BIG-IP Advanced ADC Access Policy Manager
14
BIG-IP V10.1 Advanced ADC New ADC services deliver unmatched control and savings for next generation data centers
-
Upload
dsorensencpr -
Category
Technology
-
view
2.525 -
download
8
description
The powerful new BIG-IP release offers a rich set of advanced services providing unparalleled control and up to 10 times CapEx and OpEx reductions for enterprises, as well as service and cloud providers. BIG-IP v10.1 enables organizations to: (1) Reduce CapEx and OpEx through centralized, granular access control using the new BIG-IP Access Policy Manager™; (2) Improve end-user experience and enhance security by creating policies based on user location with IP geolocation services integrated into TMOS; (3) Reduce bandwidth costs and improve disaster recovery through accelerated data transfers with the new BIG-IP WAN Optimization Module™; (4) Deploy applications faster by leveraging new Application Ready Templates for SAP and Microsoft Exchange Server 2010
Transcript of BIG-IP Advanced ADC Access Policy Manager
BIG-IP V10.1Advanced ADC
New ADC services deliver unmatched controland savings for next generation data centers
2
F5 Vision: Unified Application & Data Delivery
Context-Aware Networking
Corporate EmployeesLAN & WLAN Mobile
EmployeesCustomer, Partners,
or Suppliers
Branch Employees
LAN & WLANRemote
Employees
Cloud Services Hosted Applications CorporateData Center
SAAS Apps and Datain the Branch
Enables the Dynamic Infrastructure
3
Geolocation Based Services in BIG-IP
• All TMOS products include integrated GeolP Database
• Powerful geographic based policy control– GSLB enhanced– Filtering, Redirection, Reporting, and iRules Control (New)
• Provided by Quova™– Continent, country, state/region attributes– 2.7 billion routable IP addresses – Accurate / Updateable
4
BIG-IP Access Policy Manager (APM)
Consolidated and centralized access policy enforcement
L4 – L7 full proxy access control at BIG-IP speeds
Advanced endpoint security
VPE Rules – iRules style interface for custom access policies
TMOS / BIG-IP modules Integrates on the ADC
Bringing Identity, Authentication, and Access Control to BIG-IP
5
Proxy Web Servers
App 1
App 2
App 3
1
1 Code in the Application• Costly, difficult to change• Not repeatable, less secure
Agents on Servers• Difficult to manage• Not interoperable or secure• Decentralized and costly
2
2
3 Specialized Access Proxies• Doesn’t scale and not reliable• More boxes and expensive
App n
3
Policy Manager Directory
Authentication Alternatives Today
6
BIG-IP benefits:
• Reduce costs and complexity
• Gain superior scalability and high availability
• Enforce L4 – L7 ACLs at BIG-IP LTM speeds
Proxy Web Servers
App 1
App 2
App 3
App n
LTM +
APM
Policy Manager Directory
A Better Alternative – BIG-IP LTM + APM
7
Additional benefits:
• Endpoint inspection
• Virtualization for the Application and Directory
• Web application security
• Web application accelerationEndpoint
Security ChecksEndpoint
Security Checks
Web Servers
App 1
App 2
App 3
Policy Manager Directory
App n
Virtualization(HA, Scale, LB)
Virtualization(HA, Scale, LB)
ASM or
WA
LTM +
APM +
Richer Application Delivery
8
• Customer has 200 apps• Requires 2 Oracle Proxy’s per app or 400 servers
• CAPEX: $4K per server includes proxy software (give away), hardware, and OS
• OPEX: $3K per server
• LB required for high availability
Web App
OAM Manager
OAM Directory
OAM ProxyLB
… …
App 200
App 1
Customer Planned Architecture with Oracle Access Manager (OAM)
SSL
Auth Proxy Integration – Before
9
Web AppLTM + APM
App 1
Customer Architecture with Oracle Access Manager (OAM) and BIG-IP
OAM Manager
OAM Directory
…
• Customer CAPEX savings: $1.344M• $1.6M ($4K * 400 servers) - $256K (Cost of APM)
• OPEX savings: $1.2M / year• $3K * 400 servers
Auth Proxy Integration – After
SSL
10
BIG-IP WAN Optimization Module
Step 3
Symmetric Adaptive
Compression
Step 4
SSLEncryption
Step 5
TCPOptimization
Step 2
Data De-duplication
Step 6
BandwidthAllocation
Step 1
ApplicationLayerAcceleration
OptimizedData WAN
Additional WOM (Module) Free WAN Opt Service with LTM
TMOS Optimization Services
• Industry’s fastest and most scalable for data replication– Up to10 Gbps optimized throughput (single connection)
• Most cost-effective WAN Optimization service• Different services for different applications
11
Port Authority - Fast Document Downloads
Internet
DocuShare Servers
Router Firewall
Hosted Service Provider - East CoastPort Authority - West Coast
Contractors, guest & Port Authority users
• 40MB file takes 3+ mins• 2-4Mbps of throughput
Link: 20Mbps
80ms latency0.1% loss
RouterFirewall
• Files are slow to download• Encrypting file transfer increases
download time• Not utilizing bandwidth effectively • Distance between DC’s (Latency)
Problem
SSL
12
Port Authority - Fast Document Downloads
Internet
DocuShare Servers
Router Firewall
Hosted Service Provider - East CoastPort Authority - West Coast
Contractors, guest & Port Authority users
• 9x faster • 40MB file takes
20secs• 12Mbps of
throughput
Link: 20Mbps
80ms latency0.1% loss
RouterFirewall
• Offload SSL• Utilize bandwidth more effectively• Accelerate data transfer over WAN• Mitigate the effect of latency
Solution
SSL Offload
BIG-IP LTM + WOMBIG-IP LTM + WOM
iSessions
13
BIG-IP – Next Generation ADC Services
Expanding Integrated ADC Market.
Access Policy ManagerSimplify and reduce AAA and Web Access costs up to 90%
Geolocation Based ServicesImprove global Application control and performance
Integrated WAN Optimization ServicesDC to DC – Reduce WAN costs and improve performance
