Presentation is loading. Please wait.

Presentation is loading. Please wait.

© F5 Networks, Inc. 1 F5 User’s Group September 13 th 2011 Agenda  TMOS version 11  New features and overview  Demo vCMP  Demo and discuss iApps 

Similar presentations


Presentation on theme: "© F5 Networks, Inc. 1 F5 User’s Group September 13 th 2011 Agenda  TMOS version 11  New features and overview  Demo vCMP  Demo and discuss iApps "— Presentation transcript:

1 © F5 Networks, Inc. 1 F5 User’s Group September 13 th 2011 Agenda  TMOS version 11  New features and overview  Demo vCMP  Demo and discuss iApps  User discussion – iRules  Survey and suggestions for next meeting  Bowling and/or game play

2 V11 - Revolution

3 © F5 Networks, Inc. 3 Analytics – URL Load Times

4 © F5 Networks, Inc. 4 Analytics – TPS per URL

5 © F5 Networks, Inc. 5 Analytics – Request Throughput per URL

6 © F5 Networks, Inc. 6 Analytics – Response Throughput per URL

7 © F5 Networks, Inc. 7 Statistics and Reporting Per Virtual Server CPU Stats and Profile Stats * Improved Visibility for Each Virtual Service

8 © F5 Networks, Inc. 8 Statistics and Reporting Per Process CPU & Memory Stats – Dashboard Customization * Improved Diagnostics

9 © F5 Networks, Inc. 9 Real-time Transaction logs Client Open Application Logging Engine High Speed Logging Engine (HSL) GUI - Request Logging Profile Unmatched performance - Up to 200,000 HSL (TCP/UDP) messages per second with minimal impact to cpu usage Support compliance requirements W3C standard web log format support

10 © F5 Networks, Inc. 10 F5 Scale N Architecture Ultimate Scalability and Reliability Scale Up Scale Out Virtualization (vCMP)Clustered Multiprocessing (CMP) & SuperVIP TMOS The flexibility to scale up, virtualize, and scale out on-demand

11 © F5 Networks, Inc. 11 Typical Failover – Limited Control Typical ADC runs Active-Standby Can only fail entire ADC Failover events disrupt all services

12 © F5 Networks, Inc. 12 Scale N : Device Service Clusters Dynamic Service Based Failover Fail-over targeted application workloads Avoid application service disruptions Move applications needing extra power

13 © F5 Networks, Inc. 13 NActive-active-active N Scale Blade fails on BIG-IP 1 Add new blade to BIG-IP 3 Blade replaced on BIG-IP 1 Any type of BIG-IP device Scale N : Device Service Clusters Elastic Scale Driving Efficiency

14 © F5 Networks, Inc. 14 Akamai TMOS – TCP, HTTP, & iRule Enhancements Ability to create TCP/UDP out of band connections via iRules TCP Connection Queuing TCP Options inspection & transformation with iRules Separate caching & compression profiles from HTTP HTML Parsing iRules *Bigpipe is no longer supported in v11

15 © F5 Networks, Inc. 15 Operates at TCP level; HTTP not required Currently only engages when conn limit hit Specify queue length limit, time limit, or both Queues operate per-tmm (no state sharing) Length limit divided by tmm count FIFO guarantees only per-tmm Queued at the pool level for non-persistent connections Queued at the pool member level for persistent connections If conn limit is overridden by persistence, that conn is not queued When a pool member becomes available, it checks the head of its queue, and of the pool’s queue, and services the flow that got there first. TCP Connection queuing

16 © F5 Networks, Inc. 16 New Product and Platform Support New 6900S (Turbo SSL), (48 GB Memory, 4xSSD’s (4x 300GB), 16 Gbps HW Comp.), and 11000/11050F (FIPS) platforms (October announcement) WOM standalone product and platforms (1600, 3600, 3900, 6900, 8900,11000) Modules: Add-on Module support VE and 1600 (ASM, WA, APM, GTM, WOM) Modules: Triplet support on 3600 and higher (Any combination excluding LC) VE Production (LTM, APM, ASM, WOM,GTM) *WA coming next release New VE Lab editions that include all products 3900/ /8950/8950S 6900 and 6900S and October announcement

