F5 Synthesis
Nilesh Mistry
Field Systems Engineer
n.mistry@f5.com
Advanced
threats
SDDC/Cloud
Mobility
© F5 Networks, Inc
“Software defined”
everything
Internet of
Things
HTTP is the
new TCP
2
Impact on Data Center Architecture: Applications
MICRO-ARCHITECTURES
API DOMINANCE
Each service is isolated and requires its own:
Proxies are used in emerging API-centric architectures for:
•
•
•
•
•
Load balancing
Authentication / authorization
Security
Layer 7 Services
May be API-based, expanding services required
More applications needing services
© F5 Networks, Inc
•
•
•
•
•
API versioning
Client-based steering
API Load balancing
Metering & billing
API key management
More intelligence needed in services
Service A
Service C
API v1
Service B
Service D
API v2
3
Impact on Data Center Architecture: Network
SOLUTION SPRAWL
OPERATIONAL INCONSISTENCY
Increasing threats and client platforms result in need for:
Introduction of off-premise cloud solutions without
architectural parity results in:
•
•
•
•
•
•
Mobile device management
Mobile access management
Mobile security
DDoS
Application layer threats
Malware
• Inconsistent enforcement of business and
operational policies
• Unpredictable application performance and security
• Increased OpEx as new management paradigms are
introduced
SaaS
© F5 Networks, Inc
4
F5 MISSION
Deliver the most secure, fast,
and reliable applications to anyone
anywhere at any time.
© F5 Networks, Inc
5
The Evolution of F5
3
2
1
© F5 Networks, Inc
• Hypervisor/Cloud ubiquity
• Multi-tenancy, all-active
• Identity access management
• Security
• Mobility/LTE
• Domain Name Services
• Traffic management
• Optimization
• Acceleration
6
Application Environment
Agile
Development
Speed, customerdriven, and quality of
app development
Rapid deployment─
network and operations
velocity
© F5 Networks, Inc
7
Application Environment
Agile
Development
Cloud and
DevOps
Speed, customerdriven, and quality of
app development
Accelerate time
to market
Rapid deployment─
network and operations
velocity
Cloud SLA and control
private network agility
© F5 Networks, Inc
8
Application Environment
Agile
Development
Cloud and
DevOps
SDN and
Private Cloud
Speed, customerdriven, and quality of
app development
Accelerate time
to market
Software defined
data centers
Failed to Address:
Rapid deployment─
network and operations
velocity
© F5 Networks, Inc
Cloud SLA and control
private network agility
L4–7 device sprawl and
application awareness
9
The Time Is Right
F5 VISION
Agile
Development
Cloud and
DevOps
SDN and
Private Cloud
Speed, customerdriven, and quality of
app development
Accelerate time
to market
Software Defined
Data Centers
Applications
without constraints
Failed to Address:
Rapid deployment─
network and operations
velocity
© F5 Networks, Inc
Cloud SLA and control
private network agility
L4–7 device sprawl and
application awareness
10
© F5 Networks, Inc.
Inc
11
The Evolution of F5
4
3
2
1
© F5 Networks, Inc.
Inc
Software Defined Application Services
Cloud Ready
Broadened Application Services
Application Delivery Controller
12
Software Defined Application Services Elements
High-Performance
Services Fabric
Simplified
Business Models
© F5 Networks, Inc
13
High Performance Services Fabric
High-Performance Services Fabric
Virtual Edition
Network
Appliance
Chassis
[Physical • Overlay • SDN]
High-Performance Services Fabric
On-Demand Scaling
All-Active Clustering
Multi-Tenancy
TMOS
TMOS
ScaleN
Network
[Physical • Overlay • SDN]
TMOS
TMOS
High-Performance Services Fabric
Throughput
*40K when combining
admin instances with vCMP
Connections
per second
Network
Concurrent
connections
Multi-tenant
instances per device
[Physical • Overlay • SDN]
Device service
clusters
High-Performance Services Fabric
Programmability
Data Plane
Virtual Edition
Network
Control Plane
Appliance
Management Plane
Chassis
[Physical • Overlay • SDN]
High-Performance Services Fabric
Programmability
Data Plane
Virtual Edition
Network
Control Plane
Appliance
Management Plane
Chassis
[Physical • Overlay • SDN]
“Leave No Application Behind”
1000
Average number of
applications deployed
within an enterprise
DDoS
© F5 Networks, Inc
WAF
SSL
Acceleration
LTE
Applications
require services
21
The selected few
© F5 Networks, Inc
22
BIG-IP
© F5 Networks, Inc
BIG-IP
BIG-IP
BIG-IP
BIG-IP
BIG-IP
23
High-Performance
Fabric
BIG-IP
© F5 Networks, Inc
BIG-IP
Application
Services
BIG-IP
BIG-IP
BIG-IP
BIG-IP
24
Software Defined Application
Services
Software Defined Application Services
F5 Software Defined Application Services (SDAS)
are a rich set of services that address the delivery
challenges faced by businesses today. Built and
deployed atop extensible F5 platforms, SDAS are
all application and context-aware, highly scalable,
and programmatic.
