1 / 41

How to achieve a fast, secure and available virtualization infrastructure

How to achieve a fast, secure and available virtualization infrastructure. Luuk Dries. Why virtualization – a small recap. Efficiency Maximize CPU, RAM and Disk resources Energy savings Flexibility Quick response to business needs Quickly adding and removing applications.

derron
Download Presentation

How to achieve a fast, secure and available virtualization infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to achieve a fast, secure and available virtualization infrastructure Luuk Dries

  2. Why virtualization – a small recap • Efficiency • Maximize CPU, RAM and Disk resources • Energy savings • Flexibility • Quick response to business needs • Quickly adding and removing applications

  3. Why virtualization ? • Business Continuity • Disaster Recovery • Security • Test and Development

  4. Each Application has its own specific requirements: 99,999% Availability, Performance over the WAN, High Security, .... Applications Application Delivery Networking SharePoint Database Siebel BEA.NET SAP PeopleSoft IBM ERP SalesForce Custom Available Secure Fast

  5. Availability for the Web Tier… 99% 99% 99% 99.99% Internet 99.9999% 99% • Unmatched scalability and transparency • High Availability and Load Balancing • Centralized SSL offloading

  6. … and for the Application Tier Application WWW 99% 99% 99% 99% Internet 99% 99% • Full L7 application visibility • L7 content processing and switching • Application monitoring 98% 99% Accumulated Availability

  7. Flexibility:DataCenter Automation • Real-time interfacing with vCenter to add new VMs to the load balancing pool (iControl) • Advanced Health Checks to ensure that newly provisioned VMs are ready for traffic

  8. ISP1 Availability and Performance across ISP Links • Select link on: • Availability • Cost of route • Protocol • Source/Destination • Time • And apply: • - Bandwith • Management • - Traffic Prioritization Internet ISP2

  9. Availability and Performance across Datacenters Local DNS Internet Backup DC Primary DC

  10. Difficult to accelerate SSL content • First time visits are slow • Network latency, packet loss, verbose protocols • Dynamic Web content • Users are increasingly remote and/or mobile • Data center consolidation • = My Web Applications are Slow.. IT Manager & App Architect

  11. WAN Latency WAN Latency WAN Latency WAN Latency Chatty Apps & Latency = Slow Apps Web Browser MyWebApp.com Web Servers Get / HTTP/1.1 250 ms Time Index.html Get /javascript.js HTTP/1.1 250 ms javascript.js Get /stylesheet.css HTTP/1.1 250 ms stylesheet.css Get /image(n).jpg HTTP/1.1 250 ms image(n).jpg A web page load with about 100 objects generates at least 100 round-trips WAN: 100/2 x 250 ms = 12.5 seconds! LAN: 100/2 x 1 ms = 50 ms

  12. Impact of Web Acceleration With Without

  13. F5 Approach – Three Tiers of Acceleration • Tier 1 Acceleration – Network Offload • Re-use downloaded objects/content (IBR) • Reduce data transferred (Compression) • Tier 2 Acceleration – Server Offload • Servers are busy serving same data over and over (Caching) • Too many connections to back-end servers (OneConnect & spooling) • Overflow of connections to back-end servers (RateShape & conn limit) • SSL offload • Compression offload • Tier 3 Acceleration – Application Offload • Browser re-downloads same content over and over (IBR) • Force multiple connections (MultiConnect) • Web apps are slow over the WAN (ESI, Compression, PDF linear..)

