F5 VMware Solution Overview

F5 VMware Solution Overview

Presented by

Mike Crozier - F5 Systems Engineer

© F5 Networks, Inc.

22

F5 is the leader in Application Delivery Networking

Users

What:PCLaptopHome PCPDAKioskMobile

Where:LANHomeBranch / WANRoad / WAN

Private Users

Public UsersFrom What:PCLaptopHome PCPDAKioskMobile

Who:CustomersPartnersSuppliersConsultants

Data Center

http://www1.sap.com/index.epx


3Overview Portfolio Releases Hot Topics Solutions

Gartner Magic Quadrant for ADC

Source: Gartner (November 2010)

F5 Networks• F5 Networks has a broad and comprehensive

vision with industry-leading understanding of the needs of application development, deployment and management.

• The vendor has a comprehensive feature set with a full range of extensibility delivered through iRules and iControl, and integration with popular integrated development environments (IDEs), such as Eclipse and .NET/Visual Basic.

• F5 has developed a very large community of committed users (using F5's DevCentral portal) that helps fuel the use of iRules to solve unique data center application challenges, creating a loyal and engaged user base.

• F5 has a solid financial position and continued market-leading position (47% market share).

Source: Gartner, Inc.

More

http://www.f5.com/pdf/analyst-reports/gartner-magic-quadrant-adc.pdf

http://www.f5.com/pdf/analyst-reports/gartner-magic-quadrant-adc.pdf


4

F5 in WW ADC Market for Q410

Q410 Gartner ADC Market Share

Cisco16.7%

F5 NETWORKS44.9%

Others16.1%

Radware8.1%

Citrix14.2%

Q410 ADC* Market Share Leaders

– F5 : 44.9%– Cisco: 16.7%– Citrix: 14.2%

Q410 ADC Market Share Revenue Leaders

– F5: $164.3 Million– Cisco: $61 Million– Citrix: $52 Million

Q410 ADC Q/Q Revenue Growth– F5: 2.1%– Cisco: 45.2%– Citrix: 4.0%

Q410 ADC Total Market Numbers– Revenue: $365.7 Million– Q/Q Revenue Growth: 9.4%

*Application Delivery Controller (ADC) Segment Includes: Server Load Balancing/Layers 4-7 Switching and Advanced (Integrated) Platforms. Graphic created by F5 based on Gartner data.

Gartner, Inc. Market Share: Application Acceleration Equipment, Worldwide, 4Q10 and 2010, Joe Skorupa, Nhat Pham, 3 March 2011


5

F5 Local Customers


6

F5 Canberra Office & Local Depot

• Located at “The Realm” in Barton• Local Depot in Hume (RMA Services)


7

Application Delivery Services

Application Delivery Networking• The introduction of a tiered application delivery layer

provides the delivery of common services in a consistent manner..

7

Core Networking Services.

Application Services

RoutingSwitching

Load-Balancing Web Acceleration Traffic Shaping Intrusion

Prevention

Access Control

Business Logic

Security

DR/HA

Business Logic Business Logic Business Logic Business Logic

Proxy Cache Compression


8

Traditional Architecture is Inflexible

Users

Resources

Physical Virtual Multi-Site DCs

Private Public

Cloud


9

What’s Needed:

Users

Resources


Private Public

Cloud

Dynamic Services Model:Reusable services that understand context and can provide control

regardless of application, virtualization, user, device, platform or location


1010

TMOS Unique Architecture

Client

SSL

Com

pres

sion

ClientSide

ServerSide

TCP

Expr

ess

ServerTCP

Expr

ess

Cach

ing

Microkernel

TMOS traffic plug-insHigh-performance networking microkernelPowerful application protocol supportiControl – external monitoring and controliRules – network programming language

