JakubŠumpich The World Runs Better With F5®Networks · Svijet izgleda bolje s F5® ... •...
Transcript of JakubŠumpich The World Runs Better With F5®Networks · Svijet izgleda bolje s F5® ... •...
Zagreb, 15. veljače 2013.
Svijet izgleda bolje s F5®
The World Runs Better With F5®Networks
Lora Čurković
Jakub Šumpich
Branko Radojević
Ana Klisura
Hrvoje Frühwirth
Općenito
� WLAN „Forum Zagreb”, password „forum123”
� parking karticu zamijeniti pri odlasku na recepciji za plaćenu parkirnu karticu
Agenda
� 08:30 – 09:15 Registracija i kava dobrodošlice
� 09:15 – 09:30 Uvodni pozdrav – Sedam IT (Lora Čurković, CEO)
� 09:30 – 10:05 Ukratko o F5 Networks - F5 Networks (Jakub Šumpich, Territory Manager)
� 10:05 – 10:40 Application Delivery and Security - Sedam IT (Hrvoje Fruehwirth)
� 10:40 – 11:25 Case study - CARNet NISpVU i eMatica - CARNet (Branko Radojević) i Sedam IT (Ana Klisura)
� 11:25 – 11:45 Q&A
� Ručak
Zagreb, 15. veljače 2013.
Svijet izgleda bolje s F5®
The World Runs Better With F5®Networks
Lora Čurković
Predsjednik Uprave
Sedam IT d.o.o.
F5 Networks i SedamIT
� Partner od 2007.
� Unity Silver partner, najviši partnerski status u regiji
� 8 certificiranih inženjera, najviše u regiji
� Autorizirani service center za L1 & L2 podršku
� on site hot spare set
� Reference:
– Narodne novine
– Optima telekom
– FINA
– CARNet
– HT Eronet (Avacom)
– IDDEA (EMC)
– VIPNet (Nokia Siemens Networks)
– …
F5 BIG-IP
Customer Needs & Pains
Multiple points of
access control
infrastructure and
resources to deploy
increasing number of
applications
Cannot scale
are getting larger and
more sophisticated
(blend of L3 – L7
DDoS)
Security attacks
part of critical
networking and
application
infrastructure
ADC consider
increasing number of
applications have led to
infrastructure sprawl
Complexity of
managingin mobile devices accessing
apps causing higher
CapEx/OpEx & complexity to
maintain performance,
security, & availability
requirements
Exponential increase
Security
Business Priorities
Scaling Business without
Scaling Costs
Scaling Business without
Scaling Costs
Improving Customer Experience
Improving Customer Experience
Business Risk Management
Business Risk Management
F5 uses Purpose Built Hardware
• Integrated hardware and software
system designed for application delivery
• High performance and on demand
scalability
• Carrier grade reliability—delivering
99.999% availability
• Products that will last and be supported
for many years
• Always On Management integrated into
design to detect and resolve issues
Focus on Customer Experience
Performance and Scalability
Quality and Reliability
F5 spends over $20 million annually on R&D
ScaleN Enabled BIG-IP Platforms Line Up
BIG-IP 11000• 2.5M L7 RPS
• 20K SSL TPS (2K
key)
• 1M L4 CPS
• 24 Gbps L7 TPUT
• 10 10 Gigabit
Fiber Ports (SFP+)
BIG-IP 10200v• 2M L7 RPS
• 42K SSL TPS (2K
key)
• 1M L4 CPS
• 40G L7 TPUT
• 16 10 Gigabit Fiber
Ports (SFP+)
• 2 40 Gigabit Fiber
Ports (QSFP+)
VIPRION 2400 / 4 x
2100 Blade• 4M L7 RPS
• 40K SSL TPS (2K key)
• 1.6M L4 CPS
• 72 Gbps L7 TPUT
• 32 10 Gigabit Fiber Ports (SFP+)
VIPRION 4480 / 4 x
4300 Blade• 10M L7 RPS
• 120K SSL TPS (2K key)
• 5.6M L4 CPS
• 160G L7 TPUT
• 32 10 Gigabit Fiber Ports
(SFP+)
