JakubŠumpich The World Runs Better With F5®Networks · Svijet izgleda bolje s F5® ... •...

Zagreb, 15. veljače 2013.

Svijet izgleda bolje s F5®

The World Runs Better With F5®Networks

Lora Čurković

Jakub Šumpich

Branko Radojević

Ana Klisura

Hrvoje Frühwirth

Općenito

� WLAN „Forum Zagreb”, password „forum123”

� parking karticu zamijeniti pri odlasku na recepciji za plaćenu parkirnu karticu

Agenda

� 08:30 – 09:15 Registracija i kava dobrodošlice

� 09:15 – 09:30 Uvodni pozdrav – Sedam IT (Lora Čurković, CEO)

� 09:30 – 10:05 Ukratko o F5 Networks - F5 Networks (Jakub Šumpich, Territory Manager)

� 10:05 – 10:40 Application Delivery and Security - Sedam IT (Hrvoje Fruehwirth)

� 10:40 – 11:25 Case study - CARNet NISpVU i eMatica - CARNet (Branko Radojević) i Sedam IT (Ana Klisura)

� 11:25 – 11:45 Q&A

� Ručak


Svijet izgleda bolje s F5®

The World Runs Better With F5®Networks

Lora Čurković

Predsjednik Uprave

Sedam IT d.o.o.

F5 Networks i SedamIT

� Partner od 2007.

� Unity Silver partner, najviši partnerski status u regiji

� 8 certificiranih inženjera, najviše u regiji

� Autorizirani service center za L1 & L2 podršku

� on site hot spare set

� Reference:

– Narodne novine

– Optima telekom

– FINA

– CARNet

– HT Eronet (Avacom)

– IDDEA (EMC)

– VIPNet (Nokia Siemens Networks)

– …

F5 BIG-IP

Customer Needs & Pains

Multiple points of

access control

infrastructure and

resources to deploy

increasing number of

applications

Cannot scale

are getting larger and

more sophisticated

(blend of L3 – L7

DDoS)

Security attacks

part of critical

networking and

application

infrastructure

ADC consider

increasing number of

applications have led to

infrastructure sprawl

Complexity of

managingin mobile devices accessing

apps causing higher

CapEx/OpEx & complexity to

maintain performance,

security, & availability

requirements

Exponential increase

Security

Business Priorities

Scaling Business without

Scaling Costs

Scaling Business without

Scaling Costs

Improving Customer Experience

Improving Customer Experience

Business Risk Management

Business Risk Management

F5 uses Purpose Built Hardware

• Integrated hardware and software

system designed for application delivery

• High performance and on demand

scalability

• Carrier grade reliability—delivering

99.999% availability

• Products that will last and be supported

for many years

• Always On Management integrated into

design to detect and resolve issues

Focus on Customer Experience

Performance and Scalability

Quality and Reliability

F5 spends over $20 million annually on R&D

ScaleN Enabled BIG-IP Platforms Line Up

BIG-IP 11000• 2.5M L7 RPS

• 20K SSL TPS (2K

key)

• 1M L4 CPS

• 24 Gbps L7 TPUT

• 10 10 Gigabit

Fiber Ports (SFP+)

BIG-IP 10200v• 2M L7 RPS

• 42K SSL TPS (2K

key)

• 1M L4 CPS

• 40G L7 TPUT

• 16 10 Gigabit Fiber

Ports (SFP+)


Ports (QSFP+)

VIPRION 2400 / 4 x

2100 Blade• 4M L7 RPS

• 40K SSL TPS (2K key)

• 1.6M L4 CPS

• 72 Gbps L7 TPUT

• 32 10 Gigabit Fiber Ports (SFP+)

VIPRION 4480 / 4 x

4300 Blade• 10M L7 RPS


• 5.6M L4 CPS

• 160G L7 TPUT

• 32 10 Gigabit Fiber Ports

(SFP+)


(QSFP+)

BIP-IP 2000s• 212K L7 RPS

• 2K SSL TPS (2K

key)

• 75K L4 CPS

• 5 Gbps L7 TPUT

• 2 10 Gigabit

Fiber Ports

(SFP+)

• 8 Gigabit

Ethernet CU

ports

BIG-IP 2200s• 425K L7 RPS

• 4K SSL TPS (2K

key)

• 150K L4 CPS

• 5 Gbps L7 TPUT

• 2 10 Gigabit

Fiber Ports

(SFP+)