17 © F5 Networks, Inc. 17 BIG-IP Advanced Acceleration Overview Adaptive Protection for Web 2.0 Applications

18 © F5 Networks, Inc. 18 Easily Secure JSON Payloads BIG-IP Application Security Manager Example: Protect from JSON threats Render unique blocking message for AJAX widgets User informs admin with support ID for resolution Display a Blocking Message in AJAX Widget

19 © F5 Networks, Inc. 19 F5 Innovative Protection for Web 2.0 Apps Secure all applications Automatically share policies between devices Quickly deploy BIG-IP ASM VE in private clouds Internet Private Cloud Apps Data Center Web 2.0 Apps Hacker Clients BIG-IP Application Security Manager BIG-IP Application Security Manager

20 © F5 Networks, Inc. 20 Customer Website Protection from Vulnerabilities Enhanced Integration: BIG-IP ASM and WhiteHat Sentinel WhiteHat Sentinel Finds a vulnerability Virtual-patching with one-click on BIG-IP ASM BIG-IP Application Security Manager Verify, assess, resolve and retest in one UI Automatic or manual creation of policies Discovery and remediation in minutes Vulnerability checking, detection and remediation Complete website protection

21 © F5 Networks, Inc. 21 Policy Tuning Pen tests Performance Tests Policy Tuning Pen tests Performance Tests Final Policy Tuning Pen Tests Final Policy Tuning Pen Tests Incorporate vulnerability assessment into the SDLC Use business logic to address known vulnerabilities Allow resources to create value ASM and the Software Development Lifecycle WAF “offload” features: Cookies Brute Force DDOS Web Scraping SSL, Caching, Compression WAF “offload” features: Cookies Brute Force DDOS Web Scraping SSL, Caching, Compression

22 © F5 Networks, Inc. 22 BIG-IP Advanced Acceleration Overview Advanced Dynamic Services for Unified Access Control

23 © F5 Networks, Inc. 23 F5 Unified Access and Control Flexible and Dynamic ADC Services – BIG-IP v11 BIG-IP Edge Gateway +Access Policy Manager +WebAccelerator +WAN Optimization Manager Headquarters and Remote Offices Corporate WAN IPsec: Optimized Site-to-Site Tunnels Internet BIG-IP System Virtual Editions BIG-IP Edge Gateway Data Center BIG-IP Global Traffic Manager BIG-IP Local Traffic Manager +Access Policy Manager Mobile and Remote Users Public/Private Cloud Optimized Applications to BIG-IP Edge Client

24 © F5 Networks, Inc. 24 Authentication All in One and Fast SSO F5 BIG-IP Access Policy Manager Dramatically reduce infrastructure costs; increase productivity = BIG-IP v11

25 © F5 Networks, Inc. 25 New Detailed Reporting BIG-IP APM Custom, Built-in and Saved reports Exported and used on other devices e.g How many XP users are still on my network? e.g. Who accessed app. or network and when? e.g. Where are users accessing from (geolocation)?

26 © F5 Networks, Inc. 26 BIG-IP Advanced Acceleration Overview Scalable, Adaptive and Secure DNS infrastructure

27 © F5 Networks, Inc. 27 Scalable GSLB Performance Step 1: Multicore (CMP) BIG-IP GTM v11 Enable users to access apps during spikes Scale with GTM query performance utilizing hardware –CMP enabled utilizing full set of processing cores –Up to 6 million QPS on VIPRION –Each CPU Core ~ high performance DNS server = 130k+ qps Integrates GTM in TMM for exponential performance 125k QPS 600k QPS 1.5Mil QPS 3Mil QPS 6Mil QPS 2Mil QPS Preliminary estimates: (may exceed)

