f5 for application delivery networking a blueprint for successful application use environment l.
Skip this Video
Loading SlideShow in 5 Seconds..
F5 for Application Delivery Networking A Blueprint for Successful Application Use Environment PowerPoint Presentation
Download Presentation
F5 for Application Delivery Networking A Blueprint for Successful Application Use Environment

Loading in 2 Seconds...

play fullscreen
1 / 84

F5 for Application Delivery Networking A Blueprint for Successful Application Use Environment - PowerPoint PPT Presentation

  • Uploaded on

F5 for Application Delivery Networking A Blueprint for Successful Application Use Environment. Presented by: Timo Hirvonen: F5 Networks. It is all about applications and the user experience in the end. Why Application Deployments Fail?. Application Delivery Issues are Mounting. Partners.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'F5 for Application Delivery Networking A Blueprint for Successful Application Use Environment' - axl

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
f5 for application delivery networking a blueprint for successful application use environment
F5 for Application Delivery NetworkingA Blueprint for Successful Application Use Environment

Presented by: Timo Hirvonen: F5 Networks

application delivery issues are mounting
Application Delivery Issues are Mounting


Web Applications

Grid / Utility


Web Services



Thin Client

Thick Client









Organizations are constrained by limited staff, resources and infrastructure

Application types are increasing exponentially

Number of applications in enterprise portfolios is growing

Legacy applications need to be extended and leveraged

Need for Application Delivery Networking Is Becoming Critical

it challenge part i
IT Challenge – Part I
  • Centralization vs. Globalization
  • End-User Performance
    • Need Business Focus
    • Application Delivery vs. Packet Delivery
  • Application Fluency
  • Flexibility to Adapt to Technology Changes
it challenge part ii

RESULT: Applications and Networks operate without regard to each

other limiting scale, performance, reliability, and security


IT Challenge – Part II
  • Applications and networks behave independently
  • Many network functions require high degrees of manual intervention
  • Distributed architectures and web services increase complexity
  • Historically, applications and protocols for communicating with network devices inflexible at best




F5’s Application Ready Network

Slow responses

Bloated data

Security risks

Many servers

Application Attacks

XML, SOAP, ActiveX, JS

Office workers


Network Administrator

Application Developer


F5’s Application Ready Network

Fast responses

Smaller data

Stops Attacks

Fewer servers

Office workers


Network Administrator

Application Developer

from server load balancing to application delivery
From Server Load Balancing to Application Delivery
  • While the market emerged from load-balancing solutions to improve the availability and reliability of Web sites, we are now a long way from the days where load balancing and Secure Sockets Layer (SSL) termination for basic HTML traffic are viable by themselves.
  • Browser-based applications are often a major impetus to invest in these technologies, but many enterprise applications that look browser-based actually employ thick clients that run within the browser, and that don't run over HTTP(S) or have the ability to bypass standard browser capabilities like compression.
  • The emergence of Ajax and other rich client interfaces further complicates the environment. As a result, there is a need for solutions with broader payload parsing, and inspection and optimization techniques, including client-resident software.
application delivery controllers
Application Delivery Controllers
  • Application delivery controllers (ADCs) reside in the data center, typically in front of frontline Web servers.
  • They are deployed asymmetrically (only at the data center end) and are designed to improve the availability, performance and security of Web- or Internet Protocol-based applications.
  • ADCs enhance the performance of Web-based and related applications for end users by providing a suite of services at the network and application layers. These services can include:

• Layer 4 through Layer 7 redirection and load balancing and failover.

• Transmission Control Protocol (TCP) connection multiplexing.

• Server offload (for example, SSL termination and TCP connection management).

• Data compression.

• Network-address translation.

• Network-level security functions, distributed denial-of-service protection and server cloaking.

• Selective compression.

• Caching.

• Content transformation and rewrite.

• Application firewall.

• Transaction assurance. Rules and programmatic interfaces.

• HTML (and other application protocol) optimizations — "pre-fetching" or selective encoding.

