This document summarizes F5's integration with OpenStack. It discusses how F5 provides load balancing as a service (LBaaS) and application delivery services using Heat orchestration templates. F5 supports both multi-tenant and dedicated virtual application delivery controllers (vADCs) on OpenStack. Heat templates can be used to deploy and configure F5 solutions, including basic and advanced load balancing, application security, traffic optimization, and more. Case studies show how large enterprises and managed service providers use F5 with OpenStack private clouds to deliver advanced application services to tenants in a scalable manner.
3. Application Delivery Firewall (ADF) Solution
Bringing deep application fluency and price performance to firewall security
EAL2+
EAL4+ (in process)
Network
Firewall
One Platform
Traffic
Management
Application
Security
DNS
Security
SSLAccess
Control
DDoS
Protection
Web Fraud
Protection
DC FW (in process)
WAF (in process)
DDoS (pending)
27. 28
• Declarative text files that
describe a cloud application
• Extendable to non-OpenStack
resources via plugins
• Integration with software tools
(Puppet, Chef, Ansible, Salt)
• ADC hardware, virtual editions
• In the provider space, or as a
dedicated VE in the tenant
Heat Implementation
32. 34
• Orchestration and Management
• Heat orchestration with a self-service catalogue
• Heat templates for advanced app/security services
• Provider Tier
• L2-L4 and L4-L7 services
• License manager: Pools of
virtual edition licenses
• Tenant Tier
• App delivery, management,
protection services
Case Study: Large Transportation Customer
33. 35
• Open source
• Documented
• Other F5 open source
projects
• Ansible, Puppet, Chef
• AWS CloudFormation
Templates
• Python
• More
Get it on GitHub
34. 36
• Look for
• 24x7 multi-lingual
technical support
• Deep technical
expertise
• ISO 9001
certification
• Search "GitHub"
on Support site
Enterprise Support for App Delivery in OpenStack
SEATTLE
SPOKANE LOWELL
LONDON
SINGAPORE
TOKYO
BEIJING
SHANGHAI
TEL AVIV
AUCKLAND
35. 37
• Member of OpenStack foundation
• Open source LBaaS plug-in and
Heat templates
• Certification with popular distributions
• GitHub: Plugins, Heat template library,
technical documentation
OpenStack Community Collaboration
StackForge
Certified Drivers
36. 38
OpenStack Ecosystem ‒ Certified Integrations
• Certified version Red Hat OSP v6.0 April
2015
• OSP v7.0 certification completed June 2016
• Certification and Runbook approved by
Mirantis on Jan 1, 2016
• Certified version HPE Helion Enterprise
(HOS v2 / LBaaS v1)
• Certification of HPE Helion Carrier Grade
in process
• Validation completed on April 24, 2016
• Documentation to be posted shortly
38. 40
The right set of hardware/software for your tenancy model
• Deploy in the tenant project or provider space
• Same interface, same functionality
• Continue to utilise your ADC hardware
Full integration with OpenStack enabled by Heat templates
• Prepares stock VE images for OpenStack
• Deploys vADCs onto OpenStack
• Can upgrade and cluster any set of ADC products
Additional networking and security capabilities
• Future Heat templates
• Additional Neutron plugins
• Building a wider ecosystem
Application Delivery Services and OpenStack
39. 41
Spis treści: https://devcentral.f5.com/openstack
LBaaS v1: http://f5-openstack-lbaasv1.readthedocs.io
LBaaS v2: http://f5-openstack-lbaasv2-driver.readthedocs.io
Heat Plugin-y: https://f5-openstack-heat-plugins.readthedocs.io
Heat Templaty: http://f5-openstack-heat.readthedocs.io
OpenStack in a backpack (zrób to sam): Publikacja październik/listopad info
g.kornacki@f5.com
Pozostałe: http://f5-openstack-docs.readthedocs.io
Co dalej?
OpenStack to open-source-owe oprogramowanie dla chmury obliczeniowej, zazwyczaj stosowane jako Infrastructure-as-a-Service (IaaS).
Some might think it is a confusing list of project and release names
Rackspace and NASA (2010)
Release names origin and meanings
You might recognise: Juno, Kilo, Liberty, Mitaka, etc.
Mitka np. ulica w Tokio –wybierają nazwy miejsc w pobliżu summitów OpenStacka
Project code names
Heat, Neutron, Glance, Nova, etc.
Liczydło
Siecidło
Obrazowo
To jest tylko szablon w ramach którego dostępne są darmowe jak i komercyjne implementacje Hypervizorów, switchy ruterów, storagy,
Np. hypervisory mogą być KVM, QUEMU, VMWare, XenServer, HyperV.
Ale software implementacje np. sieci mogą okazać się niewystarczające np. openvswitch node ma ograniczenie do 3G.
Dlatego Openstack dopuszcza komercyjne i również hardwarowe implemntacje zarówno funkcjonalności sieciowej, storagowej jak i security oraz load balancing.
Np. Cisxo Nexus Mechanism Driver umożliwia implementacje VLAN-ów i VXLAN-ów na routerach Nexusach.