• 8 40 Gigabit Fiber Ports
(QSFP+)
BIP-IP 2000s• 212K L7 RPS
• 2K SSL TPS (2K
key)
• 75K L4 CPS
• 5 Gbps L7 TPUT
• 2 10 Gigabit
Fiber Ports
(SFP+)
• 8 Gigabit
Ethernet CU
ports
BIG-IP 2200s• 425K L7 RPS
• 4K SSL TPS (2K
key)
• 150K L4 CPS
• 5 Gbps L7 TPUT
• 2 10 Gigabit
Fiber Ports
(SFP+)
• 8 Gigabit
Ethernet CU
ports
BIG-IP 4200v• 850K L7 RPS
• 9K SSL TPS (2K
key)
• 300K L4 CPS
• 10 Gbps L7 TPUT
• 2 10 Gigabit Fiber
Ports (SFP+)
• 8 Gigabit
Ethernet CU
ports:
BIG-IP 11050 • 2.5M L7 RPS
• 20K SSL TPS (2K
key)
• 1M L4 CPS
• 40 Gbps L7 TPUT
• 10 10 Gigabit
Fiber Ports (SFP+)
VIPRION 4800 / 8 x 4300
Blade• 20M L7 RPS
• 240K SSL TPS (2K key)
• 10M L4 CPS
• 320G L7 TPUT
• 64 10 Gigabit Fiber Ports (SFP+)
• 16 40 Gigabit Fiber Ports
(QSFP+)
BIG-IP 4000s• 425K L7 RPS
• 4.5K SSL TPS (2K
key)
• 150K L4 CPS
• 10 Gbps L7 TPUT
• 2 10 Gigabit
Fiber Ports
(SFP+)
• 8 Gigabit
Ethernet CU
ports
BIG-IP Product Portfolio of Services
BIG-IP Products
Local Traffic Manager
Global Traffic Manager
Application Security Manager
Access Policy Manager
WebAccelerator
WAN Optimization Module
TMOSOperating System
Shared Application Services
Selective Content EncryptionAdvanced Client AuthenticationApplication Health MonitorsApplication SwitchingWeb AccelerationDC to DC ReplicationWeb Application Firewall
Application IntelligenceRate Shaping / Rate LimitingResource CloakingTransaction AssuranceUniversal PersistenceCachingGeolocationIntelligent Compression
Shared Network Services
TCP OptimizationProtocol SanitizationOptimized SSL VPNDoS and DDoS ProtectionVLAN Segmentation Line Rate L2 Switching (Mirroring, Trunking, STP, LACP)
IP Packet FilteringIPv6Dynamic RoutingSecure Network Addr. TranslationPort Mapping
Availability• Scale
• HA / DR
• Bursting
• Load-Balancing
Optimization• Network
• Application
• Storage
• Offload
Security• Network
• Application
• Data
• Access
Management• Integration
• Visibility
• Orchestration
F5’s Strategic Points of ControlA
pp
licat
ion
and
Dat
a D
eliv
ery
Net
wo
rk
Resources
Physical Virtual Multi-Site DCs Cloud
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP Private
Public
Users
Optimize Traffic Management and
Offload Application Serverwith BIG-IP Local Traffic Manager (LTM)
BIG-IP LTM
OPTIMIZED APPLICATIONS & DATA
• Application Intelligence
• Load Balancing• TCP
Optimization• Rate Shaping• Server Offload
• RAM Caching • Intelligent
Compressing• Health
Monitoring• SSL offload
SECURE APPLICATIONS & DATA
• Application Proxy• Transaction Assurance• Resource Cloaking• Secure Network Address Translation• Port Mapping• Selective Content Encryption
Physical
Virtual
Public or
private
cloud
Physical
Virtual
Public or
private
cloud
Increase application Server Capacity and
better utilize Bandwidth
BIG-IP LTM
OPTIMIZED APPLICATIONS & DATA
• Connection Management (OneConnect™)
• RAM Cache • Compression offload• SSL offload
• Increase server capacity
� 60% with OneConnect™
� 9x with RAM Cache
� 20% with Compression offload
� 30% with SSL offload
• Reduce costs with centralize SSL key management
with BIG-IP Local Traffic Manager (LTM)
Secure Applications and Data
Security at the application, protocol, and network levels
• Meet compliance requirements (PCI, HIPAA, etc.)
