f5 big ip for microsoft n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
F5 BIG-IP for Microsoft PowerPoint Presentation
Download Presentation
F5 BIG-IP for Microsoft

Loading in 2 Seconds...

play fullscreen
1 / 81

F5 BIG-IP for Microsoft - PowerPoint PPT Presentation


  • 582 Views
  • Uploaded on

F5 BIG-IP for Microsoft. Brian McHenry Field Systems Engineer, F5 Networks bam@f5.com. F5 and Microsoft. F5 enjoys a long-standing global partnership with Microsoft, extending the availability, reliability, scalability and security of Microsoft’s enterprise software.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'F5 BIG-IP for Microsoft' - myron


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
f5 big ip for microsoft

F5 BIG-IP for Microsoft

Brian McHenry

Field Systems Engineer, F5 Networks

bam@f5.com

f5 and microsoft
F5 and Microsoft
  • F5 enjoys a long-standing global partnership with Microsoft, extending the availability, reliability, scalability and security of Microsoft’s enterprise software.
  • Solution development across Windows platform, business productivity applications, systems management and virtualization
  • Key alliance memberships such as System Center Alliance and Dynamic Datacenter Alliance represent joint investment, shared thought leadership and strategic planning
  • F5 educates and trains Microsoft technical field, services and support teams on the BIG-IP platform and F5 solutions for Microsoft applications

Dynamics

SharePoint

Exchange

Lync

System Center

DirectAccess | Branch Cache

RDS | SSTP | IPsec |

IIS/ASP.NET

Windows

Availability | Reliability | Scalability |Security | Visibility | Manageability

microsoft partnership
Microsoft Partnership
  • Globally managed technology partner since 2001
  • One of 52 MTC Alliance partners
  • Office and lab in MPSC. Building 25, Redmond campus
f5 microsoft better together
F5 + Microsoft = Better Together

F5 offers solutions for a wide range of Microsoft products and technologies

F5 is a key infrastructure building block for the Microsoft software + services platform

Windows Server

Forefront

SharePoint

Exchange

Lync Server

MS CRM

SQL

BizTalk

Commerce Server

Elastic computing

Systems Management

Data center orchestration

Virtual Desktop (VDI)

Private cloud

Public cloud

Hybrid cloud

SharePoint

Hyper-V | System Center | PowerShell | Visual Studio | .NET

application delivery
Application delivery

F5 devices manage traffic within the context of the applications running on the network, optimizing user experience and providing visibility and control to IT.

benefits
Benefits
  • Increased availability, capacity
  • Seamless disaster recovery
  • Flexible security options
what s new in exchange server 2010
What’s new in Exchange Server 2010?
  • Elevation of Client Access Server (CAS) role
    • All client connections, regardless of protocol, are with CAS servers
    • CAS servers rely on ADC for high-availability

CAS is critical

exchange 2010 architecture
Exchange 2010 Architecture

Enterprise Network

Phone system (PBX or VoIP)

Hub Transport

Routing and policy

Edge Transport

Routing and AV/AS

External

SMTPservers

Unified Messaging

Voice mail and voice access

Mailbox

Storage of mailbox items

Mobile phone

Client Access

Client connectivity

Web services

Web browser

Outlook (remote user)

Line of business application

Outlook (local user)

what s new in exchange server 20101
What’s new in Exchange Server 2010?

ADC for highest availability

  • Elevation of Client Access Server (CAS) role
    • All client connections, regardless of protocol, are with CAS servers
    • CAS servers rely on ADC for high-availability

CAS is critical

  • Microsoft recommends hardware load balancing for every Exchange 2010 deployment
    • ADC recommended over NLB
    • Includes multi-role Exchange server installations
    • Includes installations with Microsoft clustering services
the f5 solution for exchange server 2010
The F5 Solution for Exchange Server 2010
  • Prevent these pains
    • Dropped sessions  re-authentication, reconnection
    • Failed network connections  retries, delay
    • Slow response  trapped users
  • These capabilities
    • Health monitoring and intelligent load-balancing
    • Client persistence
    • Server off-load
    • Availability of servers, arrays and sites
nlb and hardware based load balancing
NLB and Hardware-Based Load Balancing…

Which way to go?...

