BIG-IP V10.1 Advanced ADC New ADC services deliver unmatched control and savings for next generation data centers
BIG-IP Advanced ADC Access Policy Manager
Jun 12, 2015
The powerful new BIG-IP release offers a rich set of advanced services providing unparalleled control and up to 10 times CapEx and OpEx reductions for enterprises, as well as service and cloud providers. BIG-IP v10.1 enables organizations to: (1) Reduce CapEx and OpEx through centralized, granular access control using the new BIG-IP Access Policy Manager™; (2) Improve end-user experience and enhance security by creating policies based on user location with IP geolocation services integrated into TMOS; (3) Reduce bandwidth costs and improve disaster recovery through accelerated data transfers with the new BIG-IP WAN Optimization Module™; (4) Deploy applications faster by leveraging new Application Ready Templates for SAP and Microsoft Exchange Server 2010
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
BIG-IP V10.1Advanced ADC
New ADC services deliver unmatched controland savings for next generation data centers
2
F5 Vision: Unified Application & Data Delivery
Context-Aware Networking
Corporate EmployeesLAN & WLAN Mobile
EmployeesCustomer, Partners,
or Suppliers
Branch Employees
LAN & WLANRemote
Employees
Cloud Services Hosted Applications CorporateData Center
SAAS Apps and Datain the Branch
Enables the Dynamic Infrastructure
3
Geolocation Based Services in BIG-IP
• All TMOS products include integrated GeolP Database
• Powerful geographic based policy control– GSLB enhanced– Filtering, Redirection, Reporting, and iRules Control (New)
• Provided by Quova™– Continent, country, state/region attributes– 2.7 billion routable IP addresses – Accurate / Updateable
4
BIG-IP Access Policy Manager (APM)
Consolidated and centralized access policy enforcement
L4 – L7 full proxy access control at BIG-IP speeds
Advanced endpoint security
VPE Rules – iRules style interface for custom access policies
TMOS / BIG-IP modules Integrates on the ADC
Bringing Identity, Authentication, and Access Control to BIG-IP
5
Proxy Web Servers
App 1
App 2
App 3
1
1 Code in the Application• Costly, difficult to change• Not repeatable, less secure
Agents on Servers• Difficult to manage• Not interoperable or secure• Decentralized and costly
2
2
3 Specialized Access Proxies• Doesn’t scale and not reliable• More boxes and expensive
App n
3
Policy Manager Directory
Authentication Alternatives Today
6
BIG-IP benefits:
• Reduce costs and complexity
• Gain superior scalability and high availability
• Enforce L4 – L7 ACLs at BIG-IP LTM speeds
Proxy Web Servers
App 1
App 2
App 3
App n
LTM +
APM
Policy Manager Directory
A Better Alternative – BIG-IP LTM + APM
7
Additional benefits:
• Endpoint inspection
• Virtualization for the Application and Directory
• Web application security
• Web application accelerationEndpoint
Security ChecksEndpoint
Security Checks
Web Servers
App 1
App 2
App 3
Policy Manager Directory
App n
Virtualization(HA, Scale, LB)
Virtualization(HA, Scale, LB)
ASM or
WA
LTM +
APM +
Richer Application Delivery
8
• Customer has 200 apps• Requires 2 Oracle Proxy’s per app or 400 servers
• CAPEX: $4K per server includes proxy software (give away), hardware, and OS
• OPEX: $3K per server
• LB required for high availability
Web App
OAM Manager
OAM Directory
OAM ProxyLB
… …
App 200
App 1
Customer Planned Architecture with Oracle Access Manager (OAM)
SSL
Auth Proxy Integration – Before
9
Web AppLTM + APM
App 1
Customer Architecture with Oracle Access Manager (OAM) and BIG-IP
OAM Manager
OAM Directory
…
• Customer CAPEX savings: $1.344M• $1.6M ($4K * 400 servers) - $256K (Cost of APM)
• OPEX savings: $1.2M / year• $3K * 400 servers
Auth Proxy Integration – After
SSL
10
BIG-IP WAN Optimization Module
Step 3
Symmetric Adaptive
Compression
Step 4
SSLEncryption
Step 5
TCPOptimization
Step 2
Data De-duplication
Step 6
BandwidthAllocation
Step 1
ApplicationLayerAcceleration
OptimizedData WAN
Additional WOM (Module) Free WAN Opt Service with LTM
TMOS Optimization Services
• Industry’s fastest and most scalable for data replication– Up to10 Gbps optimized throughput (single connection)
• Most cost-effective WAN Optimization service• Different services for different applications
11
Port Authority - Fast Document Downloads
Internet
DocuShare Servers
Router Firewall
Hosted Service Provider - East CoastPort Authority - West Coast
Contractors, guest & Port Authority users
• 40MB file takes 3+ mins• 2-4Mbps of throughput
Link: 20Mbps
80ms latency0.1% loss
RouterFirewall
• Files are slow to download• Encrypting file transfer increases
download time• Not utilizing bandwidth effectively • Distance between DC’s (Latency)
Problem
SSL
12
Port Authority - Fast Document Downloads
Internet
DocuShare Servers
Router Firewall
Hosted Service Provider - East CoastPort Authority - West Coast
Contractors, guest & Port Authority users
• 9x faster • 40MB file takes
20secs• 12Mbps of
throughput
Link: 20Mbps
80ms latency0.1% loss
RouterFirewall
• Offload SSL• Utilize bandwidth more effectively• Accelerate data transfer over WAN• Mitigate the effect of latency
Solution
SSL Offload
BIG-IP LTM + WOMBIG-IP LTM + WOM
iSessions
13
BIG-IP – Next Generation ADC Services
Expanding Integrated ADC Market.
Access Policy ManagerSimplify and reduce AAA and Web Access costs up to 90%
Geolocation Based ServicesImprove global Application control and performance
Integrated WAN Optimization ServicesDC to DC – Reduce WAN costs and improve performance
Related Documents
