Software Define Application Services

Transcription

Software Define Application Services
SDAS
Software Define Application Services
Philippe Bogaerts
F5 MISSION
Deliver the most secure, fast,
and reliable applications to anyone
anywhere at any time.
© F5 Networks, Inc
2
Advanced
threats
SDDC/Cloud
Mobility
© F5 Networks, Inc
“Software defined”
everything
Internet of
Things
HTTP is the
new TCP
3
The Evolution of F5
4
3
2
1
© F5 Networks, Inc.
Inc
Software Defined Application Services
Cloud Ready
Broadened Application Services
Application Delivery Controller
4
Software Defined Application Services Elements
High-Performance
Services Fabric
Simplified
Business Models
© F5 Networks, Inc
5
High-Performance Services Fabric
Virtual Edition
Network
Appliance
Chassis
[Physical • Overlay • SDN]
High-Performance Services Fabric
On-Demand Scaling
All-Active Clustering
Multi-Tenancy
TMOS
TMOS
TMOS
ScaleN
Network
[Physical • Overlay • SDN]
TMOS
High-Performance Services Fabric
Throughput
*40K when combining
admin instances with vCMP
Connections
per second
Network
Concurrent
connections
Multi-tenant
instances per device
[Physical • Overlay • SDN]
Device service
clusters
High-Performance Services Fabric
Programmability
Data Plane
Virtual Edition
Network
Control Plane
Appliance
Management Plane
Chassis
[Physical • Overlay • SDN]
High-Performance Services Fabric
Programmability
Data Plane
Virtual Edition
Network
Control Plane
Appliance
Management Plane
Chassis
[Physical • Overlay • SDN]
The F5 BIG-IQ Vision
BIG-IQ
BIG-IP
BIG-IP
Data Center
© F5 Networks, Inc
Hybrid Cloud
Public Cloud
11
Intelligent Services Orchestration
Orchestration
Connectors
Fabric Connectors
BIG-IQ
Module Connectors
Cloud Connectors
BIG-IQ Family of Modules
BIG-IQ Framework
BIG-IP Devices
© F5 Networks, Inc
13
F5 for VMware
F5 and VMware
TECHNOLOGY ALLIANCE PARTNERS
•  8+ year partnership
•  VMware 2014 Technology Alliance Partner
of the Year
JOINT VISION
Enable customers to deliver an architecture
that:
•  Meets today’s business expectations,
•  AirWatch 2014 Enterprise Mobility
Innovation Excellence Award
•  Helps organizations transform data
center economics, and;
•  VMware 2014 Best Cloud Management
Marketplace Solution Award for Cloud
Automation category
•  Increases application deployment
and management agility.
•  Joint development of solutions to address
customer demands
F5 and VMware Solutions at a Glance
Software-Defined Data Center
Network
Virtualization
End-User
Computing
Management
Hybrid
Cloud
F5 for End-User Computing
Challenges
External Clients
View and AirWatch Clients
•  Consumer demand for BYOD
•  Secure access of data to devices; access to apps at
anytime/anywhere
•  Need simple, standardized and low cost solutions to
manage data, desktops, devices and applications
•  Multiple gateways for desktop virtualization and mobile
devices
Solution
F5 and VMware optimize the user experience for maximum
performance, availability, scalability, and security of
applications to devices at anytime, anywhere.
•  Secure access to devices, apps at anytime/anywhere
•  Simplified and cost-efficient deployment
•  Optimize a secure, available, and scalable VDI deployment
•  Easy enforcement of policies for mobile devices
© F5 Networks, Inc
On-premise and Cloud
DMZ
Internal
SSL Decryption
Authentication
High Availability
PCoIP Proxy
Connection Servers
APM
Desktops
17
F5 for Management
F5 Management Plug-in for VMware vRealize Orchestrator*
provides integrated workflows and actions in support
of F5 BIG-IP Platform.
Challenges
•  Orchestration can be repetitive and time-consuming
•  Capacity or configuration issues are common
•  Orchestration tasks often performed by specialist teams
rather than application administrators
Solution
•  Streamline the provision of BIG-IP services in minutes
including adding, modifying, and deleting local and global
load balancing
•  Automate server maintenance and reduce accidental
misconfiguration
•  Provision and scale services automatically and dynamically
*Formerly known as VMware vCenter Orchestrator
© F5 Networks, Inc
18
F5 for Hybrid Cloud
Challenges
• 
User experience dependent on Geo-location
• 
• 
Downtime during disaster impacts business
Changing network and user volumes impact application performance
• 
Challenges in implementation of business policies on
application traffic
• 
Difficult to maintain persistent user connections across App
& data centers
Solution - BIG-IP Global Traffic Manager (GTM)
on vCloud Air
• 
• 
• 
• 
• 
Seamless application failover and disaster recovery,
preventing downtime
Direct users to the nearest data center that will provide the best
application experience
Route traffic based on changing network and user volume conditions
Provide application availability between on premises application
deployment and vCloud Air deployment
Provide a single, global namespace for user connections
© F5 Networks, Inc
19
F5 for Hybrid Cloud
Challenges
• 
Inconsistent application availability
• 
• 
Poor application performance negatively impacts business
Threats to applications including exposure to outages, data theft, and
lost customers
Solutions - BIG-IP Local Traffic Manager (LTM) and
Application Security Manager (ASM) on vCloud Air
• 
Scalable application delivery for reduced downtime
• 
Improved application performance and high availability with advanced
application health monitoring, adaptive compression, and SSL offload
Protects against SQL injection, cross-site scripting, crippling DDoS
attacks – all with centralized visibility and control
Provides same level of security in vCloud Air as I the data center
• 
• 
© F5 Networks, Inc
20
SSL Crypto Offload for Hybrid Deployments
SSL Crypto Offload for hybrid deployments
User
•  Offload SSL traffic from your Virtual
Edition to your hardware platform
•  Achieve the maximum SSL performance of
your virtual license
•  Free up Virtual Edition CPU utilization for
other application services
•  Also available for low end appliances and
legacy BIG-IP devices
SSL Crypto Offload
All Application Services
Except SSL
SSL Acceleration
+ SSL Crypto Offload
SSL Traffic Only
for Offload
F5 Hardware
Multiple
BIG-IP Virtual Editions
High Performance
High Capacity SSL
Applications
© F5 Networks, Inc
21
F5 for Network Virtualization: VMware NSX
Challenges
Admin
•  Operational agility at the network services
(Application Delivery Networking [ADN]) layer
Cloud Management
& Orchestration
•  Operational agility for application-specific services
for acceleration, availability, and security
(a rich Layer 7 protocol)
NSX
Manager
•  Delivering a consistent consumer experience without
consuming IT resources better spent on strategic projects
NSX
Management
Solution
Rapidly delivery layer 2-7 network and software defined
application services in the software-defined data center
(SDDC). Integration between F5 and VMware NSX eliminates
the disconnect between network service management and
application delivery service management.
