560 likes | 772 Views
F5 Optimizing and Securing Web-Applications. Zbigniew Skurczynski Director Eastern Europe zbig@f5.com +49162 290 4116. July 2006. Application Delivery Network. F5 is the Global Leader in Application Delivery Networking. Users. Data Centre. At Home In the Office On the Road. SAP
E N D
F5 Optimizing andSecuringWeb-Applications Zbigniew SkurczynskiDirector Eastern Europezbig@f5.com +49162 290 4116 July 2006
Application Delivery Network F5 is the Global Leader inApplication Delivery Networking Users Data Centre At Home In the Office On the Road SAP Microsoft Oracle Business goal: Achieve these objectives in the most operationally efficient manner
Users Data Center Application Delivery Network Private Users Microsoft SAP Oracle IBM BEA Where: LAN Home Branch / WAN Road / WAN What: PC Laptop Home PC PDA Kiosk Mobile Public Users Who: Customers Partners Suppliers Consultants From What: PC Laptop Home PC PDA Kiosk Mobile Key Issues and Objectives in Application Delivery Networking HTTP /HTML, SIP, RTP, SRTP, RTCP, SMTP, FTP, SFTP, RTSP, SQL, CIFS, MAPI, IIOP, SOAP, XML etc… Business Goal: Achieve these objectives in the most operationally efficient manner
- New security hole - High cost to scale - Slow performance ? Application Problem: Networks Aren’t Adaptable Network Administrator Application Developer Traditional networks are focused on connectivity Applications focus on business logic and functionality
Application How Do You Fix the Problem? Multiple Point Solutions More Bandwidth Network Administrator Application Developer Add more infrastructure? • Faster and centralised fix, applications are offloaded • Costly, complex and hard to manage Hire an army of developers? • Expensive (code, manage, maintain) • Consumes server cycles • Often not possible ?
A Costly Patchwork of Point Solutions Applications Users Point Solutions DoS Protection Mobile Phone IPS/IDS SSL Acceleration SFA CRM ERP CRM Rate Shaping/QoS PDA Application Load Balancer Network Firewall ERP Content ProxyAcceleration/ Transformation ERP Laptop CRM SFA Traffic Compression WAN Connection Optimisation SFA Desktop Application Firewall Custom Application Co-location
F5’s Integrated Solution Applications Users The F5 Solution Application Delivery Network CRMDatabaseSiebelBEALegacy.NETSAPPeopleSoftIBMERPSFACustom Mobile Phone PDA Laptop Desktop TMOS Co-location
GUI-Based Application Profiles Repeatable Policies iRules and iControl Programmable Network Language Security Optimisation Delivery New Service The entire solution is built on top of the TMOS operating system that integrates all the tools Programmable Application Network Unified Application Infrastructure Services Targeted and Adaptable Functions Complete Visibility and Control of Application Flows Universal Inspection Engine (UIE) TMOS Fast Application Proxy Client Side Server Side
The F5 Business Value Reduces company risks by protection of critical applications against security threats simplify the application deployment process !!! Simplifythe operational manageability Reduce the number of Hardware (servers) or Downsize server size Improves application PERFORMANCESignificantly! Reduce maintenance effort Increased availability, scalability and security drives increased business productivity and faster ROI
It’s About the Applications & Providing a Better Alternative International Data Center Users Applications
Intelligent DNSThe Gateway to the Application International Data Center Users Applications BIG-IP Global Traffic Manager Which is the best data centre to send request, Based upon: Capacity Application availability Network performance User proximity User Groups
Link and WAN Availability and OptimizationThe Conduit for Applications International Data Center Users Applications BIG-IP Global Traffic Manager BIG-IP Link Controller WANJet Which is the best ISP to use for data transmission: Automated Inbound or Outbound Transparent to users Criteria based upon: Cost Capacity QoS Etc
The F5 WAN Optimization Product Wan Jet Symmetric Wan Optimization Branch Office Data Center Traffic compression Full QOS Repeat Byte caching TCP / IP Optimization Reporting x3 – x10 WANJet WANJet • Expect: • 100% to 300% average performance improvement over WANs (speed and Bytes reduction) • Lower Bandwidth cost • Lower latency • Improved traffic management (QOS)
SSL VPNThe Secure Gateway to Applications International Data Center Users Applications BIG-IP Global Traffic Manager BIG-IP Link Controller WANJet FirePass Secure channel of communication Offloading SSL from Applications End point security checks TCP Compression Caching Potential of 80% traffic reduction Potential of 3x performance
Internet The F5 SSL VPN Product FirePass SSL VPN Adaptive secure remote access No thin client requirements Key pad logon security Multi-device rules per user • Expect: • Easy installation and post installation configuration • Very secure SSL connections from any device • Widest range of SSL VPN features available
Application Delivery ControllerOffloading the Application for Security, Availability and Optimization International Data Center Users Applications BIG-IP Global Traffic Manager BIG-IP Link Controller WANJet FirePass BIG-IP Local Traffic Manager Web Accelerator Direct to correct application or server pool Based upon: Content Application type Most available Best performing