• Virtualization.

advanced platform application delivery controllers
Advanced Platform Application Delivery Controllers
  • A more advanced class of ADCs (Advanced Platform ADCs [AP ADCs]) operate on a per transaction basis and achieve application fluency. These devices become actively involved in the delivery of the application and provide sophisticated capabilities, including:

• Application layer proxy, which is often bidirectional and stateful.

• Content transformation.

• Selective compression.

• Selective caching of dynamic content.

• HTML or other application protocol optimizations.

• Web application firewall.

• XML validation and transformation.

• Rules and programmatic interfaces.

application delivery vendor map 2007
Application delivery vendor map 2007

”The market for products to improve the delivery of application software over networks remains dynamic and innovative.

Vendors focused on solving enterprises' most pressing application problems have become the top players.”

a year ago dec 2005
A year ago - Dec 2005

(From "Magic Quadrant for Web-Enabled Application Delivery, 2005," 20 December 2005)

f5 networks according to gartner
F5 Networks according to Gartner
  • Strengths

• Offers the most feature-rich AP ADC, combined with excellent performance and

programmability via iRules and a broad product line.

• Strong focus on applications, including long-term relationships with major application vendors, including Microsoft, Oracle and SAP.

• Strong balance sheet and cohesive management team with a solid track record for delivering the right products at the right time.

• Strong underlying platform allows easy extensibility to add features.

• Support of an increasingly loyal and large group of active developers tuning their applications environments specifically with F5 infrastructure.

  • Cautions

• The Big-IP product is so feature-rich it can be intimidating to some customers.

• Lacks a product for the emerging SMB market.

the quiet networking revolution
The Quiet Networking Revolution

Significant Business Value Around Architecting, Implementing, and Managing the ADN

Application Networking (L4-L7)

Traditional Networking (L2-L3)


F5’s Application Ready Network

Fast responses

Smaller data

Stops Attacks

Fewer servers

Office workers


Network Administrator

Application Developer

from application delivery to application ready network
From Application Delivery to Application Ready Network

F5's Application Ready Network is a holistic application network architecture and infrastructure designed, optimized, tested, verified and documented specifically for Enterprise Applications from companies such as Microsoft, Oracle and SAP.

F5 Technology Center

f5 application ready network solutions best practises on application delivery
F5 Application Ready Network solutions- best practises on application delivery

SharePoint 2007

Exchange 2007

Office Communications Server

MySAP ERP(w/ Netweaver)

SAP Portal


10g App Server

EBS 12

Siebel 8

f5 and microsoft joint tested recommended solutions on
F5 and Microsoft joint tested & recommended solutions on:
  • IIS: Internet Information Services
  • LCS: Live Communications Server
  • Exchange Server
  • SharePoint Server
  • HMC: Hosted Messaging and Collaboration
  • WTS: Windows Terminal Server
  • Microsoft Dynamics
  • BizTalk Server
  • MOM: Microsoft Operations
  • Manager
  • Application Center
  • ISA: Internet Security
  • & Acceleration Server
  • NLB: Network Load Balancer MS recommends to use F5 instead
  • NAP: Network Access Protection
  • ...more to come
f5 and microsoft
F5 and Microsoft

Application Architect Benefits:

Up to 5xperformance increase

33% faster deployment cycles

Up to 25% savings on security costs

Common, repeatable design saving 50% in operational costs

Network Architect Benefits:

  • Up to 70%reduction in access control costs
  • 99.999%availability
  • Automated failover for WAN/LAN saving20% in operational costs
  • Up to 70% reduction in bandwidth
exchange 2007
Exchange 2007

“Exchange 2007 volume adoption will begin in earnest in 2008 with the installed base reaching 40% in 2010 (0.7 probability). A breakdown, by version, of the current installed base (which comprises approximately 150 million commercial users) is estimated to be: version 5.5 – 20%, version 2000 – 40% and version 2003 – 40%).”

“Architecture. Organizations must re-examine topologies for further centralization, as well as for the new server roles. Exchange 2007 will have five official server roles (client access, edge transport, unified messaging, hub transport, and mailbox) and one unofficial role (administrative console). Integration with WSS, PBXs, and OCS as well as disaster recovery options will also require the attention of architects.”