• 8 Gigabit

Ethernet CU

ports

BIG-IP 4200v• 850K L7 RPS

• 9K SSL TPS (2K

key)

• 300K L4 CPS

• 10 Gbps L7 TPUT


Ports (SFP+)

• 8 Gigabit

Ethernet CU

ports:

BIG-IP 11050 • 2.5M L7 RPS

• 20K SSL TPS (2K

key)

• 1M L4 CPS

• 40 Gbps L7 TPUT

• 10 10 Gigabit

Fiber Ports (SFP+)

VIPRION 4800 / 8 x 4300

Blade• 20M L7 RPS


• 10M L4 CPS

• 320G L7 TPUT

• 64 10 Gigabit Fiber Ports (SFP+)


(QSFP+)

BIG-IP 4000s• 425K L7 RPS

• 4.5K SSL TPS (2K

key)

• 150K L4 CPS

• 10 Gbps L7 TPUT

• 2 10 Gigabit

Fiber Ports

(SFP+)

• 8 Gigabit

Ethernet CU

ports

BIG-IP Product Portfolio of Services

BIG-IP Products

Local Traffic Manager

Global Traffic Manager

Application Security Manager

Access Policy Manager

WebAccelerator

WAN Optimization Module

TMOSOperating System

Shared Application Services

Selective Content EncryptionAdvanced Client AuthenticationApplication Health MonitorsApplication SwitchingWeb AccelerationDC to DC ReplicationWeb Application Firewall

Application IntelligenceRate Shaping / Rate LimitingResource CloakingTransaction AssuranceUniversal PersistenceCachingGeolocationIntelligent Compression

Shared Network Services

TCP OptimizationProtocol SanitizationOptimized SSL VPNDoS and DDoS ProtectionVLAN Segmentation Line Rate L2 Switching (Mirroring, Trunking, STP, LACP)

IP Packet FilteringIPv6Dynamic RoutingSecure Network Addr. TranslationPort Mapping

Availability• Scale

• HA / DR

• Bursting

• Load-Balancing

Optimization• Network

• Application

• Storage

• Offload

Security• Network

• Application

• Data

• Access

Management• Integration

• Visibility

• Orchestration

F5’s Strategic Points of ControlA

pp

licat

ion

and

Dat

a D

eliv

ery

Net

wo

rk

Resources

Physical Virtual Multi-Site DCs Cloud

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP Private

Public

Users

Optimize Traffic Management and

Offload Application Serverwith BIG-IP Local Traffic Manager (LTM)

BIG-IP LTM

OPTIMIZED APPLICATIONS & DATA

• Application Intelligence

• Load Balancing• TCP

Optimization• Rate Shaping• Server Offload

• RAM Caching • Intelligent

Compressing• Health

Monitoring• SSL offload

SECURE APPLICATIONS & DATA

• Application Proxy• Transaction Assurance• Resource Cloaking• Secure Network Address Translation• Port Mapping• Selective Content Encryption

Physical

Virtual

Public or

private

cloud

Physical

Virtual

Public or

private

cloud

Increase application Server Capacity and

better utilize Bandwidth

BIG-IP LTM


• Connection Management (OneConnect™)

• RAM Cache • Compression offload• SSL offload

• Increase server capacity

� 60% with OneConnect™

� 9x with RAM Cache

� 20% with Compression offload

� 30% with SSL offload

• Reduce costs with centralize SSL key management

with BIG-IP Local Traffic Manager (LTM)

Secure Applications and Data

Security at the application, protocol, and network levels

• Meet compliance requirements (PCI, HIPAA, etc.)

• Protect data without interrupting legitimate traffic

BIG-IP LTM


• Application Proxy• Transaction Assurance• Resource Cloaking• Network and protocol attack

prevention• Secure Network Address Translation• Port Mapping• Selective Content Encryption

with BIG-IP Local Traffic Manager (LTM)

Benefits of LTM

� Increase Application Availability

� Accelerate Applications

� Increase Application Server Capacity

� Optimize Bandwidth Usage

� Secure Applications and Data

� Take Control of Application Delivery

F5 iRules

� Skriptni jezik temeljen na događajima

� Razvijen na osnovi TCL (Tool Command Language) programskog jezika

� Omogućava pisanje skripti za dodatno upravljanje dolaznim i odlaznim

prometom

� Presretanje, preusmjeravanje, pregledavanje i transformacija dolazećeg ili

odlazećeg aplikativnog prometa

� iRules programi se izvode i manipuliraju putem jedinstvenog sučelja za

programiranje aplikacija razvijenog od strane tvrtke F5

Sedam IT presentation for CUC 2010

Global Application Availability

Data

Center 1

Data Center

2


• Dynamic Datacenter Load Balancing• TCP Optimization• Health Monitoring• Geolocation• Automatic site-to-site failover


• Transaction Assurance• DNS Security• Dynamic DNSSEC

with BIG-IP Global Traffic Manager (GTM)

Attack protection

with BIG-IP Application Security Manager (ASM)

Leading Web Attack Protection with BIG-IP Application Security Manager (ASM)

• Maintain security at application, protocol, and network levels

• Launch secure applications protected from vulnerabilities

Web ApplicationsBIG-IP ASM


• Web Application Firewall• Protection from top OWASP threats including

DoS and DDoS• Log and report all application traffic• Provides L2->L7 protection

• PCI Compliance

Meet PCI Compliance

PCI reporting provides:

• Requirements with details

• Current compliancy state

• Steps to become compliant

with BIG-IP Application Security Manager (ASM)

Easily comply with audits

Dramatically Improve User Experience

when accessing your Web Applicationwith BIG-IP WebAccelerator


• Cache repetitive content in browser

• Intelligent Compress• TCP optimization

Benefits of BIG-IP WebAccelerator

F5 – news

� New product – Big IP Advanced Firewall Manager

� high-performance, stateful, full-proxy network firewall

�640 Gbps of firewall throughput

�288 million concurrent sessions

�8 million connections per second

“Next Generation” Firewall

• Outbound user inspection• Who is doing what?• “Trusted” users to Internet• App awareness: Broad but

shallow

Corporate

(users)

Application Delivery Firewall

Data center

(servers)

• Inbound application protection• Application delivery focus• “Untrusted” users to data center• App awareness: Specific but deep

A Firewall Built for the Data Center

• Deliver a consistently fast experience regardless of the countless variables

• Manage new and evolving protocols as well as ever-increasing and

inconsistent traffic

• Guarantee application availability, while reducing OPEX and CAPEX

Use Case: Application Delivery

Customer

needs to

F5 Value

Delivered

Dynamic,

highly

interactive

web

applications

at the speed

of business.

Mobile Content

Delivery

Intelligent traffic

management

Enterprise

Application

Performance

Improve end user experience, increase revenue, and enhanced productivity without the need to rewrite applications

Availability:

Always on

Direct users to the best location based on real-time application delivery data and performance

Optimize traffic management decisions based on contextual message data.

Deliver customized device-aware content optimization

• Attain protection from full spectrum of DDoS attacks

• Achieve full SSL visibility and protection

• Rely on key partnerships give you full vulnerability checking and

website protection

Use Case: Security

Customer

needs to

With high scale and performance capabilities, the BIG-IP and VIPRION hardware platforms running the Advanced Firewall Manager module represent the world’s fastest firewall

F5 Value

Delivered

F5 provides

application

layer security

and protects

your Internet

data center

from today’s

attacks

regardless of

where they

live.

Accelerated and secure

remote accessProtection at scale

The Access Policy Manager (APM) module running on BIG-IP and VIPRION platforms represents the industry’s most scalable remote access solution

• Ensure optimal network performance during IPv6 migration and handle the high

number of translations and concurrent connections

• Support millions of logs being generated during Network Address Translation (NAT)

with High Speed Logging

• Consolidate multiple services onto a single platform to streamline their network

and introduce new services faster to market while reducing costs

• Provide highly available platform for a reliable network and continuous up-time.

Use Case: Service Provider

Customer

needs to

• Highly scalable platform enables you to handle more concurrent connections and new CPS helps you manage traffic with fewer resources resulting in lower CAPEX and OPEX

• Scales to support generation millions of logging records and exporting them to a system logging server

F5 Value

Delivered

High availability platform ensures service uptime and at-peak performance

• Intelligent Services Platform is an intelligent software-controllable platform enabling any service to run on any blade, resulting in simpler configuration and management of network resources

• Consolidate the number of servers along with power, space, cooling, and management requirements.

Available Scale Consolidate

Hvala!

[email protected]

Case Study

Zagreb, veljača 2013.

CARNet NISpVU i eMatica

Branko Radojević

Ana Klisura

Takeaways

� Molimo popuniti upitnike i kod hostesa zamijeniti za mali znak pažnje

� F5 – puno više od Load Balancera

� Optimizacija

Hvala!

[email protected]

Jakub SumpichTerritory [email protected]

8 of the Fortune 10 companies • 44 of the Fortune 50 companies • 18 of the top 20 U.S. commercial banks • 3 of the top

F5 Introduction

ApplicationDeliveryNetwork

Users Data Center

F5 is #1 WW for Traffic/App Optimization

SAPMicrosoft

Oracle

At HomeIn the OfficeOn the Road

•Bigger competitive ability•Lower OPEX costs of DC•Application investment protection

Benefits:

F5 Overview

-

50.000

100.000

150.000

200.000

250.000

300.000

350.000

400.000

$ T

hous

ands

Publicly traded on NASDAQ

3,000+ employees

IPO in 1999

F5 Networks is the leading provider of application and data

delivery networking

Our products sit at strategic points of control in any

infrastructure

Fiscal Year 2012 Revenue US$1.38B

1,380,000,000

Organizations Worldwide Trust F5

F5 Customer highlights

• 43 of the Fortune 50 companies1

• 15 of the top 15 US commercial banks1

• 6 of the 6 top US airlines1

• 10 of the top 10 US insurance companies - property and casualty1

• 5 of the top 6 healthcare: pharmacy and other services1

• 14 of the 15 executive branch departments of the US federal government2

• 10 of the top 10 fixed AND mobile global service providers3

• 9 of the top 10 US online video brands4

• 4 of the top 5 US Internet search providers5

• 17 of 20 cloud infrastructure and Web hosting companies6

Sources: 1 Fortune 2010; 2 USA.gov Web site listing 3 Q310 Ovum Market share, by revenue, global; 4 Nielson NetRatings September 2010; 5 Comscore November 2010; 6 Gartner Magic Quadrant Cloud Infrastructure as a Service and Web Hosting (On Demand, December 2010)

Application

How to fulfil business needs?

Network Administrator Application Developer

Hire army of developers?Add equipment?

MoreBandwidth

Multiple Point Solutions

CRM CRM SFA ERP

ERP ERP SFACRM

SSL Acceleration

Network Point Solutions ApplicationsUsers

Server Load Balancer

Rate Shaping

DoS Protection

ApplicationFirewall

ContentAcceleration

TrafficCompression

Connection Optimisation Customised

Application

Mobile Phone

PDA

Laptop

Desktop

Co-location

Result: Complicated and expensive infrastructure

CustomisedApplication

The F5 Solution ApplicationsUsers

Mobile Phone

PDA

Laptop

Desktop

Co-location

Solution – Application Delivery Controller (ADC)

CRM

Database

Siebel

BEA

Legacy

.NET

SAP

PeopleSoft

IBM

ERP

SFA

Custom

TMOS

Application Delivery Network

185 billion mobile app downloads

by 2014

50 billion connected devices by 2020

Cloud Computing is in the Top 3 concern for CIO priority in 2012

More deliverymechanisms

71% of all work will be mobileor web-based by 2020

More challenges impacting ITinfrastructure

More users andmore choices

Traditional Application Delivery Challenges

FirewallADC

Clients

App servers Storage

App servers Storage

Traditional Application Delivery Challenges

ADC

App servers StorageSaaS

Cloud

Firewall

Clients

More Endpoints More Delivery Models More Apps

App servers Storage

Solution: An Intelligent Services Platform

Virtual

Physical

Cloud

Storage

An Intelligent Services Platform connects any user, anywhere, from any

device to the best application resources, independent of infrastructure.

Anywhere, any service, any device Intelligent Dynamic , agile, adaptive

Clients

Full Intelligence Requires a Full Proxy

App “point of delivery & definition”App Intelligence - layer 3- 7 visibilityDistinct client / server controlUnified services / context Interoperability and gateway functions

Intelligent Full Proxy Benefits

Network

Session

Application

Physical

Client/Server

IT = Complete ControlBusiness = Reduced Delivery Costs

Network

Session

Application

Physical

Client/Server

Web Application Web Application

View of the Analytics

F5 Networks

� Offers the most feature-rich AP ADC , combined with excellent performance and programmabilityvia iRules and a broad product line .

� Strong focus on applications , including long-term relationships with major application vendors , including Microsoft, Oracle and SAP.

� Strong balance sheet and cohesive management team with a solid track record for delivering the right products at the right time.

� Strong underlying platform allows easy extensibility to add features.

� Support of an increasingly loyal and large group of active developers tuning their applications environments specifically with F5 infrastructure.

Gartner Advanced Platform DC Market Share

iRules iControl iApps

Hardware Software

TMOS

Secure

Available

Fast

F5: An Intelligent Services PlatformF5 makes the connected world run better

Application Delivery Controller

Mobile optimization solution

Application Delivery Firewall

Mobile User and Application Access Management

WAN Opt and WAN acceleration

DNS Delivery Services

Local and Global Load Balancer

DevCentralUser Community

Programmable/Extensible

Enterprise

Foundation

CustomizableTraffic Management

IntelligentIntegrated

Context aware

Scale

F5 solutions available today:

Intelligent Ecosystem

The F5 Business Value

Improves end-to-end application delivery

Increased availability, scalability, performance, and security drives increased business productivity and faster ROI

Improves application performance and the user experience

Maximizes and protects application investments, reducing operating and capital expenses

Protects applications against security threats and network problems

Lowers cost and risk of deployment and

maintenance

Delivers applications to high-performance mobile and remote users while providing dynamic, flexible and powerful security.

Efficiently delivers highly reliable application services while maintaining maximum availability regardless of location or state.

Improves performance, increases employee productivity, boosts business operations and drives e-commerce revenue.

Benefits of the Intelligent Services Platform for Enterprise

Fast

Available

Secure

Enterprise

iRules iControl iApps

Hardware Software

TMOS

Secure

Available

Fast

DevCentral

Efficiently delivers highly reliable application se rvices whilemaintaining maximum availability regardless of loca tion or state.Available

BIG-IP GTM has had an immediate and profound effect on our reliability. If a server ever goes down, it reduces our downtime from 8-10 minutes to a coupleof milliseconds.

Don Wood,Director of Technology,

DNSstuff.com

75%of all U.S. businesseshave experienced interruptions due to:

power

hardware

telecommunications

software problems

A new set of customers. There is a large, untapped customer base in Asia that connects with IPv6-only devices and can only communicate with IPv6 hosts.

IPv6

IPv6

“ Cloud-based disaster recovery has the potential to give companies lower costs yet faster recovery, with easier testing and more flexible contracts.”

- Rachel Dines, Forrester

Fast Improves performance, increases employee productivi ty,boosts business operations and drives e-commerce re venue.

Every 100ms delay

As of October 2012, there were over 188 million active websites, a growth of 180% over the last 5 years.

When we moved our Microsoft application servers behind theBIG-IP LTM devices,we immediately noticed a dramatic performance improvement—the difference was likenight and day.

Kevin Rice, Global Network Architect,

A.T. Kearney

2012

2007

Costs Amazon

1% in sales.

2012

2007

DNS has grownover 100%

in the last 5 years.

180%

74% are willing to wait

5 seconds or less for a single web page to load before leaving the site.

Secure Delivers applications to high-performance mobile an d remote users while providing dynamic, flexible and powerful security.

BIG-IP APM gives usan essential additional layer of security.It also allows us to provide secure remote access to each of our customers’ corporateIT environments from their own networksand devices.

Jeffrey Dahn, CIO, Lokahi Solutions

of surveyed Internet, technology and social experts predict most work will be done via web-based or mobile applications by 2020.

4X

Anonymous proxies… have steadily increased, more than quadrupling in number as compared to three years ago.

An everyday laptop on an average connection can take

down an enterprise web server using SSL/TLS.

iRules®, iApps®, and iControl®iRules®, iApps®, and iControl®

TMOS®TMOS®

BIG-IP®

Advanced Firewall Manager

(AFM)

BIG-IP®

Advanced Firewall Manager

(AFM)

BIG-IP®

ApplicationSecurityManager

(ASM)

BIG-IP®

ApplicationSecurityManager

(ASM)

BIG-IP®

GlobalTraffic

Manager(GTM)

BIG-IP®

GlobalTraffic

Manager(GTM)

BIG-IP®

LocalTraffic

Manager(LTM)

BIG-IP®

LocalTraffic

Manager(LTM)

BIG-IP®

Carrier Grade NAT(CGNAT)

BIG-IP®

Carrier Grade NAT(CGNAT)

BIG-IP®

Policy Enforce-

mentManager

(PEM)

BIG-IP®

Policy Enforce-

mentManager

(PEM)

BIG-IP®

WAN Opt Manager(WOM)

BIG-IP®

WAN Opt Manager(WOM)

BIG-IP®

Web-Accelerator

(WA)

BIG-IP®

Web-Accelerator

(WA)

BIG-IP®

Access Policy

Manager(APM)

BIG-IP®

Access Policy

Manager(APM)

BIG-IP Module Architecture

Service ProviderSecurity

ADC

BIG-IQSecurity™

BIG-IQSecurity™

BIG-IQEM™

BIG-IQEM™

…

BIG-IQ™BIG-IQ™

Why Does F5 Build Purpose Built Hardware?

Customers require:

• Integrated hardware and software system

designed for application delivery

• High performance and on demand scalability

• Carrier grade reliability—delivering 99.999%

availability

• Products that will last and be supported for many

years

• Always On Management integrated into design to

detect and resolve issues

Focus on Customer Experience

Performance and Scalability

Quality and Reliability

F5 spends over $20 million annually on R&D

Leveraging AlliancesProgrammability

Cisco’s recent ACE news

Cisco has decided it will not develop further generations of its ACE load-balancing products…

Cisco Systems has significantly reduced its investment in the development of the company’s ACE product... to re-align resources with the company’s long-term opportunities.

As far back as 2009, Gartner was calling ACE a “legacy platform”, predicting that Cisco would have to cede the application acceleration market…

We also feel that F5, as the strong market leader, will be well-positioned to capture a large portion of the share…

Benefits of F5 Global Services

Fastertime to market

Increasedproject success

Quickerproblem resolution

Maximumreturn on investment

Technology expertise | Service excellence | Cust omer focus | Global coverage

Professional services Knowledge services Support serv ices

Better application performance, enhanced security a nd higher availability

iHealth

Case Study


CARNet NISpVU i eMatica Ana Klisura

Sadržaj

1. NISpVU i www.postani-student.hr

2. eMatica

3. Izgradnja podatkovnog centra u CARNetu

4. Local Traffic Manager

5. Napredni nadzor sustava

6. Offload poslužitelja

7. F5 iRules

8. Što smo postigli u CARNetu?

Case Study – CARNet NISpVU i eMatica

NISpVU i postani-student.hr

� NISpVU – Nacionalni informacijski sustav prijave na visoka učilišta

� www.postani-student.hr – korisničko sučelje prema NISpVU sustavu

� Prijave na državnu maturu, objave rezultate, upisne liste za fakultete


� Servis se nalazi na LTM-u od samog

početka projekta Državna matura

� Najveće korištenje stranice u trenutku

objave rezultata ispita državne mature

� Između 30 000 i 40 000 korisnika svaku

godinu

eMatica

� Centralizirani sustav Ministarstva znanosti, obrazovanja i sporta za upisivanje

podataka o učenicima i zaposlenicima osnovnih i srednjih škola u Republici

Hrvatskoj

� Na kraju godine omogućeno je ispisivanje svjedodžbi učenicima

� Podaci uneseni u sustav automatski se sinkroniziraju s ostalim servisima


� Sustav preseljen na poslužitelje iza LTM

uređaja u CARNetu u svibnju 2012. godine

� Sustav se kontinuirano koristi kroz cijelu

godinu s najvećim opterećenjem na kraju

školske godine kod zaključivanja ocjena i

ispisivanja svjedodžbi

Izgradnja podatkovnog centra

� Visokodostupan računalni sustav mora osigurati dostupnost, brzinu i

sigurnost aplikacija korisnicima u bilo kojem trenutku bez obzira na vrijeme,

lokaciju korisnika ili bilo koji faktor koji može utjecati na rad i dostupnost

sustava

� Osiguravanje naprednih usluga i servisa i njihove nesmetane isporuke

članicama i korisnicima CARNet mreže

� Središnjica IT arhitekture i veliki korak prema zaštiti poslovanje

� Primarna i pričuvna lokacija podatkovnog centra

� Cilj -> zaštititi servise organizacije i ostvariti efikasan način raspodjele

opterećenja


Local Traffic Manager

� Nudi napredne funkcije poput upravljanja aplikativnim prometom, kontrole

pristupa i zaštite aplikativnog prometa na mreži

� Glavna uloga LTM-a je raspodjela opterećenja klijentskih upita prema

pozadinskim aplikativnim poslužiteljima

� Hardver dizajniran posebno za inteligentnu dostavu aplikativnog prometa: SSL

ubrzanje, kompresija, višejezgreno procesiranje

� Brojne opcije za optimizaciju i upravljanje aplikativnim prometom

� Modularnost i jednostavna nadogradnja


Visokodostupan računalni sustav u CARNetu

� Izgradnja podatkovnog centra na dvije lokacije

� Uređaji u active/standby načinu rada

� Connection mirroring - kompletno zrcaljenje svih postojećih konekcija

� Rezultat -> rješenje koje je visoko dostupno bez obzira na neispravnost sustava,

poslužitelja ili aplikacija te osigurava neprekidna usluga prema krajnjim

korisnicima


Napredan nadzor sustava

� Napredan nadzor svih dijelova sustava

• Veliki broj ugrađenih aplikativnih monitora

• Mogućnost kreiranja custom monitora

� Nadzor poslužitelja omogućuje odabir uvijek najboljeg resursa za isporuku

usluge korisnicima

� Nadzor rada servisa omogućuje uvijek odabir poslužitelja koji će ispravnu

aplikaciju isporučiti korisnicima

� Rezultat - > visoka razina raspoloživosti, veća pouzdanost i eliminacija false-

positive alarma


Offload poslužitelja

� Terminacija SSL prometa

• SSL/TLS enkripcija i dekripcija podataka na LTM

• Posebni hardverski optimizatori za SSL promet omogućavaju potpuni offload

opterećenja sa središnjeg CPU sustava

� Kompresija HTTP prometa

• Offload kompresije prometa s pozadinskih poslužitelja

� Caching HTTP prometa

• Spremanje objekata u LTM memoriji

� Brojni sigurnosni mehanizmi

• „Prva crta obrane”

• Veća sigurnost mreže i aplikativnih servisa

• Zaštita od DoS napada, SYN flood napada, UDP flood napada…


F5 iRules

� Moćan i fleksibilan skriptni jezik temeljen na događajima

� Omogućava kompletnu kontrolu i manipulaciju prometom koji prolazi kroz LTM

� Moguće ih je primijeniti na bilo koji transportni protokol ili aplikativni promet

� Posebno korisničko sučelje za pisanje iRule skripti


� U CARNetu:

• http -> https redirekcija

• Cachiranje prometa

• Usmjeravanje klijentskih zahtjeva

na odgovarajući skup pozadinskih

poslužitelja

• Logiranje određenih događaja u

sustavu

• Promjena sadržaja HTTP headera

Što smo postigli u CARNetu?

� Pouzdana i efikasna isporuka usluga korisnicima

� Rasterećenje i smanjenje broja krajnjih poslužitelja

� Raspodjela opterećenja na aplikacijskom sloju

� Poboljšanje aplikacijskih performansi

� Povećana sigurnost aplikacija i poslužitelja

� Napredan nadzor poslužitelja i aplikacija

� Uvijek odabir najboljih resursa

� Inspekcija i manipulacija aplikacijskog sadržaja


Prepoznata kvaliteta LTM-a

� Prepoznat doprinos LTM-a u uspostavi visoke dostupnosti i optimizacije servisa

� Od ove godine na poslužiteljima u CARNetu nalaziti će se i NISPUSS

� NISPUSS – Nacionalni informacijski sustav prijava i upisa u srednje škole


Kraj

� Optimizirana i sigurna isporuka usluga korisnicima

� Maksimalna dostupnost i optimalna dostava aplikacija

� Kontrola i mogućnost jednostavnog skaliranja sustava

� Mogućnost nadogradnje sustava kupnjom dodatnih modula ili licenci

� Visoka dostupnost servisa ili aplikacija kao zahtjev danas se postavlja pred svaki

sustav


Pitanja, komentari…


mail to: [email protected]

Hvala na pažnji!

JakubŠumpich The World Runs Better With F5®Networks · Svijet izgleda bolje s F5® ... •...

Documents

Transcript of JakubŠumpich The World Runs Better With F5®Networks · Svijet izgleda bolje s F5® ... •...