Delivering IT apps is not a simple exercise. There are a lot of issues to figure out:How do I make sure the app is always available?How can plan for growth?How do I make sure the delivery is optimized for the best end-user experience?How do I secure the app?How can I make sure I’m using my resources (servers, bandwidth) efficiently?
There’s a better way – the Application Delivery Controller. It’s a platform designed specifically to solve these issues, by making decisions in your network to ensure that your applications are always fast, secure, and available. BIG-IP Local Traffic Manager is the market-leading application delivery controller. It load balances, secures, and optimizes application traffic, giving you the control to add servers easily, eliminate downtime, improve application performance, and meet your security requirements.
asymmetric multiprocessing (ASMP), which uses separate specialized processors for specific tasks (which increases complexity), and computer clustered multiprocessing (such as Beowulf), in which not all memory is available to all processors.
TDR-1 After TDR-2 has removed all previously transferred byte patterns, WANJet applies a second class of data reduction routines called TDR-1. While TDR-2 is optimized to enhance repeat transfer performance, TDR-1 is designed to improve first transfer performance through the use of advanced encoding techniques and dictionaries optimized for very small repetitive patterns.
When you’re delivering an application, you also have to worry about security. Again you have a few options – you can try to modify the application, you can put in point solutions, or you can use your ADC as a strategic point of control to secure both your applications and your data. BIG-IP LTM has a number of features that provide security at the application level.Resource cloaking and content security – Prevent error codes and sensitive content from being presented to hackersCustomized application attack filtering – search for and apply rules to block known application level attacksPacket filtering – L4 based filtering rules to protect at the network levelNetwork attack prevention – protect against DoS, SYN floods, and other network attacks while delivering uninterrupted service for legitimate connections.MSM (add-on module)PSM (add-on module)ASM (add-on module)A "positive" security model identifies scenarios with a known degree of trust, only allowing access to trusted resources. The positive model assumes that a new scenario is un-trusted, and requires that trust be assigned before access and usage is granted. In the classic positive security model, only known good requests and known good results are delivered.
Layer 7 DoS Protection – Block application DoS attacks and increase end-user application performance with accurate triggers and automatic controls. This is based on a detection element and three different prevention methods which are applied one after another for in-depth prevention measures and techniques.Brute Force Protection – Detect and mitigate high volume failed login requests. ASM monitors server responses and when it detects multiple login failures related to a Brute Force Attack, ASM slows the requesting browser down.
Let’s start with the first two issues for application delivery – how do I make sure the app is always available and plan for growth? In the past, you could solve this with a simple load balancer. Spread the traffic among several servers and you’re done. But as applications get more complex, your method for load balancing has to keep up. You can’t just look at spreading traffic around, the load balancer needs to actually understand the application to distribute the traffic appropriately. LTM provides the advanced features you need to make application level decisions to direct users to the best possible resources.Static and dynamic LB methodsApplication health monitoring with specialized monitors for specific applicationsMultiple persistence methods (sticky sessions)Transaction insurance to inspect and respond to server and application errors
BIG-IP hardware is designed specifically for application delivery. Features such as hardware SSL, hardware compression, and multi-core processing enable BIG-IP hardware to deliver even the most demanding applications. Options for dual hard drives, dual power, and hot swappable components give you the highest reliability.
NOTE: The install will appear to hang at 87% for several minutes. This is normal.