• Protect data without interrupting legitimate traffic
BIG-IP LTM
SECURE APPLICATIONS & DATA
• Application Proxy• Transaction Assurance• Resource Cloaking• Network and protocol attack
prevention• Secure Network Address Translation• Port Mapping• Selective Content Encryption
with BIG-IP Local Traffic Manager (LTM)
Benefits of LTM
� Increase Application Availability
� Accelerate Applications
� Increase Application Server Capacity
� Optimize Bandwidth Usage
� Secure Applications and Data
� Take Control of Application Delivery
F5 iRules
� Skriptni jezik temeljen na događajima
� Razvijen na osnovi TCL (Tool Command Language) programskog jezika
� Omogućava pisanje skripti za dodatno upravljanje dolaznim i odlaznim
prometom
� Presretanje, preusmjeravanje, pregledavanje i transformacija dolazećeg ili
odlazećeg aplikativnog prometa
� iRules programi se izvode i manipuliraju putem jedinstvenog sučelja za
programiranje aplikacija razvijenog od strane tvrtke F5
Sedam IT presentation for CUC 2010
Global Application Availability
Data
Center 1
Data Center
2
OPTIMIZED APPLICATIONS & DATA
• Dynamic Datacenter Load Balancing• TCP Optimization• Health Monitoring• Geolocation• Automatic site-to-site failover
SECURE APPLICATIONS & DATA
• Transaction Assurance• DNS Security• Dynamic DNSSEC
with BIG-IP Global Traffic Manager (GTM)
Attack protection
with BIG-IP Application Security Manager (ASM)
Leading Web Attack Protection with BIG-IP Application Security Manager (ASM)
• Maintain security at application, protocol, and network levels
• Launch secure applications protected from vulnerabilities
Web ApplicationsBIG-IP ASM
SECURE APPLICATIONS & DATA
• Web Application Firewall• Protection from top OWASP threats including
DoS and DDoS• Log and report all application traffic• Provides L2->L7 protection
• PCI Compliance
Meet PCI Compliance
PCI reporting provides:
• Requirements with details
• Current compliancy state
• Steps to become compliant
with BIG-IP Application Security Manager (ASM)
Easily comply with audits
Dramatically Improve User Experience
when accessing your Web Applicationwith BIG-IP WebAccelerator
OPTIMIZED APPLICATIONS & DATA
• Cache repetitive content in browser
• Intelligent Compress• TCP optimization
Benefits of BIG-IP WebAccelerator
F5 – news
� New product – Big IP Advanced Firewall Manager
� high-performance, stateful, full-proxy network firewall
�640 Gbps of firewall throughput
�288 million concurrent sessions
�8 million connections per second
“Next Generation” Firewall
• Outbound user inspection• Who is doing what?• “Trusted” users to Internet• App awareness: Broad but
shallow
Corporate
(users)
Application Delivery Firewall
Data center
(servers)
• Inbound application protection• Application delivery focus• “Untrusted” users to data center• App awareness: Specific but deep
A Firewall Built for the Data Center
• Deliver a consistently fast experience regardless of the countless variables
• Manage new and evolving protocols as well as ever-increasing and
inconsistent traffic
• Guarantee application availability, while reducing OPEX and CAPEX
Use Case: Application Delivery
Customer
needs to
F5 Value
Delivered
Dynamic,
highly
interactive
web
applications
at the speed
of business.
