F5 VMware Solution Overview Presented by Mike Crozier - F5 Systems Engineer
Feb 25, 2016
F5 VMware Solution Overview
Presented by
Mike Crozier - F5 Systems Engineer
© F5 Networks, Inc.
22
F5 is the leader in Application Delivery Networking
Users
What:PCLaptopHome PCPDAKioskMobile
Where:LANHomeBranch / WANRoad / WAN
Private Users
Public UsersFrom What:PCLaptopHome PCPDAKioskMobile
Who:CustomersPartnersSuppliersConsultants
Data Center
© F5 Networks, Inc.
3Overview Portfolio Releases Hot Topics Solutions
Gartner Magic Quadrant for ADC
Source: Gartner (November 2010)
F5 Networks• F5 Networks has a broad and comprehensive
vision with industry-leading understanding of the needs of application development, deployment and management.
• The vendor has a comprehensive feature set with a full range of extensibility delivered through iRules and iControl, and integration with popular integrated development environments (IDEs), such as Eclipse and .NET/Visual Basic.
• F5 has developed a very large community of committed users (using F5's DevCentral portal) that helps fuel the use of iRules to solve unique data center application challenges, creating a loyal and engaged user base.
• F5 has a solid financial position and continued market-leading position (47% market share).
Source: Gartner, Inc.
More
© F5 Networks, Inc.
4
F5 in WW ADC Market for Q410
Q410 Gartner ADC Market Share
Cisco16.7%
F5 NETWORKS44.9%
Others16.1%
Radware8.1%
Citrix14.2%
Q410 ADC* Market Share Leaders
– F5 : 44.9%– Cisco: 16.7%– Citrix: 14.2%
Q410 ADC Market Share Revenue Leaders
– F5: $164.3 Million– Cisco: $61 Million– Citrix: $52 Million
Q410 ADC Q/Q Revenue Growth– F5: 2.1%– Cisco: 45.2%– Citrix: 4.0%
Q410 ADC Total Market Numbers– Revenue: $365.7 Million– Q/Q Revenue Growth: 9.4%
*Application Delivery Controller (ADC) Segment Includes: Server Load Balancing/Layers 4-7 Switching and Advanced (Integrated) Platforms. Graphic created by F5 based on Gartner data.
Gartner, Inc. Market Share: Application Acceleration Equipment, Worldwide, 4Q10 and 2010, Joe Skorupa, Nhat Pham, 3 March 2011
© F5 Networks, Inc.
5
F5 Local Customers
© F5 Networks, Inc.
6
F5 Canberra Office & Local Depot
• Located at “The Realm” in Barton• Local Depot in Hume (RMA Services)
© F5 Networks, Inc.
7
Application Delivery Services
Application Delivery Networking• The introduction of a tiered application delivery layer
provides the delivery of common services in a consistent manner..
7
Core Networking Services.
Application Services
RoutingSwitching
Load-Balancing Web Acceleration Traffic Shaping Intrusion
Prevention
Access Control
Business Logic
Security
DR/HA
Business Logic Business Logic Business Logic Business Logic
Proxy Cache Compression
© F5 Networks, Inc.
8
Traditional Architecture is Inflexible
Users
Resources
Physical Virtual Multi-Site DCs
Private Public
Cloud
© F5 Networks, Inc.
9
What’s Needed:
Users
Resources
Physical Virtual Multi-Site DCs
Private Public
Cloud
Dynamic Services Model:Reusable services that understand context and can provide control
regardless of application, virtualization, user, device, platform or location
© F5 Networks, Inc.
1010
TMOS Unique Architecture
Client
SSL
Com
pres
sion
ClientSide
ServerSide
TCP
Expr
ess
ServerTCP
Expr
ess
Cach
ing
Microkernel
TMOS traffic plug-insHigh-performance networking microkernelPowerful application protocol supportiControl – external monitoring and controliRules – network programming language
High Performance HWiRules
iControl API
TCP Proxy
OneC
onne
ct
XML
Rate
Sha
ping AP
M, A
SM
Web
Acc
el
3rd P
arty
ApplicationDeliveryNetwork
© F5 Networks, Inc.