•  Simplify operations for a single management solution
Generic
Platform
iApps
Application Services
User
NSX
Edge
BIG-IP
Platform
Generic
Platform
NSX
vSwitch
Application
Workloads
Deploying L3–L7 Services
•  Increase efficiency by pooling and optimizing resources
•  Speed time to market and automate repeatable tasks
© F5 Networks, Inc
22
Operationalize the Network
•  Key driver: Operational simplicity
•  VMware NSX & F5 joint solution
•  Leverage advanced F5 ADC options
inside NSX model
•  Operational model of a VM for ADC
services
•  Enable choice of virtual or physical F5
appliances within NSX
•  Simplicity to move current applications
load balanced by F5 to an NSX
environment
•  Leverage NSX service insertion
capabilities to integrate F5 ADC
services
Tenant
L2
L2
L2
L2
L2
L2
© F5 Networks, Inc.
23
Application ADC for the App Owner
App owner: "I want an F5 VIP and an iApp
template, to front-end my pool of servers”
Tenant
L2
L2
L2
L2
L2
L2
Operational Simplicity
•  Auto configuration, deployment, and
licensing of BIG-IP at time of application
provisioning
•  Consistent policy across physical and
virtual appliances
Deployment Agility
•  Application-specific acceleration and
service delivery for multi-tier applications
•  Workload mobility, and optimization
without service re-location
Ease of Consumption
•  Integrated management plane for NSX
and F5
•  Cloud Management Platform-based
multi-tier application provisioning
How to integrate BIGIP VE or hardware
© F5 Networks, Inc.
CONFIDENTIAL
25
BIGIP and BIGIQ in the NSX model
© F5 Networks, Inc.
CONFIDENTIAL
26
BIG IQ – License Pool Configuration
© F5 Networks, Inc.
CONFIDENTIAL
27
BIG IQ – Create NSX Connector
© F5 Networks, Inc.
CONFIDENTIAL
28
Example: F5: F5 ADN is available as an NSX service
§  Big-IQ registers with NSX Manager and uploads iApps.
§  The F5 services shows on NSX Manager Services catalog
BIG IQ – Create BIG IQ Tenant
© F5 Networks, Inc.
CONFIDENTIAL
30
BIG IQ – Create BIG IQ Catalogue
Catalogue Example
F5_HTTP_Advanced
•  Enter F5_HTTP_Advanced for the name
•  Select F5-NSX Connector from the Cloud
Connector drop down list
•  Select f5.http from the Application
•  Under Advanced Properties mark the
following fields as Tenant Editable
Are the web server configured to use
NTPL authentication?
Which compression profile do you want
to use?
Which Web Acceleration profile do you
want to use for caching?
What HTTP URI should be sent to the
server?
•  Select Save
© F5 Networks, Inc.
CONFIDENTIAL
31
BIG IQ – Validating Catalogue in NSX Manager
From NSX Home -> Service Definitions, double-click on BIG-IQ Connector, Manage -> Profile Configurations
© F5 Networks, Inc.
CONFIDENTIAL
32
F5 LB Service Insertion in NSX
NSX LB– Deploy 2 Web Servers in NSX
Configure Pool & VIP
© F5 Networks, Inc.
CONFIDENTIAL
34
NSX LB– Create Pool
From NSX Home -> NSX Edges, double-click on Edge, go under Manage -> Load Balancer -> Pools
Note: The fields “Algorithm”, “Algorithm Parameters”, “Monitors”, “Transparent” can be left as default since
they are not used (information is taken from BIG-IQ Catalog).
© F5 Networks, Inc.
CONFIDENTIAL
35
NSX LB– Create VIPs – Advanced HTTP Profile
From NSX Home -> NSX Edges, double-click on Edge, go under Manage -> Load Balancer -> Virtual Servers
select the green + symbol to add a new VIP
© F5 Networks, Inc.
CONFIDENTIAL
36
NSX LB– Validate Application Creation in BIG IQ
From BIG-IQ Cloud -> Applications
© F5 Networks, Inc.
CONFIDENTIAL
37
Questions?
© F5 Networks, Inc
CONFIDENTIAL
38
Solutions for an Application World.