Mobile Content
Delivery
Intelligent traffic
management
Enterprise
Application
Performance
Improve end user experience, increase revenue, and enhanced productivity without the need to rewrite applications
Availability:
Always on
Direct users to the best location based on real-time application delivery data and performance
Optimize traffic management decisions based on contextual message data.
Deliver customized device-aware content optimization
• Attain protection from full spectrum of DDoS attacks
• Achieve full SSL visibility and protection
• Rely on key partnerships give you full vulnerability checking and
website protection
Use Case: Security
Customer
needs to
With high scale and performance capabilities, the BIG-IP and VIPRION hardware platforms running the Advanced Firewall Manager module represent the world’s fastest firewall
F5 Value
Delivered
F5 provides
application
layer security
and protects
your Internet
data center
from today’s
attacks
regardless of
where they
live.
Accelerated and secure
remote accessProtection at scale
The Access Policy Manager (APM) module running on BIG-IP and VIPRION platforms represents the industry’s most scalable remote access solution
• Ensure optimal network performance during IPv6 migration and handle the high
number of translations and concurrent connections
• Support millions of logs being generated during Network Address Translation (NAT)
with High Speed Logging
• Consolidate multiple services onto a single platform to streamline their network
and introduce new services faster to market while reducing costs
• Provide highly available platform for a reliable network and continuous up-time.
Use Case: Service Provider
Customer
needs to
• Highly scalable platform enables you to handle more concurrent connections and new CPS helps you manage traffic with fewer resources resulting in lower CAPEX and OPEX
• Scales to support generation millions of logging records and exporting them to a system logging server
F5 Value
Delivered
High availability platform ensures service uptime and at-peak performance
• Intelligent Services Platform is an intelligent software-controllable platform enabling any service to run on any blade, resulting in simpler configuration and management of network resources
• Consolidate the number of servers along with power, space, cooling, and management requirements.
Available Scale Consolidate
Hvala!
Case Study
Zagreb, veljača 2013.
CARNet NISpVU i eMatica
Branko Radojević
Ana Klisura
Takeaways
� Molimo popuniti upitnike i kod hostesa zamijeniti za mali znak pažnje
� F5 – puno više od Load Balancera
� Optimizacija
Hvala!
Jakub SumpichTerritory [email protected]
8 of the Fortune 10 companies • 44 of the Fortune 50 companies • 18 of the top 20 U.S. commercial banks • 3 of the top
F5 Introduction
ApplicationDeliveryNetwork
Users Data Center
F5 is #1 WW for Traffic/App Optimization
SAPMicrosoft
Oracle
At HomeIn the OfficeOn the Road
•Bigger competitive ability•Lower OPEX costs of DC•Application investment protection
Benefits:
F5 Overview
-
50.000
100.000
150.000
200.000
250.000
300.000
350.000
400.000
$ T
hous
ands
Publicly traded on NASDAQ
3,000+ employees
IPO in 1999
F5 Networks is the leading provider of application and data
delivery networking
Our products sit at strategic points of control in any
infrastructure
Fiscal Year 2012 Revenue US$1.38B
1,380,000,000
Organizations Worldwide Trust F5
F5 Customer highlights
• 43 of the Fortune 50 companies1
• 15 of the top 15 US commercial banks1
• 6 of the 6 top US airlines1
• 10 of the top 10 US insurance companies - property and casualty1
• 5 of the top 6 healthcare: pharmacy and other services1
• 14 of the 15 executive branch departments of the US federal government2
• 10 of the top 10 fixed AND mobile global service providers3
• 9 of the top 10 US online video brands4
• 4 of the top 5 US Internet search providers5
• 17 of 20 cloud infrastructure and Web hosting companies6
Sources: 1 Fortune 2010; 2 USA.gov Web site listing 3 Q310 Ovum Market share, by revenue, global; 4 Nielson NetRatings September 2010; 5 Comscore November 2010; 6 Gartner Magic Quadrant Cloud Infrastructure as a Service and Web Hosting (On Demand, December 2010)
Application
How to fulfil business needs?