11
Platform Line-up
400k L7 RPS175K L4 CPS4G L7/L4 TPUT
BIG-IP 3900600k L7 RPS220K L4 CPS6G L7/L4 TPUT
BIG-IP 6900
1.2M L7 RPS400K L4 CPS
Up to 20G TPUT
BIG-IP 8900/8950 2.5M L7 RPS1M L4 CPS
Up to 42G TPUT
BIG-IP 11050
100k L7 RPS60K L4 CPS
1G L7/L4 TPUT
BIG-IP 1600 135k L7 RPS115K L4 CPS2G L7/L4 TPUT
BIG-IP 3600
Application Switch
VIPRION 2400
4M L7 RPS1.6M L4 CPS
80G/160G - L7/L4 TPUT
VIPRION 4400
6.4M L7 RPS2.8M L4 CPS
80G L7/L4 TPUT
VIPRION Chassis
Production
1 Gbps
Lab
200 Mbps
Virtual Editions
© F5 Networks, Inc.
12
BIG-IP Virtual Edition
• Available as a trial, developer or production editions
• Runs on any server compatible with ESX
• Managed just like a physical LTM
• Same functionality.
ESX v4, ESXi v4
© F5 Networks, Inc.
13
It Starts with Local Traffic ManagementEnsure availability and plan for growth
TransactionAssurance
High PerformanceHardware
Dynamic LBMethods
Session Persistence
Application Health Monitoring
LTM load balances at the application level
• Ensures the best resources are always selected
• Has deep visibility into application health
• Proactively inspects and responds to errors
Eliminate downtime and scale the application
© F5 Networks, Inc.
14
Secure the Applications and Data
Security at Application, Protocol and Network Level
• Meet compliance requirements (PCI, HIPAA, etc.)
• Strong protection without interrupting legitimate traffic
Resource Cloaking and
Content Security
Network and Protocol Attack
Prevention
Application Security Manager
Access Policy Manager(add-on modules)
Selective Encryption
“BIG-IP enabled us to improve security instead of having to invest time and money to develop a new more secure application”
Application MangerGlobal 5000 Media and Entertainment Company
TechValidate 0C0-126-2FB
© F5 Networks, Inc.
15
Let Servers Serve
LTM offloads tasks from application servers
• Reduce the number of servers required
• Centralized SSL key management
One ConnectFast CacheSSL OffloadCompression
1/2 of BIG-IP owners have saved 20% or more on their total Capital Expenses with BIG-IP
Source: TechValidate Survey of F5 BIG-IP Users
© F5 Networks, Inc.
16
OneConnect ™ – Connection Pooling
Increase server capacity by 30% – Aggregates massive number of client requests into fewer server
side connectionsTransformations from HTTP 1.0 to 1.1 for Server Connection ConsolidationMaintains Intelligent load balancing to dedicated content servers
Good Sources: http://tech.f5.com/home/bigip/solutions/traffic/sol1548.htmlhttp://www.f5.com/solutions/archives/whitepapers/httpbigip.html
© F5 Networks, Inc.
17
Symmetric Compression• Adaptive• Deflate• LZO
SSL Encryption
Integrated and free with BIG-IP LTM v10+
Secure & Optimized Tunnel between Cloud & DC “BIG-IP iSessions”
© F5 Networks, Inc.
18
Multi-Tenancy“Route Domains”
BIG-IP v10+: Managing Networks in the Cloud
• Host multiple departments/organizations on one BIG-IP without conflicts
• Granular control to provide separate routing domains and overlapping IPs
Department A Department B
© F5 Networks, Inc.
19
F5 iApp: How it worksiApp templates allow for business policy-driven configuration and IT collaboration
iApp drives automation and provisioning
Changes can quickly be made and re-applied
iApps are portable between F5 devices enabling rapid migration
Every service is reusable
© F5 Networks, Inc.