For Exchange 2010, the choice is clear…

Microsoft internal Exchange design: http://technet.microsoft.com/en-us/library/ff829232.aspx

TechNet guidance for high-availability:

http://technet.microsoft.com/en-us/library/ff625247.aspx

the f5 solution for exchange server 20101
The F5 Solution for Exchange Server 2010
  • User - Client to CAS server
  • Mail - Mail flow through Edge Farms
availability
Availability
  • Health monitoring
    • Port/protocol requests
    • Real-time in memory connection tables
  • Intelligent load-balancing
    • BIG-IP always knows the most available server
    • Least connection method
    • See application template
  • Cross site availability
    • Site level health
    • Prioritized decision tree
persistence
Persistence
  • Also known as affinity, or sticky sessions, persistence can help enhance a user’s application experience
  • Different types of persistence:
    • Source IP
    • Cookie
    • SSL ID
  • Each Exchange client connection type has a recommended persistence method
configuring persistence profiles in big ip
Configuring persistence profiles in BIG-IP

LocalTrafficProfilesPersistenceCreate

Source IP and SSL ID

Cookie

performance ssl termination
Performance - SSL termination
  • Reduce cost and overhead of managing certificates by moving them to BIG-IP
  • BIG-IP is designed with dedicated chipset for encryption/decryption calculations
  • Increase Exchange server CPU utilization and network connections per second
security
Security
  • Bi-directional proxy
  • Secure remote access
  • Pre-authentication
  • Application layer security for web clients
  • SPAM filtering
introduction exchange activesync
Introduction:Exchange ActiveSync
  • ActiveSync protocolis used between smartphones and Microsoft Exchange for synchronizationof Mail, Callendar and Contacts
  • Username and Password are normally used for security.
    • One Time Password (OTP) or token is not used because it is not user friendly.
  • Client SSL certificate causing managment issue when trying to manage client certificate on 100s of different devices.
  • Using BIG-IP Access Policy Manager (APM) can be used to improve security for ActiveSync solutions.
exchange marked share
Exchange marked share
  • More than 200 Million installed Exchange mailboxes
    • http://download.microsoft.com/download/E/8/A/E8A154BF-CC35-4340-BD26-6265CDB06B6E/ExStats.doc
  • BIG-IP LTM and APM is a flexible tool and can be configured to improve security for ActiveSync users.
activesync microsoft solution
ActiveSync, Microsoft Solution
  • Microsoft Solution
  • Authenticate user before client accessing Exchange server
  • Exchange 2007/2010 can verify deviceid
  • AD group check and basic url filter can be implemented on TMG

DMZ

Data Center

MS Exchange

MS TMG or ISA

AD

activesync f5 big ip ltm apm solution
ActiveSync, F5 BIG-IP LTM & APM Solution

DMZ

Data Center

  • SSL Offload
  • Verify and enable access based on
    • User /password, AD group membership
    • IP location, Deviceid , Devicestype , Useragent
    • Brute force detection
    • ActiveSync commands used
    • URI (allow acces request to /Microsoft-Server-Activesync)
    • User home server