WebAccelerator ASM and Traffic Shield WEB / portal optimization Positive and negative security Accelerate WEB Application Reduce bandwidth requirements Validate WEB Application policies 2nd Layer Network Firewall Application Firewall Scrubbing outgoing traffic The Data Center Products BIG-IP Local Traffic Manager • Expect: • Very high availability • Less servers • Significant traffic reduction • Significant speed improvement • Improved session persistence • Higher degree of control • Vastly increased security • Improved flow management • Increased scalability • Lower cost Data center optimization Load balancing Caching Compression Rate Shaping SSL / FIPS acceleration TCP Optimisation Connection optimisation Add on or standalone components
Switch F5 is a unique product that creates a full optimization solution on a single, unique platform Application Servers
Security: DoS Packet Filtering TCP Application Security encryption / decryption content filtering Authorisation Cloaking, etc. Application Delivery ControllerOffloading the Application for Security, Availability and Optimization International Data Center Users Applications BIG-IP Global Traffic Manager BIG-IP Link Controller WANJet FirePass BIG-IP Local Traffic Manager Web Accelerator
High Availability: Virtualization load balancing Redirection error detection / automated response health monitoring session and transaction integrity Application Delivery ControllerOffloading the Application for Security, Availability and Optimization International Data Center Users Applications BIG-IP Global Traffic Manager BIG-IP Link Controller WANJet FirePass BIG-IP Local Traffic Manager Web Accelerator
Performance Optimisation: Fast cache Compression TCP express OneConnect ASIC H/W design Application Delivery ControllerOffloading the Application for Security, Availability and Optimization International Data Center Users Applications BIG-IP Global Traffic Manager BIG-IP Link Controller WANJet FirePass BIG-IP Local Traffic Manager Web Accelerator
Application FirewallSecuring the Application Transaction / Session International Data Center Users Applications BIG-IP Global Traffic Manager BIG-IP Link Controller WANJet FirePass BIG-IP Local Traffic Manager Web Accelerator TrafficShield BIG-IP directs the appropriate content for a virtualized application and a client’s session to be managed by TrafficShield: Positive security policies defined as to interaction the client can have with the application. This protects the application from prevent zero day attacks
Security’s Gaping Hole Firewall Antivirus Host IDS & Secure OS Net IDS Application System Network Access Desktop “64% of the 10 million security incidents tracked targeted port 80.”Information Week DATA
! ! ! Infrastructural Intelligence Non-compliant Information Forced Access to Information Buffer Overflow Cross-Site Scripting SQL/OS Injection Cookie Poisoning Hidden-Field Manipulation Parameter Tampering Application Security with TrafficShield & BIG-IP ASM Attacks Now Look To Exploit Application Vulnerabilities Perimeter Security Is Strong PORT 80 PORT 443 But Is Open to Web Traffic High Information Density = High Value Attack
Application Security with TrafficShield & BIG-IP ASM Intelligent Decisions Allow Only Good Application Behaviour; Positive Security Definition of Good and Bad Behaviour
! ! ! ! Non-compliant Information Unauthorised Access Infrastructural Intelligence Unauthorised Access Application Security with TrafficShield & BIG-IP ASM And Stops Bad Requests TrafficShield Allows Legitimate Requests • Bi-directional: • Inbound: protection from generalised & targeted attacks • Outbound: content scrubbing & application cloaking • Application content & context aware • High performance, low latency, high availability, high security
TrafficShield & ASM Deployment Web Servers BIG-IP LoadBalancer TrafficShield Firewall Active Standby Management Access (browser)
TrafficShield & ASM Deployment Web Servers BIG-IP with ASM Firewall Management Access (browser) ASM = Application Security Module
Centralized ManagementIntegration with the Applications International Data Center Enterprise Manager Users Applications BIG-IP Local Traffic Manager BIG-IP Global Traffic Manager BIG-IP Link Controller WANJet FirePass TrafficShield Web Accelerator iControl TMOS Business Goal: Achieve These Objectives in the Most Operationally Efficient Manner
iControl Eases Application Integration Leverage the skills and expertise you already have! Key Components • XML/SOAP interface • Downloadable SDK • Technology partnerships • DevCentral resource centre and community Benefits • Open, standards based integration • Simplified development • Proven integration • Sample code, documentation, discussion forums
Secure Optimised Application Delivery Applications optimised by F5 (Examples): Application Delivery Network
DevCentral Technical Community http://devcentral.f5.com/ • Forum for F5 customers for building iRules and iControl applications • F5 provides technical documentation, tips, free sample downloads, and a confidential discussion forum • Monitored by F5 engineers and technical experts that answer technical questions • Design, architecture, troubleshooting and general assistance with iRules and iControl
Company Snapshot FactsPositionReferences