High Performance HWiRules

iControl API

TCP Proxy

OneC

onne

ct

XML

Rate

Sha

ping AP

M, A

SM

Web

Acc

el

3rd P

arty

ApplicationDeliveryNetwork


11

Platform Line-up

400k L7 RPS175K L4 CPS4G L7/L4 TPUT

BIG-IP 3900600k L7 RPS220K L4 CPS6G L7/L4 TPUT

BIG-IP 6900

1.2M L7 RPS400K L4 CPS

Up to 20G TPUT

BIG-IP 8900/8950 2.5M L7 RPS1M L4 CPS

Up to 42G TPUT

BIG-IP 11050

100k L7 RPS60K L4 CPS

1G L7/L4 TPUT

BIG-IP 1600 135k L7 RPS115K L4 CPS2G L7/L4 TPUT

BIG-IP 3600

Application Switch

VIPRION 2400

4M L7 RPS1.6M L4 CPS

80G/160G - L7/L4 TPUT

VIPRION 4400

6.4M L7 RPS2.8M L4 CPS

80G L7/L4 TPUT

VIPRION Chassis

Production

1 Gbps

Lab

200 Mbps

Virtual Editions


12

BIG-IP Virtual Edition

• Available as a trial, developer or production editions

• Runs on any server compatible with ESX

• Managed just like a physical LTM

• Same functionality.

ESX v4, ESXi v4


13

It Starts with Local Traffic ManagementEnsure availability and plan for growth

TransactionAssurance

High PerformanceHardware

Dynamic LBMethods

Session Persistence

Application Health Monitoring

LTM load balances at the application level

• Ensures the best resources are always selected

• Has deep visibility into application health

• Proactively inspects and responds to errors

Eliminate downtime and scale the application


14

Secure the Applications and Data

Security at Application, Protocol and Network Level

• Meet compliance requirements (PCI, HIPAA, etc.)

• Strong protection without interrupting legitimate traffic

Resource Cloaking and

Content Security

Network and Protocol Attack

Prevention

Application Security Manager

Access Policy Manager(add-on modules)

Selective Encryption

“BIG-IP enabled us to improve security instead of having to invest time and money to develop a new more secure application”

Application MangerGlobal 5000 Media and Entertainment Company

TechValidate 0C0-126-2FB


15

Let Servers Serve

LTM offloads tasks from application servers

• Reduce the number of servers required

• Centralized SSL key management

One ConnectFast CacheSSL OffloadCompression

1/2 of BIG-IP owners have saved 20% or more on their total Capital Expenses with BIG-IP

Source: TechValidate Survey of F5 BIG-IP Users


16

OneConnect ™ – Connection Pooling

Increase server capacity by 30% – Aggregates massive number of client requests into fewer server

side connectionsTransformations from HTTP 1.0 to 1.1 for Server Connection ConsolidationMaintains Intelligent load balancing to dedicated content servers

Good Sources: http://tech.f5.com/home/bigip/solutions/traffic/sol1548.htmlhttp://www.f5.com/solutions/archives/whitepapers/httpbigip.html

http://tech.f5.com/home/bigip/solutions/traffic/sol1548.html

http://www.f5.com/solutions/archives/whitepapers/httpbigip.html


17

Symmetric Compression• Adaptive• Deflate• LZO

SSL Encryption

Integrated and free with BIG-IP LTM v10+

Secure & Optimized Tunnel between Cloud & DC “BIG-IP iSessions”


18

Multi-Tenancy“Route Domains”

BIG-IP v10+: Managing Networks in the Cloud

• Host multiple departments/organizations on one BIG-IP without conflicts

• Granular control to provide separate routing domains and overlapping IPs

Department A Department B


19

F5 iApp: How it worksiApp templates allow for business policy-driven configuration and IT collaboration

iApp drives automation and provisioning

Changes can quickly be made and re-applied

iApps are portable between F5 devices enabling rapid migration

Every service is reusable


20

BIG-IP V10 Managing Objects & ServicesBIG-IP V11 Managing Application Services


21

BIG-IP V11 Managing Application Services

F5 iAPPs:Managing application services … not network devices or objects.


22

Saves (Minimum)= 14 days to research (Exch)= 14-21 days to research (F5)= 5 days to setup test environment (Exch)= 3 days to setup test environment (F5) = 30 days to test (Exch/F5)= 1 day implementation (Exch/F5)

Stats= 100 pages of configuration= 1200 steps = 20% inputs

Costs= 2 hours to read guide= 8 hours to gather inputs= 8 hours to configure =100 % chance of misconfigurations

V10 Deployment Guide Exchange 2010


23

F5 and VMware


24

VMware & F5 Market Leaders


25

Recent Highlights

• F5 named Global Technology Innovator Partner of the Year VMware awards highest honor to F5 at 2011 Partner

Exchange Recognition for deep integration and solution

development

• “VMware-Ready” certifications BIG-IP Virtual Edition

• Recent Releases View desktop solution (Edge Gateway and APM for

LTM VE) vCloud Director – joint cloud bursting solution Management Plug-in for vSphere


26

Common Practical Issues

How can I provision more seamlessly?

