F5 – Applikationsbereitstellung ohne Grenzen

Profi AG Endkunden-Webcast, 27.11.14

Dino Schmid

d.schmid@f5.com

Major Channel Account Manager

© F5 Networks, Inc 2

Worum geht es in der IT?

© F5 Networks, Inc 3

1000Durchschnittliche Anzahl von

Applikationen in einem

Unternehmen

Das wichtigste in der Unternehmens-IT sinddie Anwendungen

© F5 Networks, Inc 4

Mobility

SDDC/Cloud

Advanced threats

Internet ofThings

“Software defined”everything

HTTP is the new TCP

© F5 Networks, Inc 5

Deliver the most secure, fast,and reliable applications to anyone

anywhere at any time.

F5 MISSION

© F5 Networks, Inc 6

Application

Delivery

Network

AnwenderRechenzentrum,

Cloud, SaaS

F5 - Marktführer - Application Delivery Networking

SAP

Microsoft

Oracle

Homeoffice

Büro

Unterwegs

F5 macht Anwendungen schnell, hochverfügbar und sicher,

und zwar überall, und zu jeder Zeit

© F5 Networks, Inc 7

Software Defined Application Services 4

The Evolution of F5

Application Delivery Controller1

Broadened Application Services2

Cloud Ready3

© F5 Networks, Inc. 7

© F5 Networks, Inc 8

F5 stellt die benötigten Applikationsservices bereit

© F5 Networks, Inc 9

F5 High Performance Services Fabric

VIPRION PlatformBIG-IP PlatformBIG-IP Virtual Edition

High Performance Fabric

TMOS

TMOS:

• Real time Micro-kernel based Operating System

• Developed in conjunction with our Hardware

• Provides unparalleled performance and functionality

• Consistency across all Platforms

• Full Proxy Architecture

Flexible Platform Deployment:

• BIG-IP Appliance available in a range of Sizes and Throughput

• VIPRION Scalable Chassis Solution

• BIG-IP Virtual Edition

High Performance Fabric:

• Device Services Clusters

• ScaleN

• Flexible Licensing

• vCMP

© F5 Networks, Inc 10

F5 Module

VIPRION PlatformBIG-IP PlatformBIG-IP Virtual Edition

High Performance Fabric

TMOS

FAST AVAILABLE SECURE

LTM

GTMAAM

ASM

APM

AFM

F5 Software Modules:

• Local Traffic Manager

• Global Traffic Manager

• Application Acceleration Manager

• Advance Firewall Manager

• Application Security Manager

• Access Policy Manager

To Deliver required Application Services:

• Security

• Availability

• Mobility

• Performance

• Identity & Access

© F5 Networks, Inc 11

DATA CENTER ARCHITECTURESUse case

• Consolidation of

firewall, app security,

traffic management

• Protection for data

centers and

application servers

• High scale for the

most common

inbound protocols

Before f5

with f5

Load

Balancer

DNS Security

Network DDoS

Web Application Firewall

Web Access

Management

Load

Balancer & SSL

Application DDoS

Firewall

© F5 Networks, Inc 12

DATA CENTER CONSOLIDATIONUse case

• Consolidation of

firewall, app security,

traffic management

• Protection for data

centers and

application servers

• High scale for the

most common

inbound protocols

Before f5

with f5

Load

Balancer

DNS Security

Network DDoS

Web Application Firewall

Web Access

Management

Load

Balancer & SSL

Application DDoS

Firewall

© F5 Networks, Inc 13

Die Mehrwerte der F5 Lösung für die Kunden

Hält die Verfügbarkeit Ihrer

Applikationen aufrecht

Spart Geld für Ihr

Unternehmen

(Konsolidierung)

Optimiert Ihre

Netzwerkinfrastruktur

Beschützt die Reputation

Ihrer Marke

Verteidigt Sie gegen

geplante Angriffe

(DDoS, Hacker)

Hilft Ihnen, ein Schritt

voraus zu sein

(Bereitstellung neuer

Applikationen &

Sicherheit)

Die Mehrwerte für den Kunden

© F5 Networks, Inc 14

• Cisco and F5 are partnering to

• Integrate F5 Synthesis into the Cisco Application Centric Infrastructure (ACI)

• Deliver automated L4-7 application service insertion, policy updates, and optimisation within the ACI-enabled fabric