20
BIG-IP V10 Managing Objects & ServicesBIG-IP V11 Managing Application Services
© F5 Networks, Inc.
21
BIG-IP V11 Managing Application Services
F5 iAPPs:Managing application services … not network devices or objects.
© F5 Networks, Inc.
22
Saves (Minimum)= 14 days to research (Exch)= 14-21 days to research (F5)= 5 days to setup test environment (Exch)= 3 days to setup test environment (F5) = 30 days to test (Exch/F5)= 1 day implementation (Exch/F5)
Stats= 100 pages of configuration= 1200 steps = 20% inputs
Costs= 2 hours to read guide= 8 hours to gather inputs= 8 hours to configure =100 % chance of misconfigurations
V10 Deployment Guide Exchange 2010
© F5 Networks, Inc.
23
F5 and VMware
© F5 Networks, Inc.
24
VMware & F5 Market Leaders
© F5 Networks, Inc.
25
Recent Highlights
• F5 named Global Technology Innovator Partner of the Year VMware awards highest honor to F5 at 2011 Partner
Exchange Recognition for deep integration and solution
development
• “VMware-Ready” certifications BIG-IP Virtual Edition
• Recent Releases View desktop solution (Edge Gateway and APM for
LTM VE) vCloud Director – joint cloud bursting solution Management Plug-in for vSphere
© F5 Networks, Inc.
26
Common Practical Issues
How can I provision more seamlessly?
How can I make application performance better?
How can I automate more administrative tasks?
How can I simplify network configuration for VMs?
How can I take full advantage of VMotion?
How can I secure my virtual desktop deployments?
How can I streamline virtual desktop access steps?
© F5 Networks, Inc.
27
Server Virtualization & F5
© F5 Networks, Inc.
28
Improving VM Density
Typical virtualized server
SSL Caching Compression One Connect TCP Optimization
Offload
Same serverwith BIG-IP
© F5 Networks, Inc.
29
Automating Network Changes: vCenter
• BIG-IP LTM & VMware vCenter can be integrated for automatic provisioning of local VMs on demand
• Respond to changes in traffic volume
• Provision to mean rather than peak
• Reduce manual labor
© F5 Networks, Inc.
30
Web Clients
FrontEnd
AppServers Virtualization
App. Server App. Server App. Server
Storage Virtualization
Frontends VirtualizationBIG-IP LTM
BIG-IP LTM
FrontEnd FrontEnd
Web Clients
iControl
iControl
vCenter
+
AppSpeed
(optional)
Demand ↑ ↑ ↑
F5 Provision
Detection
Automation
VM Provision
Demand ↓ ↓ ↓
VM Deprovision
Detection
AutomationF5 Deprovision
Illustration: LTM & vCenter Integration
Mon
itorin
g &
Man
agem
ent
© F5 Networks, Inc.
31
Automating Network Changes: SRM
• BIG-IP GTM & VMware SRM integrated to enable failover between sites
• GTM makes traffic follow SRM failover
• Automatic
• Minimize Application Downtime
© F5 Networks, Inc.
32
Automating Network Changes:Inter-Data Center Traffic Management
• Serving an application across multiple data centers
• Cloud Bursting
• Automated Failover
• Global Traffic Optimization
• Intelligent Persistence
• Federated Cloud Authentication
• Control via • iControl API• Pre-defined global traffic policies• iRules
BIG-IP Global Traffic Manager
vCenter-1 vCenter-2
© F5 Networks, Inc.
33
Illustration: GTM & SRM Integration
SRM Failover
Ongoing Replication
(a) GTM Health checks reveal unhealthy site 1.
(b) GTM self-executes a redirection to site 2.
Site 1 Site 2
© F5 Networks, Inc.
34
F5 Management Plug-In for vSphere
© F5 Networks, Inc.