-Gartner, Exchange 2007, October 2006

exchange 2007 solutions
Exchange 2007 Solutions

User Experience and Application Performance

Eliminating SPAM with MSM, thus preventing the clogging of bandwidth and freeing up capacity on the Edge Transport Servers

Offloading SSL, Compression and Caching from the Exchange Servers

For example, with OWA, clients must download 160 objects from the Client Access Servers (CAS) when they first log on

With F5, only six of those first request are delivered by the CAS, allowing those servers to spend more processing power on mail delivery

Pre-defined Acceleration policy with config sets specifically for Exchange or OWA

Isolating client connections from the server connections, thus ensuring communication speed is not limited by the client

Effective attachment handling over the WAN

Business Continuity and Disaster Recovery

F5 provides reliable, real-time availability of globally dispersed Edge Transport servers. If one DC goes down, F5 reroutes to the next best DC. When back up…

Cluster Continuous Replication (CCR), new in Exchange 2007, provides geo-distributed high-availability for mailbox servers – F5 can ensure rapid replication to reduce or eliminate potential data loss in the event of a failure, improve end-user experience during the failover period, and greatly decrease time-to-recovery, all the while reducing bits-in-the-wire

Secure Remote Access – F5 allows you to create a custom application tunnel for accessing OWA or Outlook

Multiple ISPs

exchange 2007 solutions35
Exchange 2007 Solutions

Application Security


CCR is in the clear – F5 encrypts

End-point Security with remote users accessing Outlook or OWA

Cache Clean Up

Unified Security Enforcement and Access Control

Pre-logon checks and Protected Configurations provide the ability to grant users full acces to Exchange using Office Outlook (after satisfying all security policy requirements)

…while users who meet only some of the criteria are restricted to OWA

F5 can also partition the network into various segments to protect and monitor access from one segment to another (e.g., using IP addresses, VLANs, MAC addresses, etc)

F5 provides simplified policy and group management, and provides central reporting and auditing, qhich reduces the overall cost of management.

sharepoint 2007 market size and need
SharePoint 2007 Market Size and Need

“80 million licenses sold with over 10,000 customers. Examples of enterprise-wide deployments like Accenture, Honeywell, and DelMonte are now commonplace.

- Kurt DelBene, Corporate Vice President, Office Business Systems Platform, October 2006

“Architecture. “We anticipate a redefinition of the way communication, collaboration infrastructure, and business applications are designed and deployed.

- Gartner, “Key Issues for Enterprise Contact Centers, 2007”

sharepoint 2007 solutions
SharePoint 2007 Solutions

User Experience and Application Performance

Offloading SSL, Compression and Caching from the SharePoint Servers increasing server capacity by more than 25%.

Pre-defined Acceleration policy with configuration sets specifically for SharePoint

Isolating client connections from the server connections, thus ensuring communication speed is not limited by the client.

Business Continuity and Disaster Recovery

F5 provides reliable, real-time availability of globally dispersed SharePoint servers. If one DC goes down, F5 reroutes to the next best DC. When back up…

Secure Remote Access – F5 allows you to create a custom application tunnel for accessing SharePoint.

Multiple ISPs

sharepoint 2007 solutions39
SharePoint 2007 Solutions

Application Security

Positive security model, permitting only valid and authorized application transactions, while automatically protecting critical web applications from HTTP and HTTPS-based threats such as Google hacking, cross-site scripting, and parameter tampering.

TMOS and iRules enable full bidirectional session and payload inspection.

End-point Security with remote users accessing SharePoint servers; Secure Virtual Workspace, pre-login endpoint security checks, and endpoint trust management.

Centralize application security, eliminating need for multiple, redundant application security devices.

Unified Security Enforcement and Access Control

Access control and enforcement is especially critical for SharePoint, as it is a collaboration tool and repository for shared documents.

Enable administrators to grant certain users, i.e. business partners using equipment not maintained by the company, access to SharePoint and other extranet applications and sites.

F5 can partition the network into various segments to protect and monitor access from one segment to another (e.g., using IP addresses, VLANs, MAC addresses, etc)

F5 provides simplified policy and group management, and provides central reporting and auditing, which reduces the overall cost of management.

live communications server office communications server 2007
Live Communications Server & Office Communications Server 2007

Microsoft’s platform for Unified Communication

Presence: Know who is available and how to contact them.