How can I make application performance better?

How can I automate more administrative tasks?

How can I simplify network configuration for VMs?

How can I take full advantage of VMotion?

How can I secure my virtual desktop deployments?

How can I streamline virtual desktop access steps?


27

Server Virtualization & F5


28

Improving VM Density

Typical virtualized server

SSL Caching Compression One Connect TCP Optimization

Offload

Same serverwith BIG-IP


29

Automating Network Changes: vCenter

• BIG-IP LTM & VMware vCenter can be integrated for automatic provisioning of local VMs on demand

• Respond to changes in traffic volume

• Provision to mean rather than peak

• Reduce manual labor


30

Web Clients

FrontEnd

AppServers Virtualization

App. Server App. Server App. Server

Storage Virtualization

Frontends VirtualizationBIG-IP LTM

BIG-IP LTM

FrontEnd FrontEnd

Web Clients

iControl

iControl

vCenter

+

AppSpeed

(optional)

Demand ↑ ↑ ↑

F5 Provision

Detection

Automation

VM Provision

Demand ↓ ↓ ↓

VM Deprovision

Detection

AutomationF5 Deprovision

Illustration: LTM & vCenter Integration

Mon

itorin

g &

Man

agem

ent


31

Automating Network Changes: SRM

• BIG-IP GTM & VMware SRM integrated to enable failover between sites

• GTM makes traffic follow SRM failover

• Automatic

• Minimize Application Downtime


32

Automating Network Changes:Inter-Data Center Traffic Management

• Serving an application across multiple data centers

• Cloud Bursting

• Automated Failover

• Global Traffic Optimization

• Intelligent Persistence

• Federated Cloud Authentication

• Control via • iControl API• Pre-defined global traffic policies• iRules

BIG-IP Global Traffic Manager

vCenter-1 vCenter-2


33

Illustration: GTM & SRM Integration

SRM Failover

Ongoing Replication

(a) GTM Health checks reveal unhealthy site 1.

(b) GTM self-executes a redirection to site 2.

Site 1 Site 2


34

F5 Management Plug-In for vSphere


35

F5 Management Plug-In for vSphere

• Free Software Plug-In for VMware vSphere

• Attaches to vCenter Server – modifies vSphere Client GUI

• Operates with both physical and virtual LTM editions

• Streamlines the administrative steps of adding VM nodes from load balancing pools

• Automates actions based on pre-defined policies

• Reduces risk of error

• Reduces manual effort

• Officially supported by F5 (in it’s unmodified state)


36

vSphere Client GUI


37

Example: Right-Click VM and disable VM via BIG-IP


38

Long Distance VMotion

Detailed Review


39

Escaping Boundaries Between DCs

New Use Cases for Well Established Functionality

Key Technical Problems Solved:• Performance problems caused by

latency or bandwidth• Network retransmission of client

traffic from site 1 to site 2• Loss of app sessions when

migrating to another location

• Migration• Disaster avoidance• Capacity expansion


40

How it works – the fundamental steps

1. Storage VMotion to Site 2

2. VMotion to Site 2

3. LTM routes incoming connections for existing sessions to Site 2 VM

4. GTM routes new connections to Site 2

5. Register host and VM in vCenter Site 2 (optional)


41Logical representation, not physical

vCenter Server

InternetEtherIP Tunnel EtherIP Tunnel


42

Acceleration & Encryption• F5 testing results of common bandwidth/latency combinations

• iSessions™ or WAN Optimization Module™ (WOM)

• SSL encryption

• Acceleration: TCP Optimization, Deduplication, Compression

• Able to successfully VMotion in conditions where previously failedBandwidth (Mbps)

Link Latency (RTT ms)

Link Packet Loss (%)

Average Time without WOM

in Minutes

Average Time

with WOM in Minutes

Acceleration Factor

45 (T3) 100 0% 13:43 3:35 3.8X

100 25 0% 6:10 1:18 4.7X

155 (OC3) 100 0% 13:25 3:29 3.9X

622 (OC12) 40 0% 5:57 1:57 3.1X

1000 (Ethernet)