28 © F5 Networks, Inc. 28 Exponential and Efficient DNS Performance Step 2: Implement DNS Express DNS Express High-speed response and DDoS protection with in-memory DNS Authoritative DNS serving out of RAM Configuration size for tens of millions of records Scalable DNS Performance Consolidate DNS Servers Manage DNS Records NIC OS Admin Auth Roles Dynamic DNS DHCP Answer DNS Query Answer DNS Query Answer DNS Query Answer DNS Query Answer DNS Query DNS Express in TMOS DNS Server

29 © F5 Networks, Inc. 29 Solution: Easily Handle All DNS Requests Step 3: BIG-IP GTM and IP Anycast Integration Same IP Address for multiple devices Geographically separate the DNS request load for all requests Scale DNS infrastructure up and out per BIG-IP Revenue and brand are protected

30 © F5 Networks, Inc. 30 Eases the IPv6 Evolution DNS 6  4 Combined NAT64 and DNS64 provide automatic translation Supports pure IPv6 clients accessing both IPv6/IPv4 sites Critical for mobile devices and any client optimized for pure IPv6 Eases evolution and bridges gap between IPv6/IPv4 DNS Internet IPv4 and IPv6 Clients BIG-IP Local Traffic Manager +Global Traffic Manager NAT64 Forwarding/ Mapping Virtual v4 DNS (A) v6 DNS (AAAA) DNS64

31 © F5 Networks, Inc. 31 Removed Basic/Advanced listener Usability Enhancements Route Domains, Monitors, & Default Certificates! Optional manual selection of prober assignments iQuery status in in the GUI GTM Route Domain 0 Route Domain 1 Route Domain 2 BIG-IP Local Traffic Manager +Global Traffic Manager BIG-IP Global Traffic Manager GTM monitor support of Route Domains Default certificate is now 10 yrs!

32 © F5 Networks, Inc. 32 Free Customer Web-based Training What’s New in BIG-IP V11 Additional v11 WBTs modules will be available later Global Customer Training for V11

33 © F5 Networks, Inc. 33 vCMP Demo Virtual Clustered Multi-Processing vCMP = F5’s purpose built hypervisor Currently available with version 11 on the VIPRION platforms Today’s demo is on a VIPRION 2400

34 © F5 Networks, Inc. 34 V11: The iApp Revolution Optimizing the network for specific applications takes weeks … and can be frustrating F5’s unique application deployment guides helped … now just days F5’s new iApp capability reduces process to hours and minutes and it’s portable like virtual machines Framework to unify, simplify and control Application Delivery Services Application-centric Contextual view and advanced analytics Rapid and predictable deployment

35 © F5 Networks, Inc. 35 BIG-IP V10 Managing Objects & Services BIG-IP V11 Managing Application Services

36 © F5 Networks, Inc. 36 BIG-IP V11 Managing Application Services F5 iAPPs: Managing application services … not network devices or objects.

37 © F5 Networks, Inc. 37 IT Network, Security, WAN, and Exchange Team Collaboration Application specific questions

38 © F5 Networks, Inc. 38 Use a single interface to: Understand F5 application service dependencies Rapidly perform operational tasks Quick view of overall application and health status View availability status and type for each service object Rapidly enable and disable resource pool nodes or servers. The network from an “Application’s Point of View”

39 © F5 Networks, Inc. 39 iApp Ecosystem More than 20 iApp templates come with v11 F5’s Open iApp Ecosystem is part of DevCentral Share iApps within organizations, between partners, and other vendors

40 © F5 Networks, Inc. 40 User Discussion: iRules Randy Ferguson – F5 Consultant (Tempe, AZ) Do you have an iRule you would like to discuss? Examples: Select a pool based on the HTTP host header Sideband Connection – new in v11 LDAP Proxy Proxy Pass Additional resources – DevCentral TutorialsDevCentral Tutorials

41 © 2011 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, ARX, FirePass, iControl, iRules, TMOS, and VIPRION are registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries


Download ppt "© F5 Networks, Inc. 1 F5 User’s Group September 13 th 2011 Agenda  TMOS version 11  New features and overview  Demo vCMP  Demo and discuss iApps "

Similar presentations


Ads by Google