 500 concurrent users, scalable up to 200K
• BYOD enablement• Full Proxy for VDI (Citrix,
VMware)• Single sign-on
enhancements (Identity Federation with SAML 2.0)
BIG-IP Local Traffic Manager
BIG-IP DNS (formerly known as GTM)
BIG-IP Application Acceleration Manager
BIG-IP AdvancedFirewall Manager
BIG-IP Application Security Manager
BIG-IP Access Policy Manager
What you get:
o Load-Balancing
o Global Load-Balancing (DNS)
o Acceleration
o Network Firewall (L2-4)
o Web Application Firewall (L7)
o Remote Access / Authentication
PRIVATE CLOUD
(VMWare, Hyper-V)BIG-IP Platforms & VIPRION Chassis
F5 CUSTOM HARDWARE
© F5 Networks, Inc
F5 Platform Options
PUBLIC CLOUD
(AWS, Azure)
TMOS
COMMODITY HARDWARE
vCMP
STANDARD EDITIONVIRTUAL EDITION
F5 PlatformsPlatforms
F5 fysisk ADCsHøy ytelse med med dedikert hardware
Fysisk ADC är lämpligast för:• Høy ytelse og skalering• SSL offload, kompresjon og akselerering• DDOS beskyttelse• Internett baserte tjenester
Fysisk + virtual = hybrid ADC infrastrukturFleksibilitet og ytelse
Hybrid ADC är lämpligast för:• Overgang fra fysisk til virtuell. Og Privat
datasenter til sky løsninger• Cloud bursting• Lagvis fordeling av arbeidsoppgaver• Privat sky
F5 Virtual EditionsFleksibel installasion för virtuella miljöer och moln
Virtual ADC är lämpligast för:• Hurtig installasjon• Privat og public cloud installasjon• Innføre sikkerhet nærmere applikasjon• Lab, test, og QA installasjoner
Virtuell
BIG-IP i4000 series BIG-IP i10000 SeriesBIG-IP i5000 Series BIG-IP i7000 Series
BIG-IP VE5Gbps
BIG-IP VE3Gbps
BIG-IP VE1Gbps
BIG-IP VE200Mbps
BIG-IP VE25Mbps
VIPRION 2400
VIPRION 4480VIPRION 4800BIG-IP i2000 series
BIG-IP VE10Gbps
VIPRION 2200
Fysisk Hybrid
BIG-IP VE10Mbps lab
BIG-IP VE40Gbps
DevCentral. The F5 User Community. 223,000 Members.
© F5 Networks, Inc
• Wikis• API/SDK Documentation
• Sample Code • Tech Tips • Forums• Podcasts• Blogs
• iRule Editor• iControl SDK
• .NET, Java, Python, Powershell, ...
• VMware vSphere Management Plug-in
• Microsoft SCOM Monitoring Pack
REFERENCES
RESOURCES
TOOLS & FRAMEWORKS
iWorkflow RPM Libraries Python SDK
Language/API Java, Javascript / REST Node.js / REST Python / REST
What Can It Do?
• L4-L7 Service Catalog Deployment
• BIG-IP Device Provisioning (HA, Licensing, etc.)
• Service Insertion with Cisco APIC, VMWare NSX
BIG-IP Device Provisioning (NTP, Licensing, DNS, VLANs, Self-IP)
Factory Reset
HA Pairing
BIG-IP Device Provisioning (NTP, Licensing, DNS, VLANs,
Self-IP)
HA pairing
Basic LTM config (pools, nodes, monitors, iRules, VIPs)
Basic GTM config (pools, iRules, VIP, wide-ip)
Where Can I Find It?downloads.f5.com Provisioning/Reset RPM
HA Pairing RPMF5 GitHub Repository
How Do I Learn More? iWorkflow Wiki Home DevCentral Article Library Documentation
.com