Chances are you already implement administrative virtualization throughout your IT organization, but you probably don’t refer to it by this phrase.If you implement separate passwords for your root/administrator accounts between your mail and web servers, and your mail administrators don’tknow the password to the web server and vise versa, then you’ve deployed management virtualization in its most basic form. The paradigm can beextended down to segmented administration roles on one platform or box, which is where segmented administration becomes “virtual.” User andgroup policies in Microsoft Windows XP, 2003, and Vista are an excellent example of virtualized administration rights: Alice may be in the backupgroup for the 2003 Active Directory server, but not in the admin group. She has read access to all the fi les she needs to back up, but she doesn’thave rights to install new fi les or software. Although she is logging into the same sever that the true administrator is logs into, her user experiencediffers from the administrator. Management virtualization is also a key concept in overall data center management. It’s critical that the networkadministrators have full access to all the infrastructure gear, such as core routers and switches, but that they not have admin-level access to servers
Leveraging F5 for Application Delivery<br />Shane Coleman<br />Field Systems Engineer, Wisconsin & Northern Illinois<br />email@example.com<br />
Who Is F5 Networks?<br />Value Innovation<br /><ul><li> Unique TMOS architecture
Organizations Worldwide Trust F5 to Keep Their Businesses RunningIncluding 9 out of 10 of the world’s top financial services firms and 60% of the Global 1000<br />Financial<br />Media<br />Other<br />IT<br />Transport<br />Telco/ISP<br />
Traditional Methods of Resolution<br />Multiple Point Solutions<br />Application<br />More<br />Bandwidth<br />Application Developer<br />Network Administrator<br />Add more infrastructure?<br />Hire an army of developers?<br />
F5 BIG-IP TechnologyTurn your infrastructure into an agile application delivery network<br />BIG-IP<br />Users<br />Applications<br />Optimizeyour Applications, Network and Client Connections<br />Secureyour Applications<br />Customizethe delivery of your Applications<br />ensure Scalable, Adaptable, Highly Available Applications<br />provideManageability to administrators<br />
Clustered Multi-Processing<br />Benefits of<br />Asymmetric Processing<br />Symmetric Processing<br />No Overhead of CPU Context Switching<br />Load Balances processes across ALL Cores<br />
WAN Application Delivery ServicesSecure and optimize site-to-site<br />BIG-IP<br />BIG-IP<br />WAN<br />Firewall<br />Firewall<br />iSessions<br />Symmetric Adaptive Compression<br />SSL Encryption<br />Complete L7 QoS<br />TCP Express 2.0<br />Servers<br />Servers<br />iSessions secure, optimized connection between two BIG-IPs<br />
Improve Connections Starting from Client<br />EDGE Client <br />Smart reconnect feature <br />survives endpoint IP address change (such as AP hop) <br />detects domain changes for automatic VPN tunnel setup/teardown<br />Adaptive compression <br />effort level automatically dials up/down with server/CPU load)<br />Datagram TLS<br />optimizes traffic especially on lossy WAN connections and real time traffic<br />Client side traffic shaping<br />prioritizes sensitive applications (such as VOIP traffic )<br />
Secure the Applications & Data<br />Industry Recognized<br />ICSA Certified<br />SC Magazine’s 2009 Best Web Application Security Solution<br />Simplified Administration<br />Rapid Deployment Policies<br />Automatic policy builder with templates<br />Flexible Architecture<br />Bridge or Routed<br />Blocking or Passive Modes<br />Strong Security<br />Protocol Anomaly Detection (DoS, Brute Force)<br />Full XML schema validation<br />Data Guard & Cloaking<br />Protocol Security for FTP, HTTP and SMTP<br />Forceful Browsing & Logical Flaw Mitigation<br />OWASP top 10 and “0 Day” Protections<br />
Secure the Applications and Data<br />Network and Protocol Attack Prevention<br />Resource Cloaking and Content Security<br />Positive & Negative Security Models<br />Selective Encryption<br />Security at Application, Protocol and Network Level<br />Meet compliance requirements (PCI, HPPIA, etc.)<br />Strong protection without interrupting legitimate traffic<br />“BIG-IP enabled us to improve security instead of having to <br />invest time and money to develop a new more secure application”<br />Application Manger<br />Global 5000 Media and Entertainment Company<br />TechValidate 0C0-126-2FB<br />