• Cisco is leveraging F5’s Software Defined Application Services (SDAS) to

• Deliver application centric network and services orchestration

Cisco and F5 Partnership

Cisco and F5 look forward to working to integrate our platforms and deliver simple, secure, scalable, and agile infrastructure that responds to the dynamic needs of the business. – Soni Jiandani, SVP, Marketing, Cisco“

© F5 Networks, Inc 15

F5 DEVICE PACKAGE FOR APIC

F5 and Cisco ACI Joint Solution Benefits

ACI Fabric

Programmability (iRule / iApp / iControl)

Data Plane Control Plane Management Plane

F5 Synthesis Fabric

Virtual Edition Appliance Chassis

• Automated layer 4-7 application service insertion, policy updates, and optimization within the ACI-enabled fabric with BIG-IP –Preserves richness of F5 Synthesis offering through policy abstraction offering investment protection

• Accelerated application deployments with reliability, security and consistent scalable network and L4-L7 services - Existing F5 Physical and Virtual appliances, topologies integrate seamlessly with Cisco ACI

• Application agility using policy driven application delivery approach to significantly reduce operating costs - provisioning workflows is efficient and faster while maintaining operational best practices across multiple IT teams

© F5 Networks, Inc 16

Cisco ACE:

• Cisco ACE Systeme sind abgekündigt. Kunden, die diese Systeme noch im Einsatz haben benötige eine alternative Lösung

Cisco ACI:

• Cisco #1 in DC infrastructure, F5 #1 in Application Delivery for L4-L7 – established and trusted team

• Identical Vision - F5 and Cisco sharing the same vision for application delivery with complementary solutions.

• Open & future proof - Cisco’s ACI is an innovative new approach to making the DC infrastructure dynamic and very open. F5’s programmability will enhance ACI capabilities to deliver even better SLAs.

• Consolidation of Services and hardware - smaller footprint

Warum ist das wichtig für den Kunden?

Reference Architecture Intelligent DNS Scale

Solving Customer Issues

© F5 Networks, Inc 18

DNS – lost without it!

DNS IS OUR DIRECTORY FOR LIFE IN THE INTERNET

• Totally lost without it

© F5 Networks, Inc 19

Internet foundation? DNS

DNS DEMANDS

WHEN DNS BREAKS, EVERYTHING BREAKS

DOMAIN NAME SYSTEM (DNS)

Translates a domain name…http://www.google.com

into an IP address:74.125.227.64 (IPv4)

http://www.f5.com =2001:19b8:101:2::f5f5:1d(IPv6)

More people

Mobile devices/apps

Complex sites

Increased latency

Cloud implementations

IPv6 added to IPv4

DDoS attacks

© F5 Networks, Inc 20

DNS demandAvailable and protected

AVERAGE DAILY LOAD FOR DNS (TLD)QUERIES IN BILLIONS

DNSSEC DEPLOYMENT EXPANDING

TYPICAL FOR A SINGLE WEB PAGE TO CONSUME 100+ DNS QUERIES FROM ACTIVE CONTENT, ADVERTISING, AND ANALYTICS

ATTACKS ON DNS BECOMING MORE COMMON;DNS SERVICES MUST BE ROBUST

GLOBAL MOBILE DATA (4G/LTE) IS DRIVING THE NEED FOR FAST, AVAILABLE DNS

DISTRIBUTED, AVAILABLE, HIGH-PERFORMANCE GSLB FOR MULTIPLE DATA CENTERS

’12’11’10’09’087

7

57

39 4

3 50

18X Growth 2011-20164G LTE

2.4GB/mo

Non-4G LTE

86MB/mo

Reflection/amplification DDoS

Cache poisoning attacks

Drive for DNSSEC adoption

Total service availability

Geographically dispersed DCs

DNS capacity close to subscribers

© F5 Networks, Inc 21

Critical: DNS

5SECONDS

74% are willing to wait

5 seconds or less for a single web page to load before leaving the site

Every 100ms delay costs Amazon.com

1% in sales

2012

2007

DNS has grownover 100%in the last 5 years

2012

2007 180%

As of October 2012, there were over 188 million active websites,

a growth of 180% over the last 5 years

© F5 Networks, Inc 22

Traditional DNS

LOAD–BALANCED DNS

• Scale DNS by adding more servers

• Individual servers are not high–performance, so scale with load balancing

• Place firewall in front of DNS infrastructure

ISSUES WITH THIS DEPLOYMENT?