MS Exchange

AD

big ip example of security options that can be enabled for activesync
BIG-IP example of security options that can be enabled for ActiveSync
  • SSL Offload
  • URI Check (/Microsoft-Server-ActiveSync and /autodiscover)
  • Agent Whitelist, Only Allow access from known devices type (based on agent information). Agent information also contains information about software version on phone.
  • Verify source IP address and enable access from known mobile carrier
  • Deviceid verification, Verify user AD attribute with information about provisioned Device id.
  • Login Bruteforce detection, Disable source IP address for 90 second after 3 failed logon
  • AD Group membership, only Allow Access for users member of ActiveSync Group
  • Verify ActiveSync command sent from Smart Phone with white list of approved ActiveSync commands
  • For large installation, verify AD information and route request to user home server
  • Verify Username and Password
access policy in visual policy editor
Access Policy in Visual Policy Editor
  • Visual Policy Editor enableseasyconfigurationof Access Policies for ActiveSync, withoutscripting.
summary of apm benefits
Summaryof APM Benefits
  • Security for ActiveSync users can be improved using BIG-IP Access Policy Manager
    • Verification of ActiveSync URI and User-Agent
    • AD group membership verification
    • AD user Deviceid attribute compared with deviceid from mobile phone
    • Authentication of user after verification of URI, UserAgent, AD Group and AD Deviceid
    • Detect and blacklist bruteforce IP address
    • Verify ActiveSync commands from devices whith whitelist of approvedcommands
    • SSO for otherMicrosoft services such as SharePoint
summary
Summary
  • Highest availability
  • Dramatically increase server capacity
  • Cross-site availability and resilience
  • Pre-authenticate users in the perimeter network
  • Seamless integration with systems management
exchange related resources
Exchange related resources
  • F5 Solution page for Exchange Server
    • http://www.f5.com/solutions/microsoft/exchange
  • F5 Deployment Guide for Exchange Server 2010
    • http://www.f5.com/pdf/deployment-guides/f5-exchange-2010-dg.pdf
  • Technical white paper by Microsoft on their internal deployment
  • Load-balancing requirements from TechNet
    • http://technet.microsoft.com/en-us/library/ff625247.aspx
  • F5 developer/IT admin user community
    • http://devcentral.f5.com/microsoft
f5 solution benefits
F5 Solution Benefits
  • Performance = Scalability, Availability and Resiliency
  • Secure monitoring
  • Deployment assistance
slide32

C

A

B

best practices
Best practices
  • Use Microsoft guidance for sizing
    • For F5 devices, key off of throughput, numbers of concurrent users, features to be used, ratio of external versus internal users
  • Resiliency
    • Site resiliency through BIG-IP Global Traffic Manager (GTM)
    • Client session resiliency through TCP idle timeout
    • BIG-IP resiliency through LTM mirroring
  • Contact your local F5 field engineering team for assistance
new considerations
New considerations
  • DNS LB is available. Verify customer requirements for availability and resilience
  • ADCs are still a critical component for managing both web and real-time communications.
  • Advanced ADCs offer DNS-based connection redirects for site-level resilience
  • Global traffic management is an option for site-level resilience that does not require SAN
  • WAN redundancy is an option versus a survivable branch appliance for voice resilience
summary1
Summary
  • Lync Server 2010 needs ADCs for highest availability, scale and reliability
  • Real-time communications need intelligent, line-speed traffic management
  • One ADC covers multiple deployment points
  • Session-level and site-level resilience are network challenges F5 can help you solve.
lync server resources
Lync Server Resources
  • F5 solution for Lync
    • http://www.f5.com/solutions/applications/microsoft/lync-server/
    • http://www.f5.com/pdf/application-ready-network-guides/f5-lync-arsg.pdf
    • http://www.f5.com/pdf/deployment-guides/f5-lync-dg.pdf
  • Customer reference and press
    • http://searchunifiedcommunications.techtarget.com/news/1523829/Application-delivery-controllers-ensure-enterprises-OCS-2007-R2-uptime
  • F5 online community for Microsoft solutions
    • http://devcentral.f5.com
  • F5 Press Release
    • http://www.f5.com/news-press-events/press/2010/20101103.html
  • Microsoft Lync qualified ADC list
    • http://technet.microsoft.com/en-us/office/ocs/cc843611.aspx
sharepoint
SharePoint

SharePoint is a business collaboration platform that can be deployed with specific roles in these areas:

  • Web portals and Web content management
  • Business Intelligence and Analysis
  • Collaboration
  • Document management
  • Enterprise Search
  • Custom .NET Web application development

F5 supports each of these server capabilities, providing performance, availability and security enhancements over the network and seamless to the application.

f5 solution for sharepoint 2010
F5 Solution for SharePoint 2010
  • Improve end-user experience through better response
  • Offload operations to free up CPU, increasing server availability
  • Leverage a single point and platform for security and delivery
slide40

A

B

E

C

F

D

considerations for availability
Considerations for availability

BIG-IP LTM (Local Traffic Manager)