F5’s Continued Success Revenue • Headquartered in Seattle, WA • F5 Ensures Applications Running Over the Network Are Always Secure, Fast, and Available • Founded 1996 / Public 1999 • Over 10,000 customers and 30,000 systems installed • Over 1000 Employees • FY05 Revenue: $281 M 64% year-over-year growth • FY05 EPS: $1.34 • NASDAQ: FFIV
Consistent and Pioneering Innovation • Unique TMOS architecture • Industry’s only open iControl API & SDK • Awarded key patent for ‘Cookie Persistence’ • DevCentral.f5.com “They've remained on top of the trend, which is to integrate all these functions into one box.” Forrester Research Proven Results • 9,000+ customers • #1 Market share L4-7 & SSL HW Acceleration • Fastest growing SSL VPN market share • FY05 Revenue (YTD): $201M, 66% year-over-year growth Top 50 Innovator Award 2005 Broad and Deep Partnerships • Unique F5 and application vendor integration • Application partners’ tested and documented solutions • Cooperative support agreements • F5 solutions in partners’ customer labs Leader in Application Delivery Networking
Industry Recognition as ‘Best-in-Class’ BIG-IP Awards SearchNetworking Product of the Year! • GOLD AWARD Network Mgmt. Tools • “…With this step, F5 has moved beyond content switching and load balancing to wide-ranging application acceleration.…” Highest Score, 4.6 out of 5 “When our tests were completed, F5's device emerged at the head of the pack and took our Editor's Choice award” Excellent Manageability Highly configurable via TCL-based iRules; outstanding graphical interface; good support site and knowledgeable user community. FirePass Awards SearchNetworking Product of the Year! Top Rated HOT PICK “The best remote access solution we've seen to date.” “It trumps other SSL VPN offerings with its ease of use, industrial strength hardware platform and advanced security features…" • GOLD AWARD Enterprise VPN Solution • “… FirePass stands out because it offers full network access support to any IP application across multiple platforms.” Excellent – Score of 9.0 “Sets a new standard for ease of use in setup and configuration, and for the wide array of client OS’s and browsers supported.”
Challengers Leaders F5 Networks Citrix Systems (NetScaler) Cisco Systems Ability to Execute Radware Juniper Networks (Redline) Akamai Technologies Netli Nortel Networks Stampede Technologies Array Networks Coyote Point Systems Zeus Technology NetContinuum Foundry Networks Niche Players Visionaries Completeness of Vision Our Actions Shape the Market Magic Quadrant for Application Delivery Products, Dec. 2005 • “F5 continues to build on the momentum generated by the release of v9.0. It commands over 50% market share in the advanced platform ADC (Application Delivery Controller) segment and continues to pull away from the competition. ” • “F5 is one of the thought leaders in the market and offers growing feature richness. It should be high on every enterprise's shortlist for application delivery.” Source: Gartner, December 2005
F5 Customers in EMEA (1 of 2) Banking, Financial Insurance, Investments Telco, Service Providers, Mobile
F5 Customers in EMEA (2 of 2) Transport, Travel Media, Technology, Online Manufact., Energy Governm., Other Health, Consumer
Online Resources How to access information
DevCentral Technical Community http://devcentral.f5.com/ • Forum for F5 customers for building iRules and iControl applications • F5 provides technical documentation, tips, free sample downloads, and a confidential discussion forum • Monitored by F5 engineers and technical experts that answer technical questions • Design, architecture, troubleshooting and general assistance with iRules and iControl
Real Time Compression Tool www.f5demo.com/compression
Link Collectionwww.f5.com • Technical: www.askf5.coml http://tech.f5.com http://devcentral.f5.com • F5 University www.f5university.com/ • Login: your email • Password: adv5tech • Partner Informaiotn www.f5.com/partners www.f5.com/training_services/certification/certFAQ.html • Gartner Report http://mediaproducts.gartner.com/reprints/f5networks/article1/article1.html Important deployment information is available at http://www.f5.com/solutions/deployment/Data Center Virtualization http://www.f5.com/solutions/technology/pdfs/dc_virtualization_wp.pdfApplication Traffic Management http://www.f5.com/solutions/technology/pdfs/atm_wp.pdfApplication Briefs http://www.f5.com/solutions/applications/Solution Briefs http://www.f5.com/solutions/sb/F5 Compression and Cache Test http://www.f5demo.com/compression/index.phpF5 iControl Alliance Partners http://www.f5.com/solutions/partners/iControl/F5 Technology Alliance Partners http://www.f5.com/solutions/partners/tech/Let us know if you need any clarification or you have any further questions.
To be effective, the superior tools of f5 deployed on a single platform also require superior platforms... 8400 10 Gbps Platform Extremely High traffic platforms 6800 4 Gbps Platforms Multiple solution platforms 6400 3400 500 Mbps - 1 Gbps Platforms Point solution platforms 1500
Compression Increase performance Fast Cache Offload servers Rate Shaping Reserve bandwidth BIG-IP Software ModuleQuickly Adapt to Changing Application & Business Challenges
Application Security Protect applications and data SSL Acceleration Protect data over the Internet Advanced Client Authentication Protect against unauthorised access BIG-IP Security-ModuleAdaptation made easy