Brocade vADC Portfolio Overview 2016
•Download as PPTX, PDF•
4 likes•1,651 views
The Brocade vADC portfolio provides a range of application delivery controller solutions including the Traffic Manager load balancer, Web Accelerator, Web Application Firewall, and Services Director licensing manager, which can be deployed as virtual appliances on various hypervisor and cloud platforms and offer features like traffic management, acceleration, security, and flexible licensing.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Brocade vADC Portfolio Overview 2016
Similar to Brocade vADC Portfolio Overview 2016 (20)
Recently uploaded
Recently uploaded (20)
Brocade vADC Portfolio Overview 2016
- 2. The Brocade vADC Portfolio Overview Services Director • Elastic Services Director • Unique Flexible Licensing System • Flexible Footprint • Automation and Visibility Web App Firewall • Application Aware Firewall • Defends your applications against Layer-7 attacks Web Accelerator • Website Acceleration • Reduces page load time and cuts bandwidth Traffic Manager • Load Balancer / Traffic Manager / ADC • Provides reliability, security availability, offload, scripting and more
- 3. Deployment Options • 64-bit software binary • Linux or Solaris • Maximum flexibility for enterprise architects • Pre-packaged for leading cloud providers • Closer integration with named CSPs and CSFs • AMIs for Amazon • VHD for Azure • Pre-packaged VA • Range of Hypervisors • VMware, Hyper-V, Oracle VM, etc. • Hypervisor-specific features Pure Software Virtual Appliance Cloud Packaging Bare-Metal Server Image • ISO or PXE image to install directly onto intel x86 servers
- 4. How It Works: Traffic Manager Web and Application Servers Respons e Monitors Request www www APPS APPS DB DB Virtual Server Client Connections Pool Server Connections TrafficScript RuleBuilder TCP Offload HTTP Caching Content Compression Service Level Monitoring Bandwidth Shaping Web Accelerator Application Firewall Response Rules Load Balancing Session Persistence Bandwidth Shaping SSL Encryption HTTP Multiplexing Concurrency Control Application Auto-Scaling TrafficScript RuleBuilder SSL Decryption Global Load Balancing Service Protection TCP Offload Rate Shaping Application Firewall Request Rules Public VIP
- 5. Programmability Part 1 : TrafficScript • Full deep packet inspection of the request and response packets: • A scripting language that lets you manipulate your traffic as it passes through the Traffic Manager: ‒ Request Rules, ‒ Response Rules, and ‒ Transaction Completion Rules • Some Common Use Cases: ‒ Enforce Business Logic ‘on-the-wire’ ‒ Work-Around Common Application Problems ‒ Add Business Value ‒ Diagnose Issues © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 7
- 6. Traffic Script: Translate URL after Web Site Update 1 $path = http.getpath(); 2 if( string.startswith( $path, "/products" )){ 3 http.redirect( "/services.html" ); 4 } Example of a simple rule: Check the URL for every request. If the URL starts with “/products, then redirect to “/services.html” Rule Builder Traffic Script Syntax will be familiar to anyone who has used Perl, PHP, C, BASIC, etc.
- 7. TrafficScript Examples • Hide Web Server Errors When Transactions Fail: © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 10 # If the server responds with an HTTP 500 Error: $code = http.getResponseCode(); if( $code >= 500 && $code != 503 ) { # Not retrying 503s here, because they get retried # automatically before response rules are run if( request.getRetries() < 3 ) { # Avoid the current node when we retry, if possible: request.avoidNode( connection.getNode() ); # Record a log event for the failure: log.warn( "Request " . http.getPath() . " to site " . http.getHostHeader() . " from " . request.getRemoteAddr() . " caused error " . http.getResponseCode() . " on node " . connection.getNode() ); # Then we can retry the request, and the user is none the wiser! ;^) request.retry(); } }
- 8. Traffic Script - Watermark PDF files Example of a Traffic Script rule invoking a custom Java program © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 11 Copyright Brocade 2016 For restricted Distribution
- 9. iRule vs TrafficScript 12© 2016 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only iRules = Time consuming and complicated TrafficScript = Quick and easy (and just as powerful)
- 10. Scale up & Scale Out: Done Right Clustering
- 11. Scale up & Scale Out: Done Right © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 14 Throughput 1Gbps 2 Gbps 10 Gbps+ Single Device, allocate more capacity
- 12. © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY N+M Clustering (Traffic IP Group Basics) • A Traffic IP (TIP) Group is a “Listener” for incoming traffic to be “Load Balanced” • TIP Groups can have one or more Traffic IP addresses • TIP Groups can live on one or multiple Traffic Managers TIP Group 1 TIP Group 2 TIP Group 3 TIP TIP TIP TIP TIP TIP TIP TIP
- 13. © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY N+M Clustering (Traffic IP Group Basics) • A Traffic IP (TIP) Group is a “Listener” for incoming traffic to be “Load Balanced” • TIP Groups can have one or more Traffic IP addresses • TIP Groups can live on one or multiple Traffic Managers TIP Group 1 TIP Group 2 TIP Group 3 TIP TIP TIP TIP TIP TIP TIP TIP
- 14. Web Accelerator Services Director • Elastic Services Director • Unique Flexible Licensing System • Flexible Footprint • Automation and Visibility Web App Firewall • Application Aware Firewall • Defends your applications against Layer-7 attacks Web Accelerator • Website Acceleration • Reduces page load time and cuts bandwidth Traffic Manager • Load Balancer / Traffic Manager / ADC • Provides reliability, security availability, offload, scripting and more • Automates web performance best practices • Increases innovation capacity and speed • Improves web performance, reduce bandwidth costs, boosts SEO & Sales
- 15. Automate Web Performance best Practices Dynamic Layout Compress • JavaScript & Stylesheet shrinking • Image resampling • Metadata removal • Dynamic Gzip/deflate compression • JavaScript/Stylesheet re-ordering • Removal of missing and duplicate content • Browser aware optimizations (Desktop, Mobile and legacy browsers ) Cache • On-Proxy resource caching • Dynamic page caching • Aggressive Browser caching • Auto URL versioning Combine • Merge Stylesheets • Image Spriting • Background image inlining Automates web performance best practices, so you can focus on strategic development & content
- 16. Services Director • Automates the deployment, licensing, provisioning & metering of ADC services • Elastic Services Director Web Accelerator • Website Acceleration • Reduces page load time and cuts bandwidth Web App Firewall • Application Aware Firewall • Defends your applications against Layer-7 attacks Traffic Manager • Load Balancer / Traffic Manager / ADC • Provides reliability, security availability, offload, scripting and more Web Application Firewall • Out of the box OWASP Top Ten protection • Configuration Wizards, learning mode with suggested rules • Granular custom rules • Application Security in the Cloud
- 17. WAF vs IPS vs NGFW © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 20
- 18. Open Web Application Security Project Most common application layer attacks © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 21 OWASP Top 10
- 19. Brocade Web Application Firewall A scalable, application-aware Layer 7 security solution, offering the highest protection and performance in web and cloud application security. The vWAF identifies and stops attacks that would typically be missed by a network firewall protecting valuable data. Web Application Firewalls allow customers to mitigate web application security threats in a scalable manner. 22© 2016 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only 1. Enforcer: lightweight, agent for data inspection 2. Decider: decides action based on current security for each app 3. Admin Console: central web-based admin console to create and maintain rule sets Server Farm Hacker User vWAF 2 3 1
- 20. Application Firewall – Integrated Scale out the CPU Cores and