Instant Messaging (supports MSN, AOL, Yahoo!, and extensible with SIMPLE)

Real Time Collaboration

Voice (VoIP, SIP)

Exchange Attach campaign

MS rep incentives, promotional pricing, marketing/advertising.

Goal for FY07: Attach LCS to 30% of all Exchange licenses sold.

F5 benefits to LCS deployment


High availability

Connection optimization (TCP Express)

MS acknowledges NLB not sufficient for high availability; need HW load balancer.

LCS product group relationship

Microsoft selected F5 as sole vendor to present at Early Adopter Airlift.

LCS development lab currently has over $500K of F5 equipment.

SIP monitor: F5’s current health monitoring capability is far beyond any other load balancer on the market.

microsoft f5
Microsoft & F5

GISV Managed Partner

MTC Alliance Partner

VSIP Premier Partner

MPSC Sponsor Partner

Microsoft Interop Vendor Alliance


Secure IT Alliance

controlpoint project overview
ControlPoint Project Overview

Stand-alone F5 appliance

Built on Microsoft Operations Manager 2007

Visibility into app delivery network

Provide F5 device insights

Available end of CY 2007

Customer Advisory Board

Unequivocally Establish F5’s Leadership by Providing Visibility into the Application Delivery Network

f5 application ready network
F5 Application Ready Network
  • F5 has shipped 50000+ BIG-IP appliances to 10000+ end customers
  • 1/3 to, telco, isp, hosting
  • 2/3 to corporate, government, ..
  • 50 % of previous to MS based application environments
application server 9ias 10g
Application Server 9iAS,10g
  • No Single Point of failure
  • All Applications and Web Caches are now Virtualized on a single point
  • SSL terminated on the BIG-IP
    • 20,000+ new SID per second
    • 6+ Gb of Bulk encryption
    • 500K user connections available
  • FIPS 140/2 fully supported
  • All Application process are monitored for failures
e business suite 11i
E-business Suite 11i
  • No Single Point of failure
  • All Applications are now Virtualized on a single point
  • All Identity Management Servers are now Virtualized on a single point
    • Single IP address and single point of management
  • All Application process are monitored for failures
  • All Identity Management services are monitored for failures

F5 BIG-IP w/ Oracle Identity Management

Third Party

Oracle Identity Management Suite

High Availability




Win NT/2K




Web Portals

Web Hosts


  • SSL
  • PKI
  • Auth.
  • Pack Inspection
  • Rate
  • Shaping
  • Proxy

External Users

SSL Encryption





High Availability


Engine (iRules)



Custom & Legacy






Administrative Console

Internal Users


(Application Traffic Management & Access Control)

  • Secures Network, Application and Portal Access
  • Advanced Authentication Integration with OIM & SSO
  • Increased Compliance and Audit Controls
oracle enterprise mngr big ip plug in solution
Oracle Enterprise Mngr. BIG-IP plug-in Solution
  • Monitors and logs all statistics and configurations
  • Resource planning and root cause analysis
joint soa reference architecture
Joint SOA Reference Architecture
  • Reference Architecture, Blueprint, Component Maps
f5 for oracle soa strategy
F5 for Oracle SOA Strategy
  • Optimization of inter-service communication
  • Load balancing and HA services (scaling)
  • Content based routing
  • SSL offload
  • Security
  • Intelligent caching
  • Acceleration of data services
  • Service virtualization
  • Integration with the wider Oracle SOA ecosystem
f5 s solution coverage for oracle
F5’s Solution Coverage for Oracle
  • Oracle Application Solutions
    • Siebel (CRM, Analytics,… )
    • Peoplesoft (HRMS, ERP… )
    • 11i e-Business Suite (EBS- Financials, CRM, ERP… )
    • JD Edwards EnterpriseOne (Supply Chain,…)-Coming Soon!
  • Oracle Infrastructure & Technology Solutions
    • Identity Management (OID, OAM, RAS, SSO)
    • Oracle Fusion Middleware (OFM)
    • 9i &10g Application Servers
    • Oracle Portal
    • Oracle Collaboration Server (OCS)
    • Oracle Communications and Mobility Server (OCMS)
    • Oracle Enterprise Manager HA & Plug-in (OEM)
    • Oracle DB- health monitors, Grid Control, GTM
arn for oracle coverage oow 2007
ARN for Oracle Coverage (OOW 2007)
  • ARN Technically = Full Product Line Solution and Best Practice Support from F5 for Oracle
    • F5 BIG-IP LTM, GTM, LC, WA, FP and potentially ASM, & WANJet for:
    • 10g Application Server / OFM / IdM
    • Oracle Portal
    • Peoplesoft 9
    • E-business Suite 12
direct benefits
Direct Benefits
  • High Availiability-Redundant Web, Middle Tier and Applications
  • Reduce the Oracle Portal login times for WAN users
  • Increase document download times by a factor up to 5x
  • Reduce Server utilization
  • Reduce the number of server-side connections by a factor of 20x.
real collaboration real solutions
Real Collaboration/Real Solutions
  • Certified Oracle Partner
  • Publishing joint white paper on Oracle MAA, OTN, on optimizing the network for Oracle Applications and Technology.
  • Oracle Enterprise Technology Centers (ETCs)
  • Formal Validations and Certifications of F5 technologies
f5 and oracle
F5 and Oracle