Network Administrator Application Developer
Hire army of developers?Add equipment?
MoreBandwidth
Multiple Point Solutions
CRM CRM SFA ERP
ERP ERP SFACRM
SSL Acceleration
Network Point Solutions ApplicationsUsers
Server Load Balancer
Rate Shaping
DoS Protection
ApplicationFirewall
ContentAcceleration
TrafficCompression
Connection Optimisation Customised
Application
Mobile Phone
PDA
Laptop
Desktop
Co-location
Result: Complicated and expensive infrastructure
CustomisedApplication
The F5 Solution ApplicationsUsers
Mobile Phone
PDA
Laptop
Desktop
Co-location
Solution – Application Delivery Controller (ADC)
CRM
Database
Siebel
BEA
Legacy
.NET
SAP
PeopleSoft
IBM
ERP
SFA
Custom
TMOS
Application Delivery Network
185 billion mobile app downloads
by 2014
50 billion connected devices by 2020
Cloud Computing is in the Top 3 concern for CIO priority in 2012
More deliverymechanisms
71% of all work will be mobileor web-based by 2020
More challenges impacting ITinfrastructure
More users andmore choices
Traditional Application Delivery Challenges
FirewallADC
Clients
App servers Storage
App servers Storage
Traditional Application Delivery Challenges
ADC
App servers StorageSaaS
Cloud
Firewall
Clients
More Endpoints More Delivery Models More Apps
App servers Storage
Solution: An Intelligent Services Platform
Virtual
Physical
Cloud
Storage
An Intelligent Services Platform connects any user, anywhere, from any
device to the best application resources, independent of infrastructure.
Anywhere, any service, any device Intelligent Dynamic , agile, adaptive
Clients
Full Intelligence Requires a Full Proxy
App “point of delivery & definition”App Intelligence - layer 3- 7 visibilityDistinct client / server controlUnified services / context Interoperability and gateway functions
Intelligent Full Proxy Benefits
Network
Session
Application
Physical
Client/Server
IT = Complete ControlBusiness = Reduced Delivery Costs
Network
Session
Application
Physical
Client/Server
Web Application Web Application
View of the Analytics
F5 Networks
� Offers the most feature-rich AP ADC , combined with excellent performance and programmabilityvia iRules and a broad product line .
� Strong focus on applications , including long-term relationships with major application vendors , including Microsoft, Oracle and SAP.
� Strong balance sheet and cohesive management team with a solid track record for delivering the right products at the right time.
� Strong underlying platform allows easy extensibility to add features.
� Support of an increasingly loyal and large group of active developers tuning their applications environments specifically with F5 infrastructure.
Gartner Advanced Platform DC Market Share
iRules iControl iApps
Hardware Software
TMOS
Secure
Available
Fast
F5: An Intelligent Services PlatformF5 makes the connected world run better
Application Delivery Controller
Mobile optimization solution
Application Delivery Firewall
Mobile User and Application Access Management
WAN Opt and WAN acceleration
DNS Delivery Services
Local and Global Load Balancer
DevCentralUser Community
Programmable/Extensible
Enterprise
Foundation
CustomizableTraffic Management
IntelligentIntegrated
Context aware
Scale
F5 solutions available today:
Intelligent Ecosystem
The F5 Business Value
Improves end-to-end application delivery
Increased availability, scalability, performance, and security drives increased business productivity and faster ROI
Improves application performance and the user experience
Maximizes and protects application investments, reducing operating and capital expenses
Protects applications against security threats and network problems
Lowers cost and risk of deployment and
maintenance
Delivers applications to high-performance mobile and remote users while providing dynamic, flexible and powerful security.
Efficiently delivers highly reliable application services while maintaining maximum availability regardless of location or state.
Improves performance, increases employee productivity, boosts business operations and drives e-commerce revenue.
