F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic...

31
F5 Networks, Confidential F5 Networks Security and Consolidation Edouard Dambrine Business Development Manager Africa Mobile: +971 56 174 0806 [email protected] Serge Ghanem Technical Consultant Mobile: +971 56 174 0846 [email protected]

Transcript of F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic...

Page 1: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

F5 Networks Security and Consolidation

Edouard Dambrine Business Development Manager Africa Mobile: +971 56 174 0806 [email protected] Serge Ghanem Technical Consultant Mobile: +971 56 174 0846 [email protected]

Page 2: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Page 3: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

To become the first, truly PAN European value added distributor – a ‘Super VAD’

Group overview Reach

•  100+ countries •  40 offices Skills

•  1200+ strong team •  40% Sales •  40% Engineers Financial Strength

•  Strong Cash Flow & Credit lines •  Annual turnover €1B ($1.25B) •  Stated target of €5 Billion by

2020

Customers •  VARs & SI’s • With 10 000+ regular transact VADs •  ISPs, MSSPs •  Service Providers

100+ awards, including: •  Best International Company •  Best Security Distributor •  Best EMEA Distributor •  Best APAC Distributor

Page 4: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Group Performance

420 M€

287 M€

182 M€

106 M€

82 M€ 50 M€

30 M€ 14 M€

6 M€ 3 M€

2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015

627 M€ +35.8% vs 2014 Organic growth

1B €

Page 5: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Page 6: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Exclusive Networks DNA

Security management

Content Delivery WAN Optimization

Switching Endpoint Security

Network Security

Content Security Wireless

Lan

Page 7: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Our ME Vendor Portfolio (2015)

Page 8: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

What is Value Adding

Page 9: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Technology Alliance Partners

Page 10: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

F5 Provides Complete Visibility and Control Across Applications and Users

Intelligent Services Platform

Users

Securing access to applications from anywhere

Resources

Protecting your applications regardless of where they live

Page 11: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Page 12: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Purpose Built and Carrier Grade Reliability

BIG-­‐IP  4000s  425K  L7  RPS  150K  L4  CPS  10G  L7/L4  TPUT  

BIG-­‐IP  4200  850K  L7  RPS  300K  L4  RPS  

BIG-­‐IP  5000s  750K  L7  RPS  350K  L4  RPS  

15/30G  L7/L4  TPUT  

BIG-­‐IP  5200v  1.5M  L7  RPS  700K  L4  CPS  

BIG-­‐IP  7200v  1.6M  L7  RPS  775K  L4  CPS  

BIG-­‐IP  7000s  800K  L7  RPS  390K  L4  CPS  

20/40G  L7/L4  TPUT  

BIG-­‐IP  2000s  212K  L7  RPS  75K  L4  CPS  5G  L7/L4  TPUT  

BIG-­‐IP  2200s  425K  L7  RPS  150K  L4  CPS  

BIG-­‐IP  10000s  1M  L7  RPS  500K  L4  CPS  

40/80G  L7/L4  TPUT  

BIG-­‐IP  10200v  2M  L7  RPS  1M  L4  CPS  

2  x  10G  +  8  x  1G   2  x  10G  +  8  x  1G   8  x  10G  +  4  x  1G   8  x  10G  +  4  x  1G   2x  40G  +  8x  1G  

Scale up performance on demand with software licensing - Higher L4 & L7 CPS, SSL TPS, and compression and vCMP virtualization capability.

BIG-­‐IP  1600  100k  L7  RPS  60K  L4  CPS  1G  L7/L4  TPUT  

BIG-­‐IP  3600  135k  L7  RPS  115K  L4  CPS  2G  L7/L4  TPUT  

BIG-­‐IP  3900  400k  L7  RPS  175K  L4  CPS  4G  L7/L4  TPUT  

BIG-­‐IP  6900  600k  L7  RPS  220K  L4  CPS  6G  L7/L4  TPUT  

BIG-­‐IP  8900/8950  1.9M  L7  RPS  800K  L4  CPS  Up  to  20G  TPUT  

BIG-­‐IP  11000/11050    2.5M  L7  RPS  1M  L4  CPS  Up  to  42G  TPUT  

BIG-IP Platform Appliances

Page 13: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Multi-Level Redundancy o  Internal blade to blade failover o  External chassis to chassis o  Hot swappable fans, processor

blades, power supplies, LCD o  Passive, redundant backplane o  Integrated Lights Out mgmt