Provisioned and managed within the F5 Synthesis
architecture through BIG-IQ, SDAS provides
organizations with the opportunity to simplify
application delivery architectures without
compromising on service breadth and depth.
© F5 Networks, Inc
26
Software Defined Application Services
Availability services from F5 focus on
eliminating single points of failure to reduce
downtime and disruption. Network, application
and organizational availability is critical to
ensuring business continuity and access to the
applications that enable today’s businesses.
Availability services span data center and
cloud-hosted applications, ensuring scale and
reliability regardless of where applications or
users are located.
Availability
Global Server LB Load
Global
Server LB
CGNAT Balancing
Global Load Balancing
DNS Caching
& Resolving
Authoritative DNS
Disaster Recovery
Cloud Bursting Business
© F5 Networks, Inc
Intelligent EPC node selection
Continuity
27
Software Defined Application Services
Performance services for F5 focus on
improving the end-user experience regardless
of location or device. Performance services
enhance mobile and web application
responsiveness by supporting protocols like
SPDY and TCP optimizations and by enabling
applications to dynamically take advantage of
compression and caching technologies.
Performance
Compression
Traffic
Management
Caching
Acceleration
Optimization SPDY Gateway
Application Optimization
Web Performance Optimization
© F5 Networks, Inc
Traffic Shaping
and QoS
28
Software Defined Application Services
Access & Identity services are critical to
maintaining a positive security posture while
enabling users to access applications from
anywhere at anytime. F5 enables single-sign
on and federation of application access across
the data center and into the cloud, while
maintaining the integrity of data through
comprehensive endpoint inspective and antimalware services.
SAML Federation
Access &
Identity
Cloud Federation
Single Sign-On
Access Control
Endpoint Inspection
© F5 Networks, Inc
SSL VPN
Active Sync Proxy
Secure
Web
Gateway
Web Access Management
Anti-Malware
29
Software Defined Application Services
Security services are an integral component to
the organization’s overall security strategy. F5
security services protect and mitigate threats
at every layer of the network stack. From
network DDoS to SYN floods to HTTP-focused
attacks, F5 services are designed to provide
comprehensive detection and defense against
the growing volume of threats.
Anti-Fraud
Programmability
DNS Firewall
SSL Inspection
WAF Anti-Phishing
SSL intelligence
DDoS
ADF
Firewall
DNSSEC
© F5 Networks, Inc
Security
SSL VPN
30
Application Services Portfolio
Cloud Federation
Anti-Phishing
Diameter
& Routing
SAML Federation Mobile Optimization Firewall
Traffic
Management
SAML
Federation
Access Mobile Acceleration
Control Global Load Balancing Gi
CGNAT
Cloud
Bridging
Authoritative DNS
App
Delivery
Firewall
Caching
Optimization
Application
Optimization
Management
DNS Firewall
Compression
Chaining
Quota Management
SSL
VDI
Inspection
Firewall Mobile App
Service
Single Sign-On
Anti-Malware
Disaster Recovery
DNSSEC
VOLTE
Traffic
Shaping
and QoS
Intelligence
Cloud
Bursting
DDoS
SSL
VPN NfV
SSL
Traffic
Management
Subscriber
Traffic Control
Business Continuity
Active Sync Proxy
LTE
Roaming
Endpoint Inspection Programmability
MDM
Access Management
Global Server SPDY Web
Web Performance
DNS Caching & Resolving SDN
Optimization
Gateway VAS Bursting
Load Anti-Fraud
Enrichment
Policy Intelligent EPC node
Secure
Web
Gateway
Balancing Enforcement
selection
Application
Traffic Control
Web App
Firewall
Acceleration
Intelligent Services Orchestration
Intelligent Services Orchestration
Orchestration
Connectors
Fabric Connectors
BIG-IQ
Module Connectors
Cloud Connectors
Intelligent Services Orchestration
Orchestration
Connectors
Fabric Connectors
BIG-IQ
Module Connectors
Cloud Connectors
Intelligent Services Orchestration
Orchestration
Connectors
Fabric Connectors
BIG-IQ
Module Connectors
Cloud Connectors
Intelligent Services Orchestration
Orchestration
Connectors
Fabric Connectors
BIG-IQ
Module Connectors
Cloud Connectors
Intelligent Services Orchestration
Orchestration
Connectors
Fabric Connectors
BIG-IQ
Module Connectors
Cloud Connectors
Centralized Management Platform
BIG - IQ
BIG-IP
BIG-IP
Data Center
Hybrid Cloud
Public Cloud
Simplified Business Models
Simplified Business Models
 Perpetual
 Subscriptions

 BYOL
 Cloud Licensing Program

F5 Licensing: Good
Good Offering
BIG-IP Local Traffic
Manager
Target Customer:
Load balancing and monitoring
Application Visibility and Monitoring