Benefits of the Intelligent Services Platform for Enterprise
Fast
Available
Secure
Enterprise
iRules iControl iApps
Hardware Software
TMOS
Secure
Available
Fast
DevCentral
Efficiently delivers highly reliable application se rvices whilemaintaining maximum availability regardless of loca tion or state.Available
BIG-IP GTM has had an immediate and profound effect on our reliability. If a server ever goes down, it reduces our downtime from 8-10 minutes to a coupleof milliseconds.
Don Wood,Director of Technology,
DNSstuff.com
75%of all U.S. businesseshave experienced interruptions due to:
power
hardware
telecommunications
software problems
A new set of customers. There is a large, untapped customer base in Asia that connects with IPv6-only devices and can only communicate with IPv6 hosts.
IPv6
IPv6
“ Cloud-based disaster recovery has the potential to give companies lower costs yet faster recovery, with easier testing and more flexible contracts.”
- Rachel Dines, Forrester
Fast Improves performance, increases employee productivi ty,boosts business operations and drives e-commerce re venue.
Every 100ms delay
As of October 2012, there were over 188 million active websites, a growth of 180% over the last 5 years.
When we moved our Microsoft application servers behind theBIG-IP LTM devices,we immediately noticed a dramatic performance improvement—the difference was likenight and day.
Kevin Rice, Global Network Architect,
A.T. Kearney
2012
2007
Costs Amazon
1% in sales.
2012
2007
DNS has grownover 100%
in the last 5 years.
180%
74% are willing to wait
5 seconds or less for a single web page to load before leaving the site.
Secure Delivers applications to high-performance mobile an d remote users while providing dynamic, flexible and powerful security.
BIG-IP APM gives usan essential additional layer of security.It also allows us to provide secure remote access to each of our customers’ corporateIT environments from their own networksand devices.
Jeffrey Dahn, CIO, Lokahi Solutions
of surveyed Internet, technology and social experts predict most work will be done via web-based or mobile applications by 2020.
4X
Anonymous proxies… have steadily increased, more than quadrupling in number as compared to three years ago.
An everyday laptop on an average connection can take
down an enterprise web server using SSL/TLS.
iRules®, iApps®, and iControl®iRules®, iApps®, and iControl®
TMOS®TMOS®
BIG-IP®
Advanced Firewall Manager
(AFM)
BIG-IP®
Advanced Firewall Manager
(AFM)
BIG-IP®
ApplicationSecurityManager
(ASM)
BIG-IP®
ApplicationSecurityManager
(ASM)
BIG-IP®
GlobalTraffic
Manager(GTM)
BIG-IP®
GlobalTraffic
Manager(GTM)
BIG-IP®
LocalTraffic
Manager(LTM)
BIG-IP®
LocalTraffic
Manager(LTM)
BIG-IP®
Carrier Grade NAT(CGNAT)
BIG-IP®
Carrier Grade NAT(CGNAT)
BIG-IP®
Policy Enforce-
mentManager
(PEM)
BIG-IP®
Policy Enforce-
mentManager
(PEM)
BIG-IP®
WAN Opt Manager(WOM)
BIG-IP®
WAN Opt Manager(WOM)
BIG-IP®
Web-Accelerator
(WA)
BIG-IP®
Web-Accelerator
(WA)
BIG-IP®
Access Policy
Manager(APM)
BIG-IP®
Access Policy
Manager(APM)
BIG-IP Module Architecture
Service ProviderSecurity
ADC
BIG-IQSecurity™
BIG-IQSecurity™
BIG-IQEM™
BIG-IQEM™
…
BIG-IQ™BIG-IQ™
Why Does F5 Build Purpose Built Hardware?