“BIG-IP ensures maximum availability, enhanced performance and security for mission-critical Oracle applications.

In fact, at Oracle we use approximately 90 BIG-IPs in front of over 5,300 different application cluster environments in 4 datacenters worldwide.”

Leonid Stavnitser

Senior Manager Global IT

Oracle USA, Inc

f5 sap
F5 & SAP
  • SAP is a customer
    • FirePass
    • BIG-IP LTM
  • F5 is a Charter Member of SAP’s Network Advisory Group
  • F5 is a Member of SAP’s Virtualization Advisory Group
  • F5 has Collaborated with SAP to Produce NEW Granular Prescriptive Deployment Guidance (publicly published in April ‘07) for:
    • BIG-IP LTM
    • Web Accelerator
    • WANjet
    • FirePass
    • BIG-IP GTM
features benefits results snapshot
Features, Benefits, Results Snapshot
  • Common F5 features that add value to SAP environments:
    • Cookie Encryption
    • Error trapping
    • Load balancing
    • High Availability
    • LTM Provides: TCP Multiplexing, TCP optimizations, SSL Offload, another outlet for compression and potential Caching
  • Benefits:
    • Significant savings of application server processing cycles
    • Web Accelerator provides encryption
    • WANJet provides significant TCP Optimizations
    • WANJet can provide significant Compression gains when the data is not encrypted
  • Results:
    • F5 provided better than 30% reduction in CPU utilization via the combination of TCP handling, compression offload, WA optimizations and SSL offload
    • Web Accelerator provided improvement for first time user requests
    • Performance increase of 2X was demonstrated for users accessing the applications over low bandwidth and high latency links
    • Document downloads were much faster with F5 products integrated into the application deployment
f5 any ip based applications
F5 & any IP based applications
  • WebLogic, Siebel, WebSphere, you name it....
  • Any IP based application will benefit
ematrix access user experienced times f5 webaccelerator repeat visit results
eMatrix access – user experienced times -F5 WebAccelerator – repeat visit results

From 3+ minutes

21 seconds

ematrix access transferred bytes f5 webaccelerator repeat visit results
eMatrix access - transferred bytesF5 WebAccelerator – repeat visit results

