670 likes | 1.4k Views
Introduction to F5 Networks. Andreas Guggenbichler Regional Manager Eastern Europe. June 22 nd , 2005. Company. Company Snapshot. Leading provider of technology to secure, optimise and deliver IP-based applications Founded 1996, public 1999 , Nasdaq listed (FFIV)
E N D
Introduction to F5 Networks Andreas Guggenbichler Regional Manager Eastern Europe June 22nd, 2005
Company Snapshot • Leading provider of technology to secure, optimise and deliver IP-based applications • Founded 1996, public 1999, Nasdaq listed (FFIV) • HQ in Seattle, offices around the globe • More than 9,000 customers • Approx. 700 employees • FY2004 revenue $171M • 48% year-over-year growth • More than 30,000 systems shipped
Undisputable Leader in Application Delivery Magic Quadrant for Web-Enabled Application Delivery, 2H04 • “F5 Networks, with the milestone release of v9.0, has a strong platform on which to build additional features.” • “The focus on application delivery and secure access has been a significant contributor to F5's success leading up to the v9.0 release. F5 is one of the thought leaders in the market and offers growing feature richness. Add F5 to your shortlist for application delivery.” Source: Gartner Research Note, January 2005
Dell’Oro L4-7 Fixed Market Q1 2005 Source:Dell’Oro Q1 2005 Market Share Report
True Fixed Market Share True Fixed includes revenue from Cisco CSS11503/6 that Dell’Oro classifies as “Modular” Source:Dell’Oro Q1 2005 Market Share Report
SSL Virtual Private Networks METAspectrumSM Evaluation SSL VPN Market Leadership • “A core group of market leaders continues to rapidly innovate and drive increasing degrees of functionality. Other contenders must often scramble to keep up.” • “SSL VPNs are already capable of delivering great value to organizations and have even further up-side potential going forward.”
Worldwide L4–L7 Switch/Load Balancer with SSL Market Share (Revenue) Other 13% Nortel Networks 10% F5 Networks 49% Cisco Systems 28% SSL Market Share LeaderFor 15th Consecutive Quarter (Q3‘04) Source: Infonetics (November 2004) “F5 released the next generation of their BIG-IP platform, which utilizes a proxy architecture (called Traffic Management Operating System) to speed up application performance; some of the highlights include improved SSL performance, as well as IPv6.” Matthias Machowinski, Analyst at Infonetics Research
F5 Customers in Europe (1 of 2) Banking, Financial Insurance, Investments Telco, Service Providers, Mobile
F5 Customers in Europe (2 of 2) Transport, Travel Media, Technology, Online Manufact., Energy Governm., Other Health, Consumer
BIG-IP Traffic Management iControl Software Development Kit Standards Based Interface (SOAP/XML) iControl Services Manager Centralised Management for F5 Devices FirePass SSL VPN Remote Access TrafficShield Application Firewall Local, Global & Link Application Traffic Management Secure Application Access Application Firewall Product and Technology Leadership
ISP A ISP B The A, B, C of Traffic Management • Redundant devices within the LAN www.domain.com • Redundant connections to the LAN Router A Router B www.domain.com • 3. Redundant sites across the WAN www.domain.com
Deploy point solutions Faster and centralised fix, applications are offloaded Costly, complex and hard to manage Code fix in the application Expensive (Code, Manage, Maintain) Consumes server cycles Often not possible Application Application Delivery Challenge Network Administrator Application Developer ?
Result: A Growing Network Problem Applications Users Network Point Solutions DoS Protection Mobile Phone SFA Rate Shaping SSL Acceleration CRM ERP CRM PDA Server Load Balancer ERP Laptop ERP CRM SFA ContentAcceleration ApplicationFirewall Desktop SFA Connection Optimisation TrafficCompression Custom Application Co-location
What the Customer Wants “How do I make my applications run better without rewriting them, or incurring major infrastructure cost and adding significant management overhead?” “I need to be as optimized as I can be, as simply as possible and with minimal resource impacts” -Director of Infrastructure for a major U.S. airline
Groundbreaking New Architecture Applications Users Unified Network & Application Infrastructure Services CRMDatabaseSiebelBEALegacy.NETSAPPeopleSoftIBMERPSFACustom Mobile Phone Deliver PDA Optimise Secure Laptop Traffic Management Operating System (TM/OS) Desktop Co-location
Comprehensive Single Solution Applications Users The F5 Solution CRMDatabaseSiebelBEALegacy.NETSAPPeopleSoftIBMERPSFACustom Mobile Phone PDA BIG-IP 3400 withPerformance Pack Laptop Desktop Co-location
GUI-Based Application Profiles Repeatable Policies iRules Programmable Network Language Security Optimization Delivery New Service An Intelligent and Flexible Solution Programmable Application Network Unified Application Infrastructure Services Targeted and Adaptable Functions Complete Visibility and Control of Application Flows Universal Inspection Engine (UIE) TM/OS Fast Application Proxy Client Side Server Side
Secure Optimised Application Delivery Application performance optimised by F5:
70% 55% 125% 126% 121% BIG-IP Delivers Applications Faster *Percentage of Improvement With BIG-IP Optimizing the Applications
Fast Cache – Dramatic Server Offloading IIS 6.0 Standard Web Content 98% Siebel eBusiness Suite Call Center 7.7 72% WebLogic Portal 8.1 78%
350 Million Page Hits in 1 Week 1/3 Reduction in Servers 1/3 Reduction in Licenses 1/3 Reduction in Management Time 95% Fewer Connections 114.8 Million 5 Million 66% Reduction in Bandwidth 1.87 Terabyte 621 Gigabytes End-to-End Page Load Time 300% Faster 3 Seconds 1 Seconds Real World Performance and Results
Real World Tests: Gomez • Gomez Testing Results: http://www.f5.com/solutions/gomez_testing.pdf
