1 / 44

Introduction to F5 Networks

Introduction to F5 Networks. Andreas Guggenbichler Regional Manager Eastern Europe. June 22 nd , 2005. Company. Company Snapshot. Leading provider of technology to secure, optimise and deliver IP-based applications Founded 1996, public 1999 , Nasdaq listed (FFIV)

mateo
Download Presentation

Introduction to F5 Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to F5 Networks Andreas Guggenbichler Regional Manager Eastern Europe June 22nd, 2005

  2. Company

  3. Company Snapshot • Leading provider of technology to secure, optimise and deliver IP-based applications • Founded 1996, public 1999, Nasdaq listed (FFIV) • HQ in Seattle, offices around the globe • More than 9,000 customers • Approx. 700 employees • FY2004 revenue $171M • 48% year-over-year growth • More than 30,000 systems shipped

  4. Undisputable Leader in Application Delivery Magic Quadrant for Web-Enabled Application Delivery, 2H04 • “F5 Networks, with the milestone release of v9.0, has a strong platform on which to build additional features.” • “The focus on application delivery and secure access has been a significant contributor to F5's success leading up to the v9.0 release. F5 is one of the thought leaders in the market and offers growing feature richness. Add F5 to your shortlist for application delivery.” Source: Gartner Research Note, January 2005

  5. Dell’Oro L4-7 Fixed Market Q1 2005 Source:Dell’Oro Q1 2005 Market Share Report

  6. True Fixed Market Share True Fixed includes revenue from Cisco CSS11503/6 that Dell’Oro classifies as “Modular” Source:Dell’Oro Q1 2005 Market Share Report

  7. SSL Virtual Private Networks METAspectrumSM Evaluation SSL VPN Market Leadership • “A core group of market leaders continues to rapidly innovate and drive increasing degrees of functionality. Other contenders must often scramble to keep up.” • “SSL VPNs are already capable of delivering great value to organizations and have even further up-side potential going forward.”

  8. Worldwide L4–L7 Switch/Load Balancer with SSL Market Share (Revenue) Other 13% Nortel Networks 10% F5 Networks 49% Cisco Systems 28% SSL Market Share LeaderFor 15th Consecutive Quarter (Q3‘04) Source: Infonetics (November 2004) “F5 released the next generation of their BIG-IP platform, which utilizes a proxy architecture (called Traffic Management Operating System) to speed up application performance; some of the highlights include improved SSL performance, as well as IPv6.” Matthias Machowinski, Analyst at Infonetics Research

  9. F5 Customers in Europe (1 of 2) Banking, Financial Insurance, Investments Telco, Service Providers, Mobile

  10. F5 Customers in Europe (2 of 2) Transport, Travel Media, Technology, Online Manufact., Energy Governm., Other Health, Consumer

  11. BIG-IP Traffic Management iControl Software Development Kit Standards Based Interface (SOAP/XML) iControl Services Manager Centralised Management for F5 Devices FirePass SSL VPN Remote Access TrafficShield Application Firewall Local, Global & Link Application Traffic Management Secure Application Access Application Firewall Product and Technology Leadership

  12. Application TrafficManagementBIG-IP

  13. ISP A ISP B The A, B, C of Traffic Management • Redundant devices within the LAN www.domain.com • Redundant connections to the LAN Router A Router B www.domain.com • 3. Redundant sites across the WAN www.domain.com

  14. Deploy point solutions Faster and centralised fix, applications are offloaded Costly, complex and hard to manage Code fix in the application Expensive (Code, Manage, Maintain) Consumes server cycles Often not possible Application Application Delivery Challenge Network Administrator Application Developer ?