L7 intelligent traffic management
Core protocol optimization (HTTP, TCP, SPDY, SSL)
SSL proxy and services
IPv6 support
Programmability (iRules, iCall, iControl, iApps)
ScaleN: On demand, application & operational
scaling
• AAM Core (Caching, Compression, Bandwidth
Controller, more)
• APM Lite (User Authentication, SSL VPN for 10
concurrent users)
• SYN flood protection
•
•
•
•
•
•
•
•
Organizations that require local intelligent
traffic management to ensure application
availability
Customer Needs:
•
•
•
•
Rapid deployment & optimization
Real-time analysis & load balancing
SSL acceleration & offload
Easy protocol implementation
F5 Licensing: Better
Better Offering
BIG-IP Local Traffic
Manager
BIG-IP Global Traffic
Manager
BIG-IP Application
Acceleration Manager
BIG-IP Advanced Firewall
Manager
Target Customer:
•
•
•
•
•
•
Global server load balancing
DNS services
Real-time DNSSEC solution
Global application high availability
Geolocation
DNS DDoS attack protection
• Web performance optimization
• WAN optimization (data deduplication,
FEC)
• Mobile optimization (smart client
cache, image optimization)
• SaaS acceleration (reduce bandwidth
usage & page load times)
•
•
•
•
High-performance ICSA firewall
Network DDoS protection
Application-centric firewall policies
Protocol anomaly detection
Organizations that require network
security and improved end user
experience with local and global
intelligent traffic management
Customer Needs:
• Protect and optimize the data center
• Optimize application delivery
• Ensure optimal application availability
and performance
• Future-proof the business
• Leverage the power of integrated SDN
services
F5 Licensing: Best
Best Offering
BIG-IP Local Traffic
Manager
BIG-IP Global Traffic
Manager
Target Customer:
• PCI Compliant Web
Application Firewall
• Web scraping prevention
• Integrated XML firewall
• Violation correlation &
incident grouping
• Application DDoS protection
BIG-IP Application
Acceleration Manager
BIG-IP Advanced Firewall
Manager
BIG-IP Application
Security Manager
BIG-IP Access Policy
Manager
• 500 concurrent users,
scalable up to 200K
• BYOD enablement
• Full Proxy for VDI (Citrix,
VMware)
• Single sign-on enhancements
(Identity Federation with
SAML 2.0)
Organizations that require advanced access
management and total web security in addition
to network security with local and global
intelligent traffic management
Customer Needs:
•
•
•
•
•
Manage application access
Support BYOD initiatives
Accelerate remote access
Protect IP and minimize vulnerability exposure
Free development resources to create value
F5 Synthesis
High-Performance
Fabric
Intelligent Services
Orchestration
Simplified Business
Models
Utilizing F5 ScaleN to provide the most
scalable, high-density, high-performance
fabric in the industry to leave no
application behind.
Offering BIG-IQ for the deployment
of application services, cloud
orchestration, and ADC management─
one push button provisioning and all
necessary API management.
Providing capacity- and volumebased licensing, software module
mobility, and the unique bundling of
application services.
F5 Synthesis
F5 in Every Cloud
Performance Leadership
Reference Architectures
F5 deployed and serviced in every
cloud marketplace to ensure
consistent Synthesis application
services deployment.
Meet every performance requirement
from Micro ADC 25 MB virtual editions
to terabit-sized chassis solutions.
Provide fully documented and tested
business outcome solutions for F5
customers to consume Synthesis.
F5 Synthesis Drives Shift to Software Defined Data Center
Traditional Environment
 SILO APPROACH BY APPLICATIONS
 COST UN-EFFICIENCY
 NO PROGRAMMABILITY, SCALABILITY
© F5 Networks, Inc
SOFTWARE-DEFINED
DATACENTER
 ARCHITECTURE BECAME “FABRIC” WITH
HIGH PROGRAMMABILITY AND
SCALABILITY
 IMPROVE COST EFFICIENCY
46
High-Performance
Services Fabric
Simplified
Business Models
• New licensing models
• Easy to procure
• Save by purchasing bundles
© F5 Networks, Inc
47
Reference
Architectures
Solving Customer Issues
Reference Architectures
Device, Network, Applications
S/Gi Network
Simplification
DDoS
Protection
Bill of Materials
© F5 Networks, Inc.
Inc
Security for
Service Providers
LTE
Roaming
•
•
•
•
Application
Services
Intelligent
DNS Scale
Solution diagram(s)
Architecture diagram(s)
Product map diagram(s)
Customer deck
Migration to
Cloud
Cloud
Federation
DevOps
Cloud
Bursting
• RA video overview
• White paper(s)
• Placemat leave-behind
49
Benefits of F5 Synthesis
Drive
© F5 Networks, Inc.
Increase
Reduce
Future
50
F5 Synthesis Partner Ecosystem
/
DevOps
© F5 Networks, Inc.
51
Solutions for an Application World.