Juniper dostarcza również VXLAN gw.
Oczywiście jest cała długa lista vendorów dostarczających tego typu integracje.
W skrócie, można postawić IaaS na OpenSourcie i doinwestowywać specjalizowanych HW tom gdzie OpenSource i X86 kuleje.
https://www.openstack.org/marketplace/drivers/
OpenStack to wiele serwisów udostępnianych do użytkowników końcowych jako api HTTP, HTML i REST
Dodatkow SQL i AMQP broker
Prawie wszystkie serwisy powinny być proxowoane. Dlaczego? Odpowiedzi poniżej.
Tysiące fizycznych serwerów w wielu Availability zoneach.
Historia o obserwowaniu statyskyk http response code 500
Wspomnieć o Analytics.
Spore środowisko IT,
IT do śledzenia przesyłek i ciężarówek jest drugą najważniejsza rzeczą po kierowcach i ciężarówkach ;-)
Provider Services (IaaS Owner - North/South)
· LBaaS v1 and v2 (L4 Services) - LBaaS v2 March RTM. Heat Templates · L3 Agent - Router Services (NAT/SNAT) · FWaaS – Future, not by Agility· DDoS – via HW syn cookies, Shuttle DDoS capabilities
GSLBaaS (DNSaaS) – Future, not in API till April
SSL Offload
Orchestration and Management
Heat orchestration system with a self-service catalogue that allows users to select, provision, and deploy the needed application services
Heat templates to deliver advanced app and security services
Provider Tier
L2-L4 services: Router services (NAT/SNAT), Firewall, DDoS
L4-L7 services: GSLB, DNS, SSL offload
License manager: Pools of virtual edition licenses
Tenant Tier
App delivery, management, protection services
Proxy, L7 optimisation, WAF
When we think about OpenStack we cannot approach the consortium as we would a typical partner like VMware or Cisco. Large open source projects are a the result of contributions from multiple vendors who have as an objective to provide a differentiated solution with tools and features layered on top of the Open Source product. Open Source is the result of a many contributions from organizations as diverse as NASA, Ebay, and Rackspace. The open source nature of this project means that the introduction of new features is dependent on who helps to create the specifications for that feature (i.e. LBaaS, or Project Murano)
Each of the above vendors have made a significant contribution to the OpenStack consortium but are also releasing commercial products based on the OpenStack platform:
RedHat – RedHat OSP 7.0 (Certified for 6.0 currently in process with 7.0)
Mirantis – Fuel (Signed Partnership Agreement) Materials Available On Mirantis.com 12/31
HP – Helion (Certification Performed in Oct 2015 with OpenStack Juno Release)
IBM – BlueMix (TBD)
VMware – VIO (TBD)
Another crucial area for these vendors is around orchestration, Mirantis, Redhat, HP and IBM are all offering different orchestration products to help manage OpenStack based private clouds. It is important that over time F5 integrate with the most common orchestration players to ensure that F5 services may be seamlessly deployed in an Openstack Environment. There is also Project Murano, a self service catalog for OpenStack private cloud deployments
Finally we need to review the SDN value Proposition. We need to understand that scale will be an essential part of any OpenStack environment. Currently Neutron (Openstack Networking) has limited scale. Many SDN startups have focused their sales and marketing efforts almost entirely on greenfield Openstack deployments in the hope that the scale and performance that these products provide will aid in a successful OpenStack deployment. Established vendors like Cisco and VMware have developed their own OpenStack plugins but we have also seen emerging SDN players like Midokura, Plumgrid and Bigswitch making inroads with our customers.
Bigswitch –Verizon (Signed TAP Partner Since 2013)
Mikokura – Cerner (Validation In-Process with Midokura for Cerner)
Plumgrid – Amex Serve (Signed TAP Partner Since 2013)
VMware NSX – Wells (Validation with OpenStack TBD)
RedHat – RedHat OSP 7.0 (Certified for 6.0 currently in process with 7.0)
Mirantis – Fuel (Signed Partnership Agreement) Materials Available On Mirantis.com 12/31
HP – Helion (Certification Performed in Oct 2015 with OpenStack Juno Release)
IBM – BlueMix (TBD)
VMware – VIO (TBD)
The OpenStack dev team is pleased to announce the following releases:
- LBaaSv2 agent and service provider driver, v8.0.3 (liberty)
- Heat Plugins, v7.0.3 (kilo) & v8.0.2 (liberty)
- Heat Templates, v7.0.2 (kilo)
Release announcements are posted on DevCentral: https://devcentral.f5.com/articles?tag=openstack and in our public Slack channel: https://f5openstack.slack.com/.
Information regarding F5’s OpenStack projects is kept up-to-date in our DevCentral wiki: http://devcentral.f5.com/openstack.
The OpenStack dev team is pleased to announce the following releases:
- LBaaSv2 agent and service provider driver, v8.0.3 (liberty)
- Heat Plugins, v7.0.3 (kilo) & v8.0.2 (liberty)
- Heat Templates, v7.0.2 (kilo)
Release announcements are posted on DevCentral: https://devcentral.f5.com/articles?tag=openstack and in our public Slack channel: https://f5openstack.slack.com/.