  14. Effect of 3 Tiers of AccelerationPage Load Time Up to 90% reduction in Page load time

  15. Effect of 3 Tiers of AccelerationCPU Utilization Up to 90% reduction in CPU utilization

  16. Intelligent Browser Referencing This is the onlydynamic content Problem • Repeated Content Retrieval Slows Web Application • Dynamic pages contain mostly static content that is retrieved repeatedly

  17. Intelligent Browser Referencing Initial Request Cache Compression Subsequent Client Requests Cache Apply IBR cache expiration Repeat Visits Retrieve from Browser Cache Solution • WebAccelerator Enables Browser Re-use of Cacheable Contents • No client to download • No changes to browser

  18. Validated in vendor application labs Certified policies pre-configured Easy to Deploy – Easy to Integrate

  19. Web Acceleration Performance 2X to10X Performance Increase

  20. F5 and VMware can enable a secure, live migration …of a virtualized application and its storage …from one siteto another …without downtimeandwithout user disruption.

  21. Initial Environment BIG-IP Global Traffic Manager BIG-IP Local Traffic Manager BIG-IP Local Traffic Manager vCenter A vCenter B

  22. Step 1: F5 BIG-IP Local Traffic Manager Opens WAN Optimization Tunnel BIG-IP Global Traffic Manager 1 BIG-IP Local Traffic Manager BIG-IP Local Traffic Manager • Compressed • De-Duplicated • Encrypted vCenter A vCenter B

  23. Step 2: Storage vMotion Executed Across WAN Optimized Tunnel BIG-IP Global Traffic Manager BIG-IP Local Traffic Manager BIG-IP Local Traffic Manager vCenter A vCenter B This step can be avoided if storage is already being synchronously replicated between sites 2

  24. Step 2: Pending App vMotion, transactions rely on VM in Site A, but Storage in Site B BIG-IP Global Traffic Manager BIG-IP Local Traffic Manager BIG-IP Local Traffic Manager vCenter A vCenter B vCenter A still managing VM

  25. Step 3: Application vMotion Executed Over WAN Optimized Tunnel BIG-IP Global Traffic Manager BIG-IP Local Traffic Manager BIG-IP Local Traffic Manager vCenter A vCenter B 3

  26. Step 4: vCenter Instructs F5 BIG-IP Global Traffic Manager to Cut Over to Site-B BIG-IP Global Traffic Manager 4 BIG-IP Local Traffic Manager BIG-IP Local Traffic Manager vCenter A vCenter B

  27. F5 BIG-IP Global Traffic Manager Routes All NEW Application Connections/Sessions Directly to Site B. BIG-IP Global Traffic Manager BIG-IP Local Traffic Manager BIG-IP Local Traffic Manager vCenter A vCenter B

  28. F5 BIG-IP Local Traffic Manager in Site A Redirects EXISTING Sessions Temporarily to Site B Until Clients Register DNS Change BIG-IP Global Traffic Manager BIG-IP Local Traffic Manager BIG-IP Local Traffic Manager vCenter A vCenter B

  29. Eventually, ALL Connections Go Directly to Site B. The Process Can Be Reversed When Necessary. BIG-IP Global Traffic Manager BIG-IP Local Traffic Manager BIG-IP Local Traffic Manager vCenter A vCenter B • Successful Application • Migration • Complete

  30. ! Unauthorised Access Web Application Security ! Who is this?? Stops bad requests / responses Non-compliant Information WAF allows legitimate requests Browser ! ! Infrastructural Intelligence Unauthorised Access What is he doing ??

  31. Challenges of Web Application Security • HTTP attacks are valid requests • HTTP is stateless, application is stateful • Web applications are unique • there are no signatures for YOUR web application • Good protection has to inspect the response as well • Encrypted traffic facilitates attacks… • Organizations are living in the dark • missing tools to expose/log/report HTTP(s) attacks

  32. ASM: Powerful Adaptable Solution • Provides comprehensive protection for all web application vulnerabilities • Provides out of the box security • Logs and reports all application traffic • Provides L2->L7 protection • Unifies security and acceleration services • Stop attacks unseen by traditional WAFs (anti-evasion) • Provide On-Demand WAF scaling • Sees Application level performance

  33. Layer 7 DoS and Brute Force Unique Attack Detection and Protection • Unwanted clients are remediated and desired clients are serviced • Improved application availability