From 1,3+ MB

140 KB

Non-accelerated total extends out of graph area

the f5 application ready network components


BIG-IP Global Traffic Manager





BIG-IP Local











iControl & iRules

Enterprise Manager

The F5 Application Ready Network Components


Data Center



One Platform: TMOS

unique tmos architecture

Application Security Module


3rd Party


TCP Proxy

Rate Shaping

TCP Express






TCP Express











High Performance Hardware

iControl API

Unique TMOS Architecture
  • TMOS traffic plugins
  • High-performance networking microkernel
  • Powerful application protocol support
  • iControl – External monitoring and control
  • iRules – Network programming language
devcentral f5 com
  • Community
  • Tools
  • Tips
  • Collaboration
  • iControl -Open Source WS API
  • iRules – Script Policies
company snapshot
Company Snapshot
  • Leading provider of technology to secure, optimise and deliver IP-based applications
  • Founded 1996, public 1999, Nasdaq listed (FFIV)
  • HQ in Seattle, offices around the globe
  • More than 15,000 customers
  • Approx. 1,400 employees
  • FY2006 revenue $394M
    • 40% year-over-year growth
  • More than 50,000 systems shipped
  • Acquisitions:
    • uRoam, July 2003
    • MagniFire, June 2004
    • Swan Labs, September 2005
    • Acopia, September 2007 (Announced)
financial results
Financial Results













global operations
Global Operations






International HQ

Regional HQ / Support Centre

Product Development

F5 Regional Office

f5 in europe
F5 in Europe
  • 230+ employees in EMEA
  • Sequential growth
  • Increasing country presence
  • Strong regional channel
  • Large customer base
    • Financial
    • Media
    • Transportation
    • Technology
    • Telecommunications
    • Service providers
centralized transaction assurance proactive response error handling for higher availability

With iRules everything is possible

rule redirect_error_code { when HTTP_REQUEST { set my_uri [HTTP::uri] } when HTTP_RESPONSE { if { [HTTP::status] == 500 } { HTTP::redirect$my_uri }

rule protect_content {


set payload [HTTP::payload [HTTP::payload length]]


# Find and replace SSN numbers.


regsub -all {\d{3}-\d{2}-\d{4}} $payload "xxx-xx-xxxx" new_response


# Replace only if necessary.


if {$new_response != 0} {

HTTP::payload replace 0 [HTTP::payload length] $new_response




# www.A.com -- domain == A.com, company == A

regexp {\.([\w]+)\.com} [HTTP::host] domain company

If { "" ne $company } {

# look for the second string in the data group

set mapping [findclass $company $::valid_company_mappings " "]

if { "" ne $mapping } {

HTTP::redirect "http://www.my_vs.com/$mapping"




Centralized Transaction Assurance: Proactive Response Error Handling for Higher Availability

Centralized Data Protection: Rewrite, Remove, Block and or Log Sensitive Content

A Repeatable, Extensible, Flexible Architecture

See more: devcentral.f5.com

Host to URI mapping: Faster Access to Data through Automatic Re-direction

big ip software add on modules quickly adapt to changing application business challenges

Compression Module

Increase performance

Fast Cache Module

Offload servers

Rate Shaping Module

Reserve bandwidth

BIG-IP Software Add-On ModulesQuickly Adapt to Changing Application & Business Challenges
big ip security add on modules

Application Security Module

Protect applications and data

SSL Acceleration

Protect data over the Internet

Authentication Module

Protect against unauthorised access

BIG-IP Security Add-On Modules
big ip webaccelerator module new

WebAccelarotor Module

Offload WAN and Servers

Faster responce to Clients

Get rid of latency

- Accelrate applications- Reduce Bandwidth

BIG-IP WebAccelerator Module*** NEW ***
big ip message security module new

Message Security Module

Connection protection, not per/email

Drop ~70% of spam at the edge

Integration with BIG-IP Local Traffic Manager

Reduce management cost

Improved scalability and message control

Filter out more bad email with greater accuracy

Secure Computing

Trusted Source™

IP Reputation Score




Email servers



IP reputation



with MSM

Spam inspection




Fast scan

Error messagefor clean termination



SMTP sender request


messaging security



Drop first & subsequent packets

Delete message

Fast pool

BIG-IP Message Security Module*** NEW ***
administrative domains
Administrative Domains

High cost of operation

Application Architecture





Grant limited views

View specific application

Grant limited control

Control only defined applications

Grant limited monitoring

Test only defined applications


Common Partition

(Read Only for all – Admin can R/W)


App. Editor




Partition 1

Partition 2

Partition 3






























User will only see those objects in their partition







  • Partitioning for specific apps or business units
  • Virtual resources
    • Objects, caching, compression, SSL, etc.
  • Self-serve model increases responsiveness
    • Administrative domains
    • Change control and audits