20 0% 2:38 0:38 3.5X


43

BIG-IP LocalTraffic Manager

Initial Environment



vCenter A vCenter B


44


Step 1: F5 BIG-IP Local Traffic Manager Opens WAN Optimization Tunnel



vCenter A vCenter B

1• Compressed• De-Duplicated• Encrypted


45


Step 2: Storage VMotion Executed Across WAN Optimized Tunnel



vCenter A vCenter B

2 This step can be avoided if storage is already being synchronously

replicated between sites


46


Step 2: Pending App VMotion, transactions rely on VM in Site A, but Storage in Site B



vCenter A vCenter B

vCenter A still managing VM


47


Step 3: Application VMotion Executed Over WAN Optimized Tunnel



vCenter A vCenter B

3


48


Step 4: GTM health checks register the move, and Cut Over to Site-B



vCenter A vCenter B

4


49


F5 BIG-IP Global Traffic Manager Routes All NEW Application Connections/Sessions Directly to Site B.



vCenter A vCenter B


50


F5 BIG-IP Local Traffic Manager in Site A retransmits incoming connections for EXISTING Sessions to Site B Until Clients Register DNS Change



vCenter A vCenter B


51


Eventually, ALL Connections Go Directly to Site B. The Process Can Be Reversed When Necessary.


vCenter B


vCenter ASuccessful Application Migration Complete


52

Online Follow-Up Resources: Long Distance VMotion Solution

• Overall F5/VMware Solution Guide• http://www.f5.com/pdf/solution-center/f5-for-virtualized-it-environments.pdf

• Online Demo• http://devcentral.f5.com/weblogs/nojan/archive/2010/02/02/introducing-long-distance-vmotion-with-vmware.aspx

• Deployment Guide• http://www.f5.com/pdf/deployment-guides/vmware-vmotion-dg.pdf

• Whitepaper• http://www.f5.com/pdf/white-papers/cloud-vmotion-f5-wp.pdf

http://www.f5.com/pdf/solution-center/f5-for-virtualized-it-environments.pdf

http://devcentral.f5.com/weblogs/nojan/archive/2010/02/02/introducing-long-distance-vmotion-with-vmware.aspx

http://www.f5.com/pdf/deployment-guides/vmware-vmotion-dg.pdf

http://www.f5.com/pdf/white-papers/cloud-vmotion-f5-wp.pdf


53

Desktop Virtualization & F5


54

Common Desktop Virtualization Challenges• User Experience

• Performance over the Wide Area Network• Access methods / complexity• Login steps / annoyance

• Security• Encryption of all WAN traffic• Unified Access (Local vs. Remote, Desktop vs. Smart Phone)• Integration with existing authentication infrastructure• Endpoint integrity inspection\

• Scalability/Availability• Scaling VDM servers without more power or rackspace• Ensuring total availability of connection brokers


55

Traditional Model is Inflexible

Users

Resources


Private Public

Cloud


56

Degree of Control

Degree of Flexibility

Outsource Everything

TraditionalInfrastructure

Finding a Better Solution

DynamicServices

Model


57

WAN

Connection ServersConnection Servers

BIG-IP Local Traffic Manager

BIG-IP Edge Gateway

BIG-IP Edge Gateway

Remote Office ClientsRemote Clients

Local LAN Clients

Local Mode Desktop

Local Mode Desktop

Primary Site

Centralized VirtualDesktops

Remote Office

Internet

Encryption (DTLS or SSL)Unencrypted RDP or Natively Encrypted PCoIP)


58

Enable Scalability by Offloading Processes from View Manager Servers

1. Improve efficiency by offloading SSL

2. HA & load balancing for View Manager servers


59

Enable Scalability to Multiple View Pods with Single Name Space


60

Bandwidth Reduction for RDP in View

LTM can also reduce bandwidth consumption up to 12:1 using its WAN Optimization Module

1. Compression2. Deduplication3. TCP Optimization4. Encryption


61

VMware Recommends UDP Native Support

• Scott Davis, CTO End User Computing Business Unit

• October 25, 2010

• http://communities.vmware.com/blogs/cto-scott/2010/10/25/a-simple-experiment

• “There are numerous ways to configure such VPN’s, however PCoIP utilizes UDP for the graphics packets and optimizes parallelism and retransmits at the higher layers of the protocol. Hence we recommend using a VPN technology that support UDP packets natively, not to tunnel the UDP traffic over TCP/IP as doing so will typically cause responsiveness issues…”

• Native UDP support is available in F5 FirePass and BIG-IP Access Policy Manager.

http://communities.vmware.com/blogs/cto-scott/2010/10/25/a-simple-experiment


62

User Experience


63

Simplify Sign-On Frustrations

Step 1Local Login

Step 2VPN Login

Step 3Desktop

Login

SSOLogin Once


64

Ongoing Logins!