  • Increased server availability = increased user productivity
  • Availability should be measured per server and across servers

BIG-IP GTM (Global Traffic Manager)

  • Cross-site load-balancing increases infrastructure ROI
  • Implementing disaster recovery could be a first step toward real-time site resilience
considerations for acceleration
Considerations for acceleration

BIG-IP WA (Web Accelerator Module)

  • Application delivery (ADC) benefits start with asymmetric deployment
  • WA improves end user experience for repeat visitors by eliminating network chatter
  • Best in class caching
    • Intelligent Browser Referencing (IBR) is unique
  • WOM reduces file load time by 95%
  • Explore Windows Server 2008 R2 BranchCache to reduce bandwidth use
considerations for security
Considerations for security

BIG-IP ASM (Application Security Module)

SC Magazine's 2010 Reader Trust Award for Best Web Application Security solution

considerations for storage
Considerations for storage

F5 ARX file virtualization

  • Leveraging 3rd party solutions such as StoragePoint
  • Reduce the size of your SharePoint content databases by 95%

SharePoint

Storage

Devices

ARX

MS SQL

  • Streamline SharePoint performance and backup
  • Decrease storage costs
considerations for d ynamic c omputing and systems management
Considerations for dynamic computing and systems management
  • Integrate F5 device management into systems management
    • Health monitoring
    • Automatic provisioning
  • Control BIG-IP using PowerShell
  • F5 Management Pack offering for System Center
    • Operations Manager
    • Virtual Machine Manager
    • SharePoint Application Designer

http://devcentral.f5.com/mpack

dynamic c omputing summary
Dynamic computing summary
  • Prepare your network for dynamic computing
  • BIG-IP is a natural choice for deploying virtualized infrastructure
    • Server and data center consolidation
    • Establishing business continuity
  • Unify health monitoring views
  • Enable your infrastructure to manage itself
f5 application designer management pack for sharepoint server 2010
F5 Application Designer Management Pack for SharePoint Server 2010
  • Auto discovery of application instances
  • Auto configuration of System Center Operations Manager
  • Application VMs are auto-configured using BIG-IP application templates
  • Live Migration and Maintenance supported
  • Health roll-up identifies the source component of the application instance that is failing
summary2
Summary
  • Faster application experience for LAN and WAN users
  • Increased server computing capacity
  • High-availability for SharePoint server services
  • Streamlined SharePoint operations and maintenance
  • Automatic, error-free configuration
  • System Center integration for unified network and application service management
network datacenter integration f5 offerings
Network – Datacenter IntegrationF5 offerings
  • Integration with System Center
    • MP for SCOM
    • PRO Pack for VMM
    • Migration Pack and Application Designer Packs
  • Open management interface (iControl API)
    • Enables integration with your management platform
    • PowerShell and .NET
f5 application designer management pack for sharepoint server 20101
F5 Application Designer Management Pack for SharePoint Server 2010
  • Auto discovery of application instances
  • Auto configuration of System Center Operations Manager
  • Application VMs are auto-configured using BIG-IP application templates
  • Live Migration and Maintenance supported
  • Health roll-up identifies the source component of the application instance that is failing
hyper v and big ip working together
Hyper-V and BIG-IP working together

B

A

  • User connection handling during Live Migration
  • Live Migration over distance via BIG-IP Global Traffic Manager (GTM)
v ision for the dynamic datacenter
Vision for the dynamic datacenter
  • Enable companies to dynamically…
  • IT infrastructure as a service
  • Lower the operational costs for delivering IT
  • Increase flexibility and variety services to tenants