  34. Why F5? The F5 Advanced ADN Applications Application Delivery Networking SharePoint Database Siebel BEA.NET SAP PeopleSoft IBM ERP SalesForce Custom Available Secure Fast

  35. Gartner Magic Quadrant for ADC challengers leaders F5 Networks • Offers the most feature-rich AP ADC, combined with excellent performanceand programmability via iRules and a broad product line. • Strong focus on applications, including long-term relationships with major application vendors, including Microsoft, Oracle and SAP. • Strong balance sheetand cohesive management team with a solid track record for delivering the right products at the right time. • Strong underlying platform allows easy extensibility to add features. • Support of an increasingly loyal and large group of active developerstuning their applications environments specifically with F5 infrastructure. F5 Networks Citrix Systems | ability to execute | Cisco Systems Radware Foundry Networks Zeus Technology Nortel Networks niche players visionaries | completeness of vision | Source: Gartner (July 2008)

  36. BIG-IP Hardware Line-up VIPRION Price BIG-IP 8900 36 Gbps Traffic Multiple Product Modules Ultimate redundancy in a single chassis 2 x Quad core CPU 16 10/100/1000 or 2 10GE SFP+ 2x 320 GB HD + 8GB CF 16 GB memory SSL @ 58K TPS/ 9.6 Gb Bulk 8 Gbps max hardware compression 12 GbpsTraffic Multiple Product Modules BIG-IP 6900 2 x Dual core CPU 16 10/100/1000 + 8x 1GB SFP 2x 320 GB HD (S/W RAID) + 8GB CF 8 GB memory SSL @ 25K TPS/ 4 Gb bulk 5 Gbps max hardware compression 6 Gbps Traffic Multiple Product Modules BIG-IP 3600 BIG-IP 1600 Dual core CPU 8 10/100/1000 + 2x 1GB SFP 1x 160 GB HD + 8GB CF 4 GB memory SSL @ 10K TPS/2 Gb bulk 1 Gbps max software compression 1.5 Gbps Traffic 1 Advanced Product Module Dual core CPU 4 10/100/1000 + 2x 1GB SFP 1x 160GB HD 4 GB memorySSL @ 5K TPS/1 Gb Bulk 750 Mbps max software compression 750 M Traffic 1 Basic Product Module Function / Performance

  37. F5’s Data Center Vision – Unified Application & Data Delivery Data Center & Link Virtualization: Services & Policy Web Server Virtualization: Services & Policy Application Server Virtualization: Services & Policy File Storage Virtualization: Services & Policy DC 1: U.S. Cell Link 1 Link 2 Link 3 PC - Home Web Server Web Server Web Server Web Server DC 2: U.K. Remote - WAN Link 1 Link 2 Link 3 App. Server App. Server App. Server App. Server PC - LAN WLAN Windows file storage Windows file storage EMC NetApp BIG-IP LTM, WA, ASM F5 ARX BIG-IP LTM, SAM BIG-IP LTM,GTM & LC

  38. ARX – File Virtualization BEFORE AFTER • User / application access tightly coupled to physical file storage • Inflexible: change is disruptive • Complex: multiple mappings to heterogeneous storage devices • Inefficient: low aggregate utilization • File access decoupled from physical storage location • Flexible: change is non-disruptive • Simple: single mapping to unified storage pool • Efficient: maximize utilization

  39. Tiering / ILM / Data Migration • Match cost of storage to business value of data • Files are automatically moved between tiers based on flexible criteria such as age, type, size, etc. • Drivers: • Storage cost savings, backup efficiencies, compliance • Benefits: • Reduced CAPEX • Reduced backup windows and infrastructure costs

  40. Summary • F5 offersyou the scalabilityboth in performance and functionality to optimizeall your applications • F5 makesyour applications • SECURE • FAST • AVAILABLE in the most flexible and stable solution • F5 optimizesyourstorageenvironment

More Related