  15. Result: A Growing Network Problem Applications Users Network Point Solutions DoS Protection Mobile Phone SFA Rate Shaping SSL Acceleration CRM ERP CRM PDA Server Load Balancer ERP Laptop ERP CRM SFA ContentAcceleration ApplicationFirewall Desktop SFA Connection Optimisation TrafficCompression Custom Application Co-location

  16. What the Customer Wants “How do I make my applications run better without rewriting them, or incurring major infrastructure cost and adding significant management overhead?” “I need to be as optimized as I can be, as simply as possible and with minimal resource impacts” -Director of Infrastructure for a major U.S. airline

  17. Groundbreaking New Architecture Applications Users Unified Network & Application Infrastructure Services CRMDatabaseSiebelBEALegacy.NETSAPPeopleSoftIBMERPSFACustom Mobile Phone Deliver PDA Optimise Secure Laptop Traffic Management Operating System (TM/OS) Desktop Co-location

  18. Comprehensive Single Solution Applications Users The F5 Solution CRMDatabaseSiebelBEALegacy.NETSAPPeopleSoftIBMERPSFACustom Mobile Phone PDA BIG-IP 3400 withPerformance Pack Laptop Desktop Co-location

  19. GUI-Based Application Profiles Repeatable Policies iRules Programmable Network Language Security Optimization Delivery New Service An Intelligent and Flexible Solution Programmable Application Network Unified Application Infrastructure Services Targeted and Adaptable Functions Complete Visibility and Control of Application Flows Universal Inspection Engine (UIE) TM/OS Fast Application Proxy Client Side Server Side

  20. Secure Optimised Application Delivery Application performance optimised by F5:

  21. 70% 55% 125% 126% 121% BIG-IP Delivers Applications Faster *Percentage of Improvement With BIG-IP Optimizing the Applications

  22. Fast Cache – Dramatic Server Offloading IIS 6.0 Standard Web Content 98% Siebel eBusiness Suite Call Center 7.7 72% WebLogic Portal 8.1 78%

  23. 350 Million Page Hits in 1 Week 1/3 Reduction in Servers 1/3 Reduction in Licenses 1/3 Reduction in Management Time 95% Fewer Connections 114.8 Million 5 Million 66% Reduction in Bandwidth 1.87 Terabyte 621 Gigabytes End-to-End Page Load Time 300% Faster 3 Seconds 1 Seconds Real World Performance and Results

  24. Real World Tests: Gomez • Gomez Testing Results: http://www.f5.com/solutions/gomez_testing.pdf

  25. Compression Calculator http://www.f5demo.com/compression/

  26. Customer Example: Airline Customer Problem: Portal Applications are too Slow Market Pervasiveness: • Unusable Web portal applications – 5 to 30+ second page load times, limited scale, costly infrastructure • Executive level visibility; end-user complaints • Too costly to change the applications • Difficult to manage growing number of point solutions in the network • Need to selectively compress based on client connection, application, and servers • $25 billion lost annually in e-business due to poor web performance • Over half global users are still dialup • Internet latency on average is 2x in Europe and 4x in ASIA compared with the US (91 MS) • Average Web application can be 20x chattier than traditional client- server application Too many Point Solutions Dial-UP Bandwidth Bottleneck High Latency Connection Fast Connection and application

  27. Payback Time, 3 Months Customer Example: Airline The BIG-IP Solution: Intelligent and Adaptable Optimization Business Benefit: BIG-IP Features & Functions Utilized • Client-Aware Compression (Patent Pending) – Target compression for high latency or dial-up users • Application Switching – High availability and cost-effective scale • TCP Offload & Optimization – Client-side & Server-side • Content Transformation – Eliminate need for application proxies • TM/OS & iRules – Unified framework for application services enabling an integrated approach to consolidation of services • 10x application performance improvement (20 to 2.5 seconds) • 70% bandwidth reduction (thousands of dollars in Telco costs per month) • Lower management cost (4 vendors/ Boxes unified into 1 cohesive solution) • Organizational adaptability (can now easily offer standardized services across all application types) Detected Dial-up Client = Compress! Detect High TCP Latency = Compress! Fast Connection and application

  28. SSL VPNFirePass

  29. Remote Access - Requirements Any User Employee Partner Supplier Any Application Any Location Hotel Kiosk Hot Spot Web Client/Server Legacy Desktop Any Devices Highly Available Laptop Kiosk Home PC PDA/Cell Phone Global LB Stateful Failover Disaster Recovery Secure Ease of Integration Data Privacy Device Protection Network Protection Granular App Access AAA Servers Directories Instant Access Ease of Use Clientless Simple GUI Detailed Audit Trail