Manage

Allocate

Pool

f5 for a more dynamic network
F5 for a more dynamic network

Intelligence

Elastic

Available

Portable

Patterned

Service oriented

Control

sharepoint related resources
SharePoint related resources
  • F5 Networks
    • Solution page for SharePoint Server 2010
      • Solution Overview
      • Application Ready Solution Guide
      • Deployment Guide
    • F5 Management Pack on DevCentral
    • Microsoft user forms on DevCentral
  • Microsoft
    • SharePoint public Web sites
      • http://sharepoint.microsoft.com/en-us/Pages/default.aspx
      • http://office.microsoft.com/en-us/sharepoint-server-help/
f5 solution for forefront unified access gateway directaccess
F5 Solution for Forefront Unified Access Gateway – DirectAccess
  • Optimize secure remote access
    • Scale UAG servers for high-availability
    • Ensure best performance for new connections
    • Persist existing client connections
f5 irules rules for customized network traffic management
F5 iRulesRules for customized network traffic management
  • Used on the internal BIG-IP configurations
  • Connection tracking (server persistence)
    • Sets the session key as the source IP address
    • Associates the Source IP with the originating MAC of the UAG server
    • Adds it to a table on the BIG-IP to maintain persistence
  • Pre-selection iRule (outbound persistence)
    • Ensures that outbound client connection returns to the server to which the client is attached
    • Tunnel between the client and UAG server is reused for server-originated traffic to the client
benefits summary
Benefits summary
  • Optimize secure remote access
    • Monitoring protocol health
    • Scaling out effectively
    • Providing best end user experience
f5 solution for forefront unified access gateway directaccess1
F5 Solution for Forefront Unified Access Gateway – DirectAccess
  • Optimize secure remote access
    • Scale UAG servers for high-availability
    • Ensure best performance for new connections
    • Persist existing client connections
directaccess related resources
DirectAccess related resources
  • F5 solution for DirectAccess
    • http://www.f5.com/solutions/applications/microsoft/forefront-uag/
  • Deployment Guide
    • http://www.f5.com/pdf/deployment-guides/f5-uag-dg.pdf
  • DevCentral online community posts by F5
    • http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/2353/v101--BIG-IP-and-Microsoft-DirectAccess.aspx
    • http://devcentral.f5.com/weblogs/rkorock/archive/2010/01/03/6251.aspx
  • Microsoft resources
    • Read more about DirectAccess
branchcache
BranchCache

BranchCache is a technology in Windows 7 and Windows Server 2008 R2 that makes it easier and faster for users to obtain Web and file share content across WAN links.

  • Customer benefits
    • Increased employee productivity
    • Reduced WAN bandwidth usage and Branch IT operational costs
  • Hosted or Distributed Cache deployment options
    • Flexible deployment
      • Hosted  Windows Server 2008 R2 caches
      • Distributed  Windows 7 clients cache
    • Multi-protocol access [HTTP, HTTPS, SMB, Signed SMB]
    • Optimizes content delivery via caching in a distributed environment
f5 solution for branchcache1
F5 Solution for BranchCache
  • Increase server availability
    • Off-load content hash calculations, increasing server CPU computing capacity
  • Extend the use of existing BIG-IP devices
    • Same hardware used to manage Windows Server farm traffic
    • Download the iRule from F5 DevCentral
  • Web content support
    • HTTP/HTTPS
branchcache related resources
BranchCache related resources
  • F5 Networks
    • F5 iRule for configuring BranchCache
  • Microsoft
    • Read more about BranchCache
    • Microsoft customer evidence
f5 s dynamic control plane architecture
F5’s Dynamic Control Plane Architecture

Users

Dynamic

Control

Availability

  • Scale
  • HA / DR
  • Bursting
  • Load-Balancing

Optimization

  • Network
  • Application
  • Storage
  • Offload

Security

  • Network
  • Application
  • Data
  • Access

Management

  • Integration
  • Visibility
  • Orchestration

Application and Data Delivery Network

Resources

Private

Public

Cloud

Physical

Virtual

Multi-Site DCs

f5 management pack on devcentral
F5 Management Pack on DevCentral
  • Core Pack
  • PRO Pack
  • Migration Pack
  • Application Designers
    • IIS
    • SharePoint
big ip hardware line up

BIG-IP 11050

BIG-IP Hardware Line-up

2 x Hex core CPU

16 10/100/1000 + 8x 10 SFP+ 10Gbps

2x 320 GB HD (S/W RAID) + 8GB CF

32 GB memory

SSL @ 100K TPS / 15Gb bulk

12 Gbps max software compression

40 Gbps Traffic

BIG-IP 8950

BIG-IP 8900

2 x Quad core CPU

16 10/100/1000 + 8x 1GB SFP + 2x 10Gb SFP+

2x 320 GB HD (S/W RAID) + 8GB CF ?