35
F5 Management Plug-In for vSphere
• Free Software Plug-In for VMware vSphere
• Attaches to vCenter Server – modifies vSphere Client GUI
• Operates with both physical and virtual LTM editions
• Streamlines the administrative steps of adding VM nodes from load balancing pools
• Automates actions based on pre-defined policies
• Reduces risk of error
• Reduces manual effort
• Officially supported by F5 (in it’s unmodified state)
© F5 Networks, Inc.
36
vSphere Client GUI
© F5 Networks, Inc.
37
Example: Right-Click VM and disable VM via BIG-IP
© F5 Networks, Inc.
38
Long Distance VMotion
Detailed Review
© F5 Networks, Inc.
39
Escaping Boundaries Between DCs
New Use Cases for Well Established Functionality
Key Technical Problems Solved:• Performance problems caused by
latency or bandwidth• Network retransmission of client
traffic from site 1 to site 2• Loss of app sessions when
migrating to another location
• Migration• Disaster avoidance• Capacity expansion
© F5 Networks, Inc.
40
How it works – the fundamental steps
1. Storage VMotion to Site 2
2. VMotion to Site 2
3. LTM routes incoming connections for existing sessions to Site 2 VM
4. GTM routes new connections to Site 2
5. Register host and VM in vCenter Site 2 (optional)
© F5 Networks, Inc.
41Logical representation, not physical
vCenter Server
InternetEtherIP Tunnel EtherIP Tunnel
© F5 Networks, Inc.
42
Acceleration & Encryption• F5 testing results of common bandwidth/latency combinations
• iSessions™ or WAN Optimization Module™ (WOM)
• SSL encryption
• Acceleration: TCP Optimization, Deduplication, Compression
• Able to successfully VMotion in conditions where previously failedBandwidth (Mbps)
Link Latency (RTT ms)
Link Packet Loss (%)
Average Time without WOM
in Minutes
Average Time
with WOM in Minutes
Acceleration Factor
45 (T3) 100 0% 13:43 3:35 3.8X
100 25 0% 6:10 1:18 4.7X
155 (OC3) 100 0% 13:25 3:29 3.9X
622 (OC12) 40 0% 5:57 1:57 3.1X
1000 (Ethernet)
20 0% 2:38 0:38 3.5X
© F5 Networks, Inc.
43
BIG-IP LocalTraffic Manager
Initial Environment
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
© F5 Networks, Inc.
44
BIG-IP LocalTraffic Manager
Step 1: F5 BIG-IP Local Traffic Manager Opens WAN Optimization Tunnel
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
1• Compressed• De-Duplicated• Encrypted
© F5 Networks, Inc.
45
BIG-IP LocalTraffic Manager
Step 2: Storage VMotion Executed Across WAN Optimized Tunnel
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
2 This step can be avoided if storage is already being synchronously
replicated between sites
© F5 Networks, Inc.
46
BIG-IP LocalTraffic Manager
Step 2: Pending App VMotion, transactions rely on VM in Site A, but Storage in Site B
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
vCenter A still managing VM
© F5 Networks, Inc.
47
BIG-IP LocalTraffic Manager
Step 3: Application VMotion Executed Over WAN Optimized Tunnel
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
3
© F5 Networks, Inc.
48
BIG-IP LocalTraffic Manager
Step 4: GTM health checks register the move, and Cut Over to Site-B
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
4
© F5 Networks, Inc.
49
BIG-IP LocalTraffic Manager
F5 BIG-IP Global Traffic Manager Routes All NEW Application Connections/Sessions Directly to Site B.
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
© F5 Networks, Inc.
50
BIG-IP LocalTraffic Manager
F5 BIG-IP Local Traffic Manager in Site A retransmits incoming connections for EXISTING Sessions to Site B Until Clients Register DNS Change
BIG-IP Global Traffic Manager
BIG-IP LocalTraffic Manager
vCenter A vCenter B
© F5 Networks, Inc.
51
BIG-IP LocalTraffic Manager
Eventually, ALL Connections Go Directly to Site B. The Process Can Be Reversed When Necessary.
BIG-IP Global Traffic Manager
vCenter B
BIG-IP LocalTraffic Manager
vCenter ASuccessful Application Migration Complete
© F5 Networks, Inc.