At Home (wireless)

On the way to work(Aircard)

In the office(docked LAN connection)

Presenting(corporate wireless)

Constantly Re-connecting

In the Cafe(wireless)

?

?? ?

?

Simplify Restarts:


65

Simplify Restarts: Reconnect Automatically

Auto-Connect!

At Home (wireless)

On the way to work(Aircard)

In the office(docked LAN connection)

Presenting(corporate wireless)

Always Connected Application Access

In the Cafe(wireless)


66

Accelerate Connection Restarts

1

2

App InfoJSessionID

Etc.

Source IP

Send the user to his existing desktop session – much faster restarts

Proxy/NAT

Edge Gateway

Persistence to Desktop


67

Traffic QoS

View Desktops

Rate Shape to ensure client-side View traffic receives priority over client-outbound outbound traffic

Edge Clien

t

Edge Clien

t

Edge Clien

t


68

Security


69

Unify Access to the Data Center

DMZ

Use existing user directories

View Servers

BIG-IP Edge Gateway

• One solution to manage all access policies regardless of access network

• Capacity and performance to secure all user traffic• Optimizes application delivery to remote and mobile users• Improves quality of real-time applications; soft phones and

streaming media

Mobile Users

Wireless Users

Internet

Branch Office Users

Internal LANVLAN2

LAN Users

Internal LANVLAN1


70

Maintain Native PCoIP Performance

ConnectionBrokers

Mobile Users

Mac Users

Branch Office Users

LAN Users

DTLS Encryption

View Servers

DTLS Encryption

SSL Encryption

PCoIP

PCoIP

RDP

PCoI

P

Support for DTLS (UDP) encryption Support for SSL (TCP) encryption Avoids the alternative method of encapsulating UDP into TCP for SSL encryption (thus degrading UDP).


71

Unified AAA Services for View

• Pre-Logon Checks: • OS, AV, firewall, process, file, registry, extended windows info,

client and machine certs, etc.• Remediation:

• Group Policy enforcement (Corp & Non-Corp Assets)• Protected Workspace

• Intuitive, Visual Policy Editor


72

Cloud Computing & F5


73

Escaping Boundaries Between DCs

New Use Cases for Well Established Functionality

Key Technical Problems Solved:• Performance problems caused by

latency or bandwidth• Dynamic, transparent rerouting of

client traffic from site 1 to site 2• Loss of app sessions or

connections when migrating to another location

• Migration• Disaster avoidance• Capacity expansion


74

On-Demand Scalability in the Cloud

LAN

Internal Cloud External Cloud

On-DemandScaleability

Scale-up by simply plugging in a new blade.

Zero configuration

On-Premise Servers


75

Solution: Federated Authentication and Authorization

• Retain user data in private cloud

• Leverage public cloud compute resources

vCenter-1 vCenter-2

Direct auth, session creation in private cloud

Direct (authenticated) app workload to public cloud

DirectoryService


76

F5/VMware Cloud Bursting Solution(Hybrid Cloud)

Private Clouds Public Clouds

Management Management

vSphere vSphere

Hybrid Cloud

APPLoads

APPLoads

APPLoads


77

Solution Workflow

1. Begin with application in private cloud only

2. Ramp up application traffic until it exceeds performance threshold

3. “Burst” to public cloud, dynamically adding application nodes• Traffic management is globally balanced between private and

public clouds

4. Continue ramping up traffic and expanding capacity in public cloud

5. Decrease application traffic, contracting the application by removing public nodes and eventually returning to steady state in private cloud


78

Solution Architecture at a Glance

Public CloudPrivate Data Center

n+1

LTM WAN Optimization


79

Hybrid Cloud Architecture

vCenter-1 vCenter-2

Definition: Serving an application across multiple clouds, data centers, or both

Use Cases• Automated Failover• Federated Cloud Authentication• Elastic Applications

Architectural features• Global traffic management• Intelligent application and session

persistence• Network API• Global traffic policies• L7 content inspection and routing

www.f5.com/vmware

Documents

F5 VMware Solution Overview