Adaptive Application SecurityUnique Attack Detection, L7 DoS and Brute Force Protection<br />Remediate unwanted clients while servicing desired clients<br />Improved application availability <br />Focus on higher value productivity while automatic controls intervene<br />
Provide Trust-Based Access<br />User Trust:<br />LDAP<br />Windows Domain<br />Active Directory<br />Radius<br />Single Sign On<br />Two-Factor Auth<br />Client Side Certificates<br />The EDGE is Fluid!<br />Resources / Applications<br />Access Policy Manager (APM)<br />Corporate Network<br />Internet<br />Access and Control<br />Network Access<br />Web Application Access<br />Role Based Access Control<br />L4, L7 ACLs<br />Integration with 3rd Party IAM vendors<br />Device Trust:<br />Antivirus<br />Personal Firewall<br />Files and Registry Settings <br />OS & Browser Patches<br />Trusted IP<br />REMEDIATION – When End Point Scan Fails<br />Manageability<br />BIG-IP GUI, tmsh, iRules, iControl<br />Visual Policy Editor – Easy to Build & Maintain end point security access policies<br />Role Based Admin – admin access based on organizational role<br />End User Experience<br />WAN Optimization and Web Acceleration<br />Standalone Client<br />Web based Client<br />
Customization of Application Delivery<br />iRules<br />iControl<br />
Customize your Delivery with iRules<br />Programming language integrated into TMOS<br />TMOS (Traffic Management Operating System)<br />Based on industry standard TCL language<br />TCL (Tool Command Language)<br />Inbound or outbound traffic can be:<br />intercepted<br />inspected<br />transformed<br />directed<br />tracked<br />0101010101010101010101010101010101010101010101010101010101010101<br />
Connect with 40,000 ADC ExpertsAt DevCentral<br /><ul><li>Blogs
It Starts with Load BalancingEnsure availability and plan for growth<br />8 Dynamic LB<br />Methods<br />Application Health Monitoring<br />High Performance<br />Hardware<br />Session Persistence<br />TransactionAssurance<br />LTM load balances at the application level<br />Ensures the best resources are always selected<br />Has deep visibility into application health<br />Proactively inspects and responds to errors<br />Eliminate downtime and scale the application<br />
Intelligent Monitoring: Monitor real traffic instead of probing<br />In-Band Monitors <br />Monitor is based on live traffic connections<br />Detects true state of application without active monitor overhead<br />Alleviates active monitors constantly sending traffic to the servers; catches downed nodes in between the active monitor probe internals<br />Marks node down after pool member does not respond to a connection within a certain amount of time<br />Can automatically attempt to send a connection to a downed node<br />Can only force the active monitor to be used for probing if the passive monitor detected the node as down<br />01010101010101010101010101010101010101010101010101010101010101010<br />
Offering Resiliency & High Availability<br />Hardware designed specifically for Application Delivery<br />Industry’s best performance – up to 40 Gbps throughput<br />Hot-Swappable Components<br />Flexible deployment options – FIPS, NEBS, DC power<br />Always-on Management<br />All Hardware supports intelligent High Availability<br />Stateful Failover for session-based applications<br />
Global (Site) Adaptability<br />Data Center Asia<br /> Data Center North America <br />ISP-2<br />ISP-1<br />Firewalls<br />BIG-IP <br />Firewalls<br />BIG-IP <br />Internet<br />Data Center Europe<br />Firewalls<br />BIG-IP <br />Leverage Global DNS capabilities within BigIP<br />
Installation progress<br />Once the install has completed, simply click on any link in the GUI to navigate away from the page<br />
Boot to the new installation<br /><ul><li>Unlike previous versions of BIG-IP selecting a new boot location is immediate and does not just set the boot location preference for the next boot
If you click this the link for a different boot location you will be prompted for confirmation, then the system will boot into the selected boot location</li></li></ul><li>Resource provisioning<br />
Management Virtualization<br />Driving forces: <br />Regulatory, Best Practice<br />Benefits: <br />Compliance, Reduce Configuration Errors<br />F5 Management Virtualization<br />Partition Virtualized Servers, Resources and Monitors<br />Limit Roles within the Partitions<br />