Capacity on Demand o  Add new blade to add capacity o  No configuration required o  First, second, and future gen blades

can work in same chassis o  Supports vCMP virtualization o  Managed as a single device

•  Up to 4 B2250 blades •  Up to 80 vCMP guests •  16 x 40GbE ports •  Smaller 4U rack chassis •  80+ Gold certified high

efficiency power supplies

•  Up to 8 B4300 blades •  Up to 48 vCMP guests

•  16 x 40G + 64 x 10G ports

•  16U rack chassis

•  80+ Gold certified high efficiency power supplies

•  Up to 4 B4300/4340N blades •  Up to 24 vCMP guests

•  8 x 40G + 32 x 10G ports

•  7U rack chassis

•  NEBS certified

VIPRION 2400 VIPRION 4480 VIPRION 4800

VIPRION Chassis and Blades

Data Sheet

Page 14: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

All module combinations are supported on all platforms subject to available system resources

BIG-IP Local Traffic

Manager

BIG-IP Global Traffic

Manager

BIG-IP Application

Acceleration Manager

BIG-IP Advanced

Firewall Manager

BIG-IP Access Policy

Manager

BIG-IP Application

Security Manager

Intelligent Services

Exceptions will be listed in release notes

Deliver the most secure, fast, and reliable applications to anyone anywhere at any time F5 MISSION

Page 15: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

F5 Traffic Management Operating System

VIPRION Platform

BIG-IP Platform

BIG-IP Virtual Edition High Performance

Fabric

TMOS

TMOS: •  Real time Micro-kernel

based Operating System •  Developed in conjunction

with our Hardware •  Provides unparalleled

performance and functionality

•  Consistency across all Platforms

•  Full Proxy Architecture

Page 16: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

F5 Fast, Available, Secure

F5 Application Focus: •  FAST – Optimised

Application Performance •  AVAILABLE – Always on

Application delivery •  SECURE – Unified

Protection

VIPRION Platform

BIG-IP Platform

BIG-IP Virtual Edition High Performance

Fabric

TMOS

FAST AVAILABLE SECURE

Page 17: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

F5 Local Traffic Manager

LTM - AVAILABLE: •  Server Load balancing •  In-Depth Application

specific Health Monitors •  Application Performance

based decision making LTM - FAST: •  TCP Optimisation •  Caching •  Compression LTM - Secure: •  Default Deny •  Access Control Lists

(ACLs) •  SSL Offload

VIPRION Platform

BIG-IP Platform

BIG-IP Virtual Edition High Performance

Fabric

TMOS

FAST AVAILABLE SECURE

LTM

Page 18: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Optimize Traffic and Offload Application Server

BIG-IP LTM

•  Application Intelligence

•  Load Balancing •  TCP Optimization •  Rate Shaping •  Server Offload •  RAM Caching

•  Intelligent Compressing

•  Health Monitoring •  SSL offload •  Session

Persistence

Secure Applications & Data

•  Application Proxy •  Transaction Assurance •  Resource Cloaking •  Secure Network Address Translation •  Port Mapping •  Selective Content Encryption •  Denial of Service (DoS) protection

Optimize Applications

Page 19: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

F5 Global Traffic Manager

GTM - AVAILABLE: •  Global Server Load Balancing

(GSLB) •  Multi Data Center

configuration •  Application availability

Awareness •  Geolocation •  DNS services GTM – FAST:

•  80% reduction in DNS latency delivering faster web

•  80% reduction of outbound DNS queries

GTM - SECURE: •  DNS Express •  DNSSEC

VIPRION Platform

BIG-IP Platform

BIG-IP Virtual Edition High Performance

Fabric

TMOS

FAST AVAILABLE SECURE

LTM

GTM

Page 20: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Global Traffic Management

Page 21: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

F5 Application Acceleration Manager

AAM – FAST: •  Web performance

optimization •  Mobile optimization •  WAN Optimisation

VIPRION Platform

BIG-IP Platform

BIG-IP Virtual Edition High Performance

Fabric

TMOS

FAST AVAILABLE SECURE

LTM

GTM

AAM

Page 22: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

F5 Advanced Firewall Manager

AFM – SECURE: •  High-performance ICSA

Certified Firewall •  Full Layer 1-4 Protection •  Application-Centric firewall

policies •  Protocol Anomaly

Detection •  Analytics, Visibility and

Reporting •  Network DDoS Protection

VIPRION Platform

BIG-IP Platform

BIG-IP Virtual Edition High Performance

Fabric

TMOS

FAST AVAILABLE SECURE

LTM

AFM

GTM

AAM

Page 23: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

o  Defend against 35+ DDoS attack types across both the network and application layers. Unified Layer 2-4 protection.