  30. 2003-2007 Forecast individual SSL/HTTPS individual IPSec/PPTP site to site IPSec (not individual remote access) 2001 2003 2005 2007 Source: Gartner 2003 (Unofficial)

  31. SSL VPN Secure Application Access Ubiquitous Delivery Dynamic Policies Any Application HTTPS Transport Laptop Mainframe Internet FirePass Remote Access Controller Mobile Device Server Desktop Kiosk

  32. Dynamic Policy Engine • User / Device Security • Dynamically adapt user policy based on device used • Seamless Integration • Utilize existing AAA servers • Automatic user mapping from directory • Detailed audit trail • Application level visibility SSL Access Default Policy Kiosk Policy Wireless Policy Laptop Policy Policy Engine SSL VPN Connector AppTunnel Connector Webifyer Desktop Webifyer Authentication LDAP RADIUS WIN NT/2KWeb-based Group Sales Financial Auditors etc…. Access Rights Intranet SAP Siebel File Shares Audit Usage Reporting Who accessed What was accessed From Where

  33. Kiosk Policy Mini Browser Policy Corporate Policy Cache / Temp File Cleaner Firewall / Virus Check Adaptive Client Security Kiosk PDA Laptop Client/Server Application Full Network Terminal Servers Files Intranet Email

  34. SSLConnection SSLConnection Customer Example - Data Centre High Availability of Servers with BIG-IP High Availability for Data Centres with 3-DNS FirePass Sales Person SSL Connection Engineers Consultants FirePass Backup Data Centre

  35. Web Application SecurityTrafficShield

  36. Security’s Gaping Hole Firewall Antivirus Host IDS & Secure OS Net IDS Application System Network Access Desktop “64% of the 10 million security incidents tracked targeted port 80.”Information Week DATA

  37. TrafficShield Application Firewall

  38. TrafficShield Application Firewall • Web application firewall • Protect web applications against known & unknown attacks • Uses positive security logic – All traffic is illegal unless known to be legal • Content scrubbing • Prohibit delivery of sensitive data • Application cloaking • Hide the identity of web applications from outside probing

  39. The Application Flow Model

  40. <script> Actions not known to be legal can now be blocked - Wrong page order - Invalid parameter - Invalid value - etc. The Application Flow Model

  41. CONTENTSCRUBBING ATTACKFILTERING APPLICATIONFIREWALL Social Security Numbers Scrubbed Out-of-box Protection Included Unvalidated Input Manipulation Blocked Credit Card Numbers Scrubbed Script Kiddies, Known Worms & Vulnerabilities Blocked Broken Access Control (Forceful Browsing) Blocked Account Numbers Scrubbed Requests for Restricted Object and File Types Blocked Buffer Overflow Blocked Patient Health ePHI Scrubbed Phone Numbers Scrubbed Cross-Site Scripting Blocked Non-RFC-Compliant Traffic Blocked Any other identifiable text pattern Scrubbed SQL/OS Injection Blocked Illegal HTTP Format, Method Blocked Cookie Poisoning Blocked Set-Up Time 15 min Unknown Worms and Vulnerabilities Blocked CLOAKING SSL ACCELERATION & KEY MANAGEMENT NETWORKFIREWALL OS and Web Server Fingerprinting Blocked SSL Accelerator Included Key Management & Failover Handling Included IP/Port Filtering Included HTTP Error Messages Blocked Securing TCP/IP Session Included Application Error Messages Blocked SSL Termination and Re-encryption to Servers Included Reverse Proxy Included Leakage of Server Code Blocked Protecting Web-based Applications

  42. Conclusion

  43. Network Plumbing Routers Switches Firewalls iControl BIG-IP FirePass TrafficShield Functionality Application Traffic Management Application Access Application Security App Traffic Management’s Unique Positioning Intelligent Clients Intelligent Applications

More Related