Information regarding F5’s OpenStack projects is kept up-to-date in our DevCentral wiki: http://devcentral.f5.com/openstack.
Technology shifts are all trying to answer a number of key questions about applications:
How do we secure them?
How do we deliver them?
How do we monetize them?
How do we connect them?
How do we optimize them?
How do we get them to market faster?
practice of slowing down rate of change to better manage network is coming to an end. LOBs are spinning up Shadow IT/Ops teams to deliver their needs and are often deploying out to the cloud.
But IT/Ops is tasked with following regulatory compliance and other tasks so this is currently a lose/lose situation.
Innowacyjność (Tutaj Time to market i Increase Revenue) i obniżenie ryzyka sa przeciwstawnymi celami.
Dlatego też jest public cloud (szybka alokacja zasobów) i powtarzalność przez autmatyzacje.
News Corp story:
http://www.cio.com/article/2988869/cio-role/how-news-corp-is-uniting-10-business-units-and-25000-employees-in-a-global-it-push.html
News Corp: Among the initial goals for the new IT transformation: to get 75 percent of News Corp's computing power onto the cloud within three years, to consolidate its 50 data centers down to six, and to achieve $100 million in savings over three years. Now just two years in, that savings objective has already been met. The company has brought roughly 50 percent of its computing power onto the cloud -- leaving just 25 percent still to go -- and more than 20 data centers have been closed.
GE story:
“As you can imagine, as a company that is 140 years old, we have a lot of sins of the past that we have to deal with, like many of you,” said Fowler. “We have got 9,000 applications that we use across our business every day. We have over 300 ERP systems that are running our business, and too many physical datacenters to talk about. We have really had to look at what we have to change in our environment to enable us to become the leading digital industrial in the world.”
GE currently has over 2,000 locations on its network, but every jet engine and train will be a network location from now on, so its network has to change to accommodate all of these mobile devices as well as things such as power plants in the desert. GE has to get rid of bespoke systems in its datacenter and move to more modern, virtualized infrastructure that scales, too.
To help pay for all of this investment, GE is moving about 60 percent of those 9,000 workloads to AWS over the next three to five years. And Fowler gave an example to illustrate why.
The part of GE that sells equipment to the oil and gas business has migrated over 50 percent of its application workload into AWS. One of the applications was a quoting and configuration tool that salespeople used in the field. It cost around $62,000 a year to run this application in GE’s own datacenters and it generated something on the order of $600,000 in orders; any time GE wanted to make a change to this application, it took around 20 days to accomplish that. After moving this application into AWS, this application cost $6,000 per year to run, code changes for it can be deployed in under 2 minutes, and the application is more available and works better, too.
As part of the consolidation, GE is going to be closing down 30 of its 34 datacenters. “And those four datacenters will only hold what we value most – our secret sauce that differentiates us – and everything else is going to AWS,” Foster continued. “For us, this is no longer an experiment. It is no longer a test. It is no longer something that we talk about as being probable. It is inevitable. We are moving, and we are glad to have AWS as our partner.”
Some might think it is a confusing list of project and release names
Rackspace and NASA (2010)
Release names origin and meanings
You might recognise: Juno, Kilo, Liberty, Mitaka, etc.
Mitka np. ulica w Tokio –wybierają nazwy miejsc w pobliżu summitów OpenStacka
Project code names
Heat, Neutron, Glance, Nova, etc.
Wysoka dostępność
LBaaS v1 i V2
iApp i boject-based F5 configuration
Kliencie chcieli przyspieszenia dostarczania usług. Odpowiedzią był OpenStack
Provider Services (IaaS Owner - North/South)
· LBaaS v1 and v2 (L4 Services) - LBaaS v2 March RTM. Heat Templates · L3 Agent - Router Services (NAT/SNAT) · FWaaS – Future, not by Agility· DDoS – via HW syn cookies, Shuttle DDoS capabilities
GSLBaaS (DNSaaS) – Future, not in API till April
SSL Offload
Orchestration and Management
Heat orchestration system with a self-service catalogue that allows users to select, provision, and deploy the needed application services
Heat templates to deliver advanced app and security services
Provider Tier
Multi-tenant hardware: Traffic separated by overlay (VXLAN), Route domains and admin partitions to separate config and IP space
L4-L7 services: Advanced application delivery, SSL offload, WAF
Tenant Tier
Deliver application services
Virtual server insertion in tenant space
No ADC virtual machine or admin access
The OpenStack dev team is pleased to announce the following releases:
- LBaaSv2 agent and service provider driver, v8.0.3 (liberty)
- Heat Plugins, v7.0.3 (kilo) & v8.0.2 (liberty)
- Heat Templates, v7.0.2 (kilo)
Release announcements are posted on DevCentral: https://devcentral.f5.com/articles?tag=openstack and in our public Slack channel: https://f5openstack.slack.com/.
Information regarding F5’s OpenStack projects is kept up-to-date in our DevCentral wiki: http://devcentral.f5.com/openstack.