52
Online Follow-Up Resources: Long Distance VMotion Solution
• Overall F5/VMware Solution Guide• http://www.f5.com/pdf/solution-center/f5-for-virtualized-it-environments.pdf
• Online Demo• http://devcentral.f5.com/weblogs/nojan/archive/2010/02/02/introducing-long-distance-vmotion-with-vmware.aspx
• Deployment Guide• http://www.f5.com/pdf/deployment-guides/vmware-vmotion-dg.pdf
• Whitepaper• http://www.f5.com/pdf/white-papers/cloud-vmotion-f5-wp.pdf
© F5 Networks, Inc.
53
Desktop Virtualization & F5
© F5 Networks, Inc.
54
Common Desktop Virtualization Challenges• User Experience
• Performance over the Wide Area Network• Access methods / complexity• Login steps / annoyance
• Security• Encryption of all WAN traffic• Unified Access (Local vs. Remote, Desktop vs. Smart Phone)• Integration with existing authentication infrastructure• Endpoint integrity inspection\
• Scalability/Availability• Scaling VDM servers without more power or rackspace• Ensuring total availability of connection brokers
© F5 Networks, Inc.
55
Traditional Model is Inflexible
Users
Resources
Physical Virtual Multi-Site DCs
Private Public
Cloud
© F5 Networks, Inc.
56
Degree of Control
Degree of Flexibility
Outsource Everything
TraditionalInfrastructure
Finding a Better Solution
DynamicServices
Model
© F5 Networks, Inc.
57
WAN
Connection ServersConnection Servers
BIG-IP Local Traffic Manager
BIG-IP Edge Gateway
BIG-IP Edge Gateway
Remote Office ClientsRemote Clients
Local LAN Clients
Local Mode Desktop
Local Mode Desktop
Primary Site
Centralized VirtualDesktops
Remote Office
Internet
Encryption (DTLS or SSL)Unencrypted RDP or Natively Encrypted PCoIP)
© F5 Networks, Inc.
58
Enable Scalability by Offloading Processes from View Manager Servers
1. Improve efficiency by offloading SSL
2. HA & load balancing for View Manager servers
© F5 Networks, Inc.
59
Enable Scalability to Multiple View Pods with Single Name Space
© F5 Networks, Inc.
60
Bandwidth Reduction for RDP in View
LTM can also reduce bandwidth consumption up to 12:1 using its WAN Optimization Module
1. Compression2. Deduplication3. TCP Optimization4. Encryption
© F5 Networks, Inc.
61
VMware Recommends UDP Native Support
• Scott Davis, CTO End User Computing Business Unit
• October 25, 2010
• http://communities.vmware.com/blogs/cto-scott/2010/10/25/a-simple-experiment
• “There are numerous ways to configure such VPN’s, however PCoIP utilizes UDP for the graphics packets and optimizes parallelism and retransmits at the higher layers of the protocol. Hence we recommend using a VPN technology that support UDP packets natively, not to tunnel the UDP traffic over TCP/IP as doing so will typically cause responsiveness issues…”
• Native UDP support is available in F5 FirePass and BIG-IP Access Policy Manager.
© F5 Networks, Inc.
62
User Experience
© F5 Networks, Inc.
63
Simplify Sign-On Frustrations
Step 1Local Login
Step 2VPN Login
Step 3Desktop
Login
SSOLogin Once
© F5 Networks, Inc.
64
Ongoing Logins!
At Home (wireless)
On the way to work(Aircard)
In the office(docked LAN connection)
Presenting(corporate wireless)
Constantly Re-connecting
In the Cafe(wireless)
?
?? ?
?
Simplify Restarts:
© F5 Networks, Inc.
65
Simplify Restarts: Reconnect Automatically
Auto-Connect!
At Home (wireless)
On the way to work(Aircard)
In the office(docked LAN connection)
Presenting(corporate wireless)
Always Connected Application Access
In the Cafe(wireless)
© F5 Networks, Inc.
