BIG-IP Advanced ADC Access Policy Manager


Published on

The powerful new BIG-IP release offers a rich set of advanced services providing unparalleled control and up to 10 times CapEx and OpEx reductions for enterprises, as well as service and cloud providers. BIG-IP v10.1 enables organizations to: (1) Reduce CapEx and OpEx through centralized, granular access control using the new BIG-IP Access Policy Manager™; (2) Improve end-user experience and enhance security by creating policies based on user location with IP geolocation services integrated into TMOS; (3) Reduce bandwidth costs and improve disaster recovery through accelerated data transfers with the new BIG-IP WAN Optimization Module™; (4) Deploy applications faster by leveraging new Application Ready Templates for SAP and Microsoft Exchange Server 2010

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • DC = Data Center
  • BIG-IP Advanced ADC Access Policy Manager

    1. 1. BIG-IP V10.1Advanced ADC<br />New ADC services deliver unmatched control<br />and savings for next generation data centers<br />
    2. 2. F5 Vision: Unified Application & Data Delivery<br />Branch Employees<br />LAN & WLAN<br />Corporate Employees<br />LAN & WLAN<br />Mobile<br />Employees<br />Customer, Partners, or Suppliers<br />Remote<br />Employees<br />Context-Aware Networking<br />Corporate<br />Data Center<br />Apps and Data<br />in the Branch<br />Cloud Services<br />SAAS<br />Hosted Applications<br />Enables the Dynamic Infrastructure<br />
    3. 3. Geolocation Based Services in BIG-IP<br />All TMOS products include integrated GeolP Database<br />Powerful geographic based policy control<br />GSLB enhanced<br />Filtering, Redirection, Reporting, and iRules Control (New)<br /><ul><li>Provided by Quova™</li></ul>Continent, country, state/region attributes<br />2.7 billion routable IP addresses <br />Accurate / Updateable<br />
    4. 4. BIG-IP Access Policy Manager (APM)<br /><ul><li>Consolidated and centralized access policy enforcement
    5. 5. L4 – L7 full proxy access control at BIG-IP speeds
    6. 6. Advanced endpoint security
    7. 7. VPE Rules – iRules style interface for custom access policies
    8. 8. TMOS / BIG-IP modules Integrates on the ADC</li></ul>Bringing Identity, Authentication, and Access Control to BIG-IP<br />
    9. 9. Authentication Alternatives Today<br />1<br />Code in the Application<br /><ul><li>Costly, difficult to change
    10. 10. Not repeatable, less secure</li></ul>Proxy<br />Web Servers<br />1<br />App 1<br />3<br />2<br />App 2<br />2<br />Agents on Servers<br /><ul><li>Difficult to manage
    11. 11. Not interoperable or secure
    12. 12. Decentralized and costly</li></ul>App 3<br />App n<br />3<br />Specialized Access Proxies<br /><ul><li>Doesn’t scale and not reliable
    13. 13. More boxes and expensive</li></ul>Policy Manager<br />Directory<br />
    14. 14. A Better Alternative – BIG-IP LTM + APM<br />BIG-IP benefits:<br /><ul><li>Reduce costs and complexity
    15. 15. Gain superior scalability and high availability
    16. 16. Enforce L4 – L7 ACLs at BIG-IP LTM speeds</li></ul>Proxy<br />Web Servers<br />App 1<br />LTM + APM <br />App 2<br />App 3<br />App n<br />Policy Manager<br />Directory<br />
    17. 17. Richer Application Delivery<br />Additional benefits:<br /><ul><li>Endpoint inspection
    18. 18. Virtualization for the Application and Directory
    19. 19. Web application security
    20. 20. Web application acceleration</li></ul>Web Servers<br />App 1<br />LTM + APM <br />ASM or WA<br />+<br />App 2<br />App 3<br />Endpoint<br />Security Checks<br />App n<br />Virtualization<br />(HA, Scale, LB)<br />Policy Manager<br />Directory<br />
    21. 21. Auth Proxy Integration – Before<br />Customer Planned Architecture <br />with Oracle Access Manager (OAM)<br />Web App<br />OAM Proxy<br />LB<br />App 1<br />SSL<br />…<br />…<br />App 200<br /><ul><li>Customer has 200 apps
    22. 22. Requires 2 Oracle Proxy’s per app or 400 servers
    23. 23. CAPEX: $4K per server includes proxy software (give away), hardware, and OS
    24. 24. OPEX: $3K per server
    25. 25. LB required for high availability</li></ul>OAM Manager<br />OAM Directory<br />
    26. 26. Auth Proxy Integration – After<br />Customer Architecture with <br />Oracle Access Manager (OAM) and BIG-IP<br />Web App<br />LTM + APM <br />App 1<br />SSL<br />…<br /><ul><li>Customer CAPEX savings: $1.344M
    27. 27. $1.6M ($4K * 400 servers) - $256K (Cost of APM)
    28. 28. OPEX savings: $1.2M / year
    29. 29. $3K * 400 servers</li></ul>OAM Manager<br />OAM Directory<br />
    30. 30. Step 2<br />Step 1<br />Step 3<br />Symmetric <br />Adaptive<br />Compression<br />Data <br />De-duplication<br />Application<br />Layer<br />Acceleration<br />Step 5<br />Step 6<br />Step 4<br />TCP<br />Optimization<br />Bandwidth<br />Allocation<br />SSL<br />Encryption<br />BIG-IP WAN Optimization Module<br />Industry’s fastest and most scalable for data replication<br />Up to10 Gbps optimized throughput (single connection)<br />Most cost-effective WAN Optimization service<br />Different services for different applications<br />Optimized<br />Data<br />WAN<br />TMOS Optimization Services<br />Additional WOM (Module)<br />Free WAN Opt Service with LTM<br />
    31. 31. Port Authority - Fast Document Downloads<br />Hosted Service Provider - East Coast<br />Port Authority - West Coast<br />Router<br />Firewall<br />Router<br />Firewall<br />Link: 20Mbps<br />80ms latency<br />0.1% loss<br /><ul><li> 40MB file takes 3+ mins
    32. 32. 2-4Mbps of throughput</li></ul>Internet<br />SSL<br />Contractors, guest & Port Authority users<br />DocuShare Servers<br />Problem<br /><ul><li>Files are slow to download
    33. 33. Encrypting file transfer increases download time
    34. 34. Not utilizing bandwidth effectively
    35. 35. Distance between DC’s (Latency)</li></li></ul><li>Port Authority - Fast Document Downloads<br />Hosted Service Provider - East Coast<br />Port Authority - West Coast<br />Router<br />Firewall<br />Router<br />Firewall<br />Link: 20Mbps<br />80ms latency<br />0.1% loss<br />iSessions<br />BIG-IP LTM + WOM<br />BIG-IP LTM + WOM<br /><ul><li> 9x faster
    36. 36. 40MB file takes 20secs
    37. 37. 12Mbps of throughput</li></ul>Internet<br />SSL Offload<br />Contractors, guest & Port Authority users<br />DocuShare Servers<br />Solution<br /><ul><li>Offload SSL
    38. 38. Utilize bandwidth more effectively
    39. 39. Accelerate data transfer over WAN
    40. 40. Mitigate the effect of latency</li></li></ul><li>BIG-IP – Next Generation ADC Services<br />Expanding Integrated ADC Market. <br />GeolocationBased Services<br />Improve global Application control and performance<br />Access Policy Manager<br />Simplify and reduce AAA and Web Access costs up to 90%<br />Integrated WAN Optimization Services<br />DC to DC – Reduce WAN costs and improve performance <br />