• BIND DNS servers are patched frequently

• Patches are mostly for vulnerabilities

• Under load, firewalls become bottlenecks

Legitimate Clients

Malicious ActorsLocal LoadBalancingTraditional

DNS Firewall

Load Balanced DNS Servers

Access Network

© F5 Networks, Inc 23

True DNS costs

HIGHER OPEX DUE TO MAINTENANCE

BIND by the numbers

• 340 updates since 2004

• 84 issued patches for vulnerabilities and bugs

• 9 patches a year for DNS

COMPANIES DEPLOY FIREWALLS TO PROTECT DNS

But traditional firewalls don’t process DNS, so a vulnerability can still be exploited on the DNS server

0

10

20

30

40

50

60

9.0 9.1 9.2 9.3 9.4 9.5 9.6 9.7 9.8 9.9

BIND HISTORY

Total updates, including beta, release candidates

Critical patches for vulnerabilities

Nu

mb

er

of

up

da

tes i

ssu

ed

BIND VersionF5 DNS Authoritative Model Traditional DNS Authoritative Topology

Total in year 1: $301,280

Total in year 2 onward: $1,280

Total in year 1: $373,688

Total in year 2 onward: $298,688

© F5 Networks, Inc 24

DNS deployments

Conventional DNS Thinking

F5 DNS Delivery Reimagined

InternetExternal Firewall

DNS Load Balancing

Array of DNS Servers

Internal Firewall

Hidden Master DNS

Authoritative DNSCaching Resolver

Transparent Caching

DNS Firewall

DNS DDoS Protection

Protocol Validation

High Performance DNSSECDNSSEC Validation

Intelligent GSLB

DMZ Datacenter

F5 PARADIGM SHIFT

InternetMaster DNS Infrastructure

• Performance = Add DNS boxes

• Weak DoS/DDoS protection

• Firewall is THE bottleneck

• Massive performance over 10M RPS!

• Best DoS/DDoS protection

• Lower CapEx and OpEx

BIG-IP Global Traffic Manager

© F5 Networks, Inc 25

Benefits of BIG-IP integration• Simply and efficiently manage complex networks using one ADC solution

• Route users to available apps and data centers based on business logic

• Constantly monitor health between devices with iQuery

• Use the same geolocation data to reference for all BIG-IP devices

G T M

GOOD BETTER BESTBIG-IP Global Traffic Manager

BIG-IP Local Traffic Manager

Simplified Business Models

Authoritative DNS+ DNS Security

Tier 1: DMZ

Legitimate

Visitors

Malicious

Attackers

Context based

on geographical

location

LDNS Internet

BIG-IP Platform

Absorb and mitigate

DNS attacks

Primary DNS Server+ Application

Availability and Health

Tier 2: Application Delivery

Intelligent delivery based

on business logic

BIG-IP Platform

GTMLTM

Same centralized

management solution

Same purpose-built hardware and

software designed for performance

Same iControl for extending

management control

© F5 Networks, Inc 26

AnswerDNS

Query

AnswerDNS

Query

AnswerDNS

Query

AnswerDNS

Query

AnswerDNS

Query

Efficient DNS

DNS Express

• Delivers high-speed response and DDoS protection with in-memory DNS

• Provides authoritative DNS serving out of RAM

• Supports configuration size for tens of millions of records

• Scale and consolidate DNS servers

Clients

Internet

DNS Express in BIG-IP GTM

DNS Server

OSAdminAuthRoles

NICDynamic

DNSDHCP

ManageDNS

Records

© F5 Networks, Inc 27

Powerful DNS

• Your revenue and your brand are protected

• Use the same IP address for multiple devices

• Geographically separate the DNS request load for all requests

• Scale DNS infrastructure up and out per number of BIG-IP devices

© F5 Networks, Inc 28

The DNS value

Scalable up to 20x

0

3

6

Low

Query

Query

Growth

Query

Spike

Query

Decline

MaxDNS

Complete DNS control

Access Denied:

Denial-of-service mitigation

© F5 Networks, Inc 29

The DNS value

Support client requests and consolidate IT

IPv6 to IPv4

Secure DNS query responses

http://f5.com

Route based on geolocation

© F5 Networks, Inc 30