66
Accelerate Connection Restarts
1
2
App InfoJSessionID
Etc.
Source IP
Send the user to his existing desktop session – much faster restarts
Proxy/NAT
Edge Gateway
Persistence to Desktop
© F5 Networks, Inc.
67
Traffic QoS
View Desktops
Rate Shape to ensure client-side View traffic receives priority over client-outbound outbound traffic
Edge Clien
t
Edge Clien
t
Edge Clien
t
© F5 Networks, Inc.
68
Security
© F5 Networks, Inc.
69
Unify Access to the Data Center
DMZ
Use existing user directories
View Servers
BIG-IP Edge Gateway
• One solution to manage all access policies regardless of access network
• Capacity and performance to secure all user traffic• Optimizes application delivery to remote and mobile users• Improves quality of real-time applications; soft phones and
streaming media
Mobile Users
Wireless Users
Internet
Branch Office Users
Internal LANVLAN2
LAN Users
Internal LANVLAN1
© F5 Networks, Inc.
70
Maintain Native PCoIP Performance
ConnectionBrokers
Mobile Users
Mac Users
Branch Office Users
LAN Users
DTLS Encryption
View Servers
DTLS Encryption
SSL Encryption
PCoIP
PCoIP
RDP
PCoI
P
Support for DTLS (UDP) encryption Support for SSL (TCP) encryption Avoids the alternative method of encapsulating UDP into TCP for SSL encryption (thus degrading UDP).
© F5 Networks, Inc.
71
Unified AAA Services for View
• Pre-Logon Checks: • OS, AV, firewall, process, file, registry, extended windows info,
client and machine certs, etc.• Remediation:
• Group Policy enforcement (Corp & Non-Corp Assets)• Protected Workspace
• Intuitive, Visual Policy Editor
© F5 Networks, Inc.
72
Cloud Computing & F5
© F5 Networks, Inc.
73
Escaping Boundaries Between DCs
New Use Cases for Well Established Functionality
Key Technical Problems Solved:• Performance problems caused by
latency or bandwidth• Dynamic, transparent rerouting of
client traffic from site 1 to site 2• Loss of app sessions or
connections when migrating to another location
• Migration• Disaster avoidance• Capacity expansion
© F5 Networks, Inc.
74
On-Demand Scalability in the Cloud
LAN
Internal Cloud External Cloud
On-DemandScaleability
Scale-up by simply plugging in a new blade.
Zero configuration
On-Premise Servers
© F5 Networks, Inc.
75
Solution: Federated Authentication and Authorization
• Retain user data in private cloud
• Leverage public cloud compute resources
vCenter-1 vCenter-2
Direct auth, session creation in private cloud
Direct (authenticated) app workload to public cloud
DirectoryService
© F5 Networks, Inc.
76
F5/VMware Cloud Bursting Solution(Hybrid Cloud)
Private Clouds Public Clouds
Management Management
vSphere vSphere
Hybrid Cloud
APPLoads
APPLoads
APPLoads
© F5 Networks, Inc.
77
Solution Workflow
1. Begin with application in private cloud only
2. Ramp up application traffic until it exceeds performance threshold
3. “Burst” to public cloud, dynamically adding application nodes• Traffic management is globally balanced between private and
public clouds
4. Continue ramping up traffic and expanding capacity in public cloud
5. Decrease application traffic, contracting the application by removing public nodes and eventually returning to steady state in private cloud
© F5 Networks, Inc.
78
Solution Architecture at a Glance
Public CloudPrivate Data Center
n+1
LTM WAN Optimization
© F5 Networks, Inc.
79
Hybrid Cloud Architecture
vCenter-1 vCenter-2
Definition: Serving an application across multiple clouds, data centers, or both
Use Cases• Automated Failover• Federated Cloud Authentication• Elastic Applications
Architectural features• Global traffic management• Intelligent application and session
persistence• Network API• Global traffic policies• L7 content inspection and routing
www.f5.com/vmware