Customers require:
• Integrated hardware and software system
designed for application delivery
• High performance and on demand scalability
• Carrier grade reliability—delivering 99.999%
availability
• Products that will last and be supported for many
years
• Always On Management integrated into design to
detect and resolve issues
Focus on Customer Experience
Performance and Scalability
Quality and Reliability
F5 spends over $20 million annually on R&D
Leveraging AlliancesProgrammability
Cisco’s recent ACE news
Cisco has decided it will not develop further generations of its ACE load-balancing products…
Cisco Systems has significantly reduced its investment in the development of the company’s ACE product... to re-align resources with the company’s long-term opportunities.
As far back as 2009, Gartner was calling ACE a “legacy platform”, predicting that Cisco would have to cede the application acceleration market…
We also feel that F5, as the strong market leader, will be well-positioned to capture a large portion of the share…
Benefits of F5 Global Services
Fastertime to market
Increasedproject success
Quickerproblem resolution
Maximumreturn on investment
Technology expertise | Service excellence | Cust omer focus | Global coverage
Professional services Knowledge services Support serv ices
Better application performance, enhanced security a nd higher availability
iHealth
Case Study
Zagreb, 5. veljače 2013.
CARNet NISpVU i eMatica Ana Klisura
Sadržaj
1. NISpVU i www.postani-student.hr
2. eMatica
3. Izgradnja podatkovnog centra u CARNetu
4. Local Traffic Manager
5. Napredni nadzor sustava
6. Offload poslužitelja
7. F5 iRules
8. Što smo postigli u CARNetu?
Case Study – CARNet NISpVU i eMatica
NISpVU i postani-student.hr
� NISpVU – Nacionalni informacijski sustav prijave na visoka učilišta
� www.postani-student.hr – korisničko sučelje prema NISpVU sustavu
� Prijave na državnu maturu, objave rezultate, upisne liste za fakultete
Case Study – CARNet NISpVU i eMatica
� Servis se nalazi na LTM-u od samog
početka projekta Državna matura
� Najveće korištenje stranice u trenutku
objave rezultata ispita državne mature
� Između 30 000 i 40 000 korisnika svaku
godinu
eMatica
� Centralizirani sustav Ministarstva znanosti, obrazovanja i sporta za upisivanje
podataka o učenicima i zaposlenicima osnovnih i srednjih škola u Republici
Hrvatskoj
� Na kraju godine omogućeno je ispisivanje svjedodžbi učenicima
� Podaci uneseni u sustav automatski se sinkroniziraju s ostalim servisima
Case Study – CARNet NISpVU i eMatica
� Sustav preseljen na poslužitelje iza LTM
uređaja u CARNetu u svibnju 2012. godine
� Sustav se kontinuirano koristi kroz cijelu
godinu s najvećim opterećenjem na kraju
školske godine kod zaključivanja ocjena i
ispisivanja svjedodžbi
Izgradnja podatkovnog centra
� Visokodostupan računalni sustav mora osigurati dostupnost, brzinu i
sigurnost aplikacija korisnicima u bilo kojem trenutku bez obzira na vrijeme,
lokaciju korisnika ili bilo koji faktor koji može utjecati na rad i dostupnost
sustava
� Osiguravanje naprednih usluga i servisa i njihove nesmetane isporuke
članicama i korisnicima CARNet mreže
� Središnjica IT arhitekture i veliki korak prema zaštiti poslovanje
� Primarna i pričuvna lokacija podatkovnog centra
� Cilj -> zaštititi servise organizacije i ostvariti efikasan način raspodjele
opterećenja
Case Study – CARNet NISpVU i eMatica
Local Traffic Manager
� Nudi napredne funkcije poput upravljanja aplikativnim prometom, kontrole