16 GB memory

SSL @ 56K TPS / 9.6Gb bulk

8 Gbps max software compression

20 Gbps Traffic

BIG-IP 6900

2 x Quad core CPU

16 10/100/1000 + 8x 1Gb SFP + 2x 10Gb SFP+

2x 320 GB HD (S/W RAID) + 8GB CF

16 GB memory

SSL @ 58K TPS / 9.6Gb bulk

8 Gbps max hardware compression

12 Gbps Traffic

BIG-IP 3900

2 x Dual core CPU

16 10/100/1000 + 8x 1Gb SFP

2x 320 GB HD (S/W RAID) + 8GB CF

8 GB memory

SSL @ 25K TPS / 4 Gb bulk

5 Gbps max hardware compression

6 Gbps Traffic

Quad core CPU

8 10/100/1000 + 4x 1Gb SFP

1x 300 GB HD + 8GB CF

8 GB memory

SSL @ 15K TPS / 3.8 Gb bulk

3.8 Gbps max software compression

4 Gbps Traffic

BIG-IP 3600

Dual core CPU

8 10/100/1000 + 2x 1Gb SFP

1x 160 GB HD + 8GB CF

4 GB memory

SSL @ 10K TPS / 2 Gb bulk

1 Gbps max software compression

2 GbpsTraffic

BIG-IP 1600

Dual core CPU

4 10/100/1000 + 2x 1Gb SFP

1x 160GB HD

4 GB memorySSL @ 5K TPS / 1 Gb Bulk

1 Gbps max software compression

1 Gbps Traffic

infrastructure optimization
Infrastructure Optimization

Basic

Standardized

Rationalized

Dynamic

Uncoordinated, manual

infrastructure

Managed IT

infrastructure with limited automation

Managed and

consolidated IT

infrastructure with maximum automation

Fully automated

management,

dynamic resource

usage, business

linked SLAs

More Efficient Cost Center

Strategic Asset

Business Enabler

Cost Center

Manage Complexity and Achieve Agility

what s needed
What’s Needed

Users

Dynamic Services Model:

Reusable services that understand context and can provide control regardless of application, virtualization, user, device, platform or location

Resources

Private

Public

Physical

Virtual

Cloud

Multi-Site DCs

functions of unified application and data delivery enabling the dynamic infrastructure
Functions of Unified Application and Data DeliveryEnabling the Dynamic Infrastructure
  • All strategic points of control synchronize, communicate and leverage functions & intelligence
  • Integration within the ecosystem and open, standards-based API for cross product integration.
  • Intercept bi-directional application and data stream at all points of control
  • Common proxy architecture for each network device and ability to see all protocols
  • Reporting, notification, trending

Integration

Visibility

IT Agility

Action

Context

  • Put user application and data stream in context
  • Understand and relate the context of the user, device, location, network, application, virtualization, and resource
  • Relate visibility and content to predetermined business policy to take action
  • Determine and direct appropriate response, access, acceleration, or security
the leader in application delivery networking

Application

Delivery

Network

The Leader in Application Delivery Networking

Users

Data Center

At Home

In the Office

On the Road

Microsoft

Business Goal: Achieve These Objectives in the Most Operationally Efficient Manner

architected for integration

iControl for Application Integration

F5 Products

Application

Availability

Application

Security

Application

Optimization

Shared Application Services

TMOS

Operating System

Shared Network Services

Architected for Integration
dynamic datacenter on demand it
Dynamic Datacenter = On Demand IT
  • Microsoft’s vision of the dynamic datacenter aligns with F5’s vision of on demand IT where
  • Software is delivered as a service
  • Resources are dynamically allocated as needed
  • Management decisions are made based on holistic network and application health metrics
  • Management operations are automated, even predictive, to avoid poor service

Systems Management

Compute

Network

Storage

Systems Management

WDT

DIT-SC