Compression Calculator http://www.f5demo.com/compression/
Customer Example: Airline Customer Problem: Portal Applications are too Slow Market Pervasiveness: • Unusable Web portal applications – 5 to 30+ second page load times, limited scale, costly infrastructure • Executive level visibility; end-user complaints • Too costly to change the applications • Difficult to manage growing number of point solutions in the network • Need to selectively compress based on client connection, application, and servers • $25 billion lost annually in e-business due to poor web performance • Over half global users are still dialup • Internet latency on average is 2x in Europe and 4x in ASIA compared with the US (91 MS) • Average Web application can be 20x chattier than traditional client- server application Too many Point Solutions Dial-UP Bandwidth Bottleneck High Latency Connection Fast Connection and application
Payback Time, 3 Months Customer Example: Airline The BIG-IP Solution: Intelligent and Adaptable Optimization Business Benefit: BIG-IP Features & Functions Utilized • Client-Aware Compression (Patent Pending) – Target compression for high latency or dial-up users • Application Switching – High availability and cost-effective scale • TCP Offload & Optimization – Client-side & Server-side • Content Transformation – Eliminate need for application proxies • TM/OS & iRules – Unified framework for application services enabling an integrated approach to consolidation of services • 10x application performance improvement (20 to 2.5 seconds) • 70% bandwidth reduction (thousands of dollars in Telco costs per month) • Lower management cost (4 vendors/ Boxes unified into 1 cohesive solution) • Organizational adaptability (can now easily offer standardized services across all application types) Detected Dial-up Client = Compress! Detect High TCP Latency = Compress! Fast Connection and application
Remote Access - Requirements Any User Employee Partner Supplier Any Application Any Location Hotel Kiosk Hot Spot Web Client/Server Legacy Desktop Any Devices Highly Available Laptop Kiosk Home PC PDA/Cell Phone Global LB Stateful Failover Disaster Recovery Secure Ease of Integration Data Privacy Device Protection Network Protection Granular App Access AAA Servers Directories Instant Access Ease of Use Clientless Simple GUI Detailed Audit Trail
2003-2007 Forecast individual SSL/HTTPS individual IPSec/PPTP site to site IPSec (not individual remote access) 2001 2003 2005 2007 Source: Gartner 2003 (Unofficial)
SSL VPN Secure Application Access Ubiquitous Delivery Dynamic Policies Any Application HTTPS Transport Laptop Mainframe Internet FirePass Remote Access Controller Mobile Device Server Desktop Kiosk
Dynamic Policy Engine • User / Device Security • Dynamically adapt user policy based on device used • Seamless Integration • Utilize existing AAA servers • Automatic user mapping from directory • Detailed audit trail • Application level visibility SSL Access Default Policy Kiosk Policy Wireless Policy Laptop Policy Policy Engine SSL VPN Connector AppTunnel Connector Webifyer Desktop Webifyer Authentication LDAP RADIUS WIN NT/2KWeb-based Group Sales Financial Auditors etc…. Access Rights Intranet SAP Siebel File Shares Audit Usage Reporting Who accessed What was accessed From Where
Kiosk Policy Mini Browser Policy Corporate Policy Cache / Temp File Cleaner Firewall / Virus Check Adaptive Client Security Kiosk PDA Laptop Client/Server Application Full Network Terminal Servers Files Intranet Email
SSLConnection SSLConnection Customer Example - Data Centre High Availability of Servers with BIG-IP High Availability for Data Centres with 3-DNS FirePass Sales Person SSL Connection Engineers Consultants FirePass Backup Data Centre
Security’s Gaping Hole Firewall Antivirus Host IDS & Secure OS Net IDS Application System Network Access Desktop “64% of the 10 million security incidents tracked targeted port 80.”Information Week DATA
TrafficShield Application Firewall • Web application firewall • Protect web applications against known & unknown attacks • Uses positive security logic – All traffic is illegal unless known to be legal • Content scrubbing • Prohibit delivery of sensitive data • Application cloaking • Hide the identity of web applications from outside probing
<script> Actions not known to be legal can now be blocked - Wrong page order - Invalid parameter - Invalid value - etc. The Application Flow Model
CONTENTSCRUBBING ATTACKFILTERING APPLICATIONFIREWALL Social Security Numbers Scrubbed Out-of-box Protection Included Unvalidated Input Manipulation Blocked Credit Card Numbers Scrubbed Script Kiddies, Known Worms & Vulnerabilities Blocked Broken Access Control (Forceful Browsing) Blocked Account Numbers Scrubbed Requests for Restricted Object and File Types Blocked Buffer Overflow Blocked Patient Health ePHI Scrubbed Phone Numbers Scrubbed Cross-Site Scripting Blocked Non-RFC-Compliant Traffic Blocked Any other identifiable text pattern Scrubbed SQL/OS Injection Blocked Illegal HTTP Format, Method Blocked Cookie Poisoning Blocked Set-Up Time 15 min Unknown Worms and Vulnerabilities Blocked CLOAKING SSL ACCELERATION & KEY MANAGEMENT NETWORKFIREWALL OS and Web Server Fingerprinting Blocked SSL Accelerator Included Key Management & Failover Handling Included IP/Port Filtering Included HTTP Error Messages Blocked Securing TCP/IP Session Included Application Error Messages Blocked SSL Termination and Re-encryption to Servers Included Reverse Proxy Included Leakage of Server Code Blocked Protecting Web-based Applications
Network Plumbing Routers Switches Firewalls iControl BIG-IP FirePass TrafficShield Functionality Application Traffic Management Application Access Application Security App Traffic Management’s Unique Positioning Intelligent Clients Intelligent Applications