o  Leverage BIG-IP to handle 10 times more connections per second when compared to any other network firewall

o  Protect and Extend by using iRules against newly published vulnerabilities that do not have a patch

o  Unify ADC intelligence and application-centric deployments

o  Scale up to 72 Gbps of throughput, 2,800,000.00 conn/sec, and 48,000,000.00 concurrent connections on a single device.

o  Gain Compliance and Complete visibility and control over all traffic (including SSL)

Advanced Firewall Manager

Page 24: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

F5 Application Security Manager

ASM – SECURE: •  PCI Compliant Web

Application Firewall •  Web scraping prevention •  Advance Layer 7

Protection •  Application Layer DDoS

Protection •  Data Guard •  Rapid Deployment Policy •  Website Defacing

protection

VIPRION Platform

BIG-IP Platform

BIG-IP Virtual Edition High Performance

Fabric

TMOS

FAST AVAILABLE SECURE

LTM

ASM

AFM

GTM

AAM

Page 25: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Cross-Site Scripting (XSS) Broken Authentication Broken Session Management

Failure to Restrict URL Access Insufficient Transport Layer Protection Unvalidated Redirects and Forwards

Security Misconfiguration Cookie Poisoning Insecure Cryptographic Storage

Brute Force Attack Cross-Site Request Forgery (CSRF) SSL Renegotiation Vulnerabilities

Slow POST Insecure Direct Object References Slow Loris

Users Web Applications BIG-IP ASM

Injection Attack Cross-Site Scripting (XSS) Broken Authentication Broken Session Management Slow POST Insecure Direct Object References Slow Loris Brute Force Attack Cross-Site Request Forgery (CSRF) SSL Renegotiation Vulnerabilities

BIG-IP Application Security Manager Leading attack protection from the latest web threats

o  Out of the box application layer security

o  Protection from OWASP Top 10 vulnerabilities o  Minimizes Time-To-Fix exposures with virtual patching

o  Protection for all web app vulnerabilities

o  Mitigates multiple DoS/DDoS Attacks

o  Log and report all application traffic with PCI Compliance

More

Page 26: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

F5 Access Policy Manager

APM – SECURE: •  Access and Identification

Services •  SSL VPN •  Device Posturing •  Pre-authentication •  BYOD enablement •  Full Proxy for VDI •  Single Sign-on, Multi-factor

and SAML

VIPRION Platform

BIG-IP Platform

BIG-IP Virtual Edition High Performance

Fabric

TMOS

FAST AVAILABLE SECURE

LTM

ASM

APM

AFM

GTM

AAM

Page 27: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Who’s Requesting Access?

Manage access based on identity

Employees Partner Customer Administrator

IT challenged to: •  Control access based on user-type and role •  Unify access to all applications (mobile, VDI, Web, client-server, SaaS) •  Provide fast authentication and SSO •  Audit and report access and application metrics

Page 28: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Control Access of Endpoints Ensure strong endpoint security

•  Antivirus software version and updates - SUBSCRIPTION INCLUDED

•  Software firewall status

•  Access to specific applications

•  Restrict USB access •  Cache cleaner leaves no trace •  Ensure no malware enters corporate

network

Allow, deny, or remediate users based on endpoint attributes such as:

Invoke protected workspace for unmanaged devices:

BIG-IP APM

Page 29: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Access and Application Analytics

Stats  Collected  •  Client  IPs  •  Client  Geographic  •  User  Agent  •  User  Sessions  •  Client-­‐Side  Latency  •  Server  Latency  •  Throughput  •  Response  Codes  •  Methods  •  URLs  

Views    •  Virtual  Server  •  Pool  Member  •  Response  Codes  •  URL  •  HTTP  Methods  

•  Stats  grouped  by  applicaMon  and  user    •  Provides  

–  Business  Intelligence  –  ROI  ReporMng  –  Capacity  Planning  –  TroubleshooMng  –  Performance  

 

Page 30: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Questions?

Page 31: F5 Networks - talentys.ci · • Full Proxy Architecture . F5 Networks, ... F5 Local Traffic Manager LTM ... F5 Networks, Confidential F5 Global Traffic Manager GTM ...

F5 Networks, Confidential

Thank you