pristupa i zaštite aplikativnog prometa na mreži
� Glavna uloga LTM-a je raspodjela opterećenja klijentskih upita prema
pozadinskim aplikativnim poslužiteljima
� Hardver dizajniran posebno za inteligentnu dostavu aplikativnog prometa: SSL
ubrzanje, kompresija, višejezgreno procesiranje
� Brojne opcije za optimizaciju i upravljanje aplikativnim prometom
� Modularnost i jednostavna nadogradnja
Case Study – CARNet NISpVU i eMatica
Visokodostupan računalni sustav u CARNetu
� Izgradnja podatkovnog centra na dvije lokacije
� Uređaji u active/standby načinu rada
� Connection mirroring - kompletno zrcaljenje svih postojećih konekcija
� Rezultat -> rješenje koje je visoko dostupno bez obzira na neispravnost sustava,
poslužitelja ili aplikacija te osigurava neprekidna usluga prema krajnjim
korisnicima
Case Study – CARNet NISpVU i eMatica
Napredan nadzor sustava
� Napredan nadzor svih dijelova sustava
• Veliki broj ugrađenih aplikativnih monitora
• Mogućnost kreiranja custom monitora
� Nadzor poslužitelja omogućuje odabir uvijek najboljeg resursa za isporuku
usluge korisnicima
� Nadzor rada servisa omogućuje uvijek odabir poslužitelja koji će ispravnu
aplikaciju isporučiti korisnicima
� Rezultat - > visoka razina raspoloživosti, veća pouzdanost i eliminacija false-
positive alarma
Case Study – CARNet NISpVU i eMatica
Offload poslužitelja
� Terminacija SSL prometa
• SSL/TLS enkripcija i dekripcija podataka na LTM
• Posebni hardverski optimizatori za SSL promet omogućavaju potpuni offload
opterećenja sa središnjeg CPU sustava
� Kompresija HTTP prometa
• Offload kompresije prometa s pozadinskih poslužitelja
� Caching HTTP prometa
• Spremanje objekata u LTM memoriji
� Brojni sigurnosni mehanizmi
• „Prva crta obrane”
• Veća sigurnost mreže i aplikativnih servisa
• Zaštita od DoS napada, SYN flood napada, UDP flood napada…
Case Study – CARNet NISpVU i eMatica
F5 iRules
� Moćan i fleksibilan skriptni jezik temeljen na događajima
� Omogućava kompletnu kontrolu i manipulaciju prometom koji prolazi kroz LTM
� Moguće ih je primijeniti na bilo koji transportni protokol ili aplikativni promet
� Posebno korisničko sučelje za pisanje iRule skripti
Case Study – CARNet NISpVU i eMatica
� U CARNetu:
• http -> https redirekcija
• Cachiranje prometa
• Usmjeravanje klijentskih zahtjeva
na odgovarajući skup pozadinskih
poslužitelja
• Logiranje određenih događaja u
sustavu
• Promjena sadržaja HTTP headera
Što smo postigli u CARNetu?
� Pouzdana i efikasna isporuka usluga korisnicima
� Rasterećenje i smanjenje broja krajnjih poslužitelja
� Raspodjela opterećenja na aplikacijskom sloju
� Poboljšanje aplikacijskih performansi
� Povećana sigurnost aplikacija i poslužitelja
� Napredan nadzor poslužitelja i aplikacija
� Uvijek odabir najboljih resursa
� Inspekcija i manipulacija aplikacijskog sadržaja
Case Study – CARNet NISpVU i eMatica
Prepoznata kvaliteta LTM-a
� Prepoznat doprinos LTM-a u uspostavi visoke dostupnosti i optimizacije servisa
� Od ove godine na poslužiteljima u CARNetu nalaziti će se i NISPUSS
� NISPUSS – Nacionalni informacijski sustav prijava i upisa u srednje škole
Case Study – CARNet NISpVU i eMatica
Kraj
� Optimizirana i sigurna isporuka usluga korisnicima
� Maksimalna dostupnost i optimalna dostava aplikacija
� Kontrola i mogućnost jednostavnog skaliranja sustava
� Mogućnost nadogradnje sustava kupnjom dodatnih modula ili licenci
� Visoka dostupnost servisa ili aplikacija kao zahtjev danas se postavlja pred svaki
sustav
Case Study – CARNet NISpVU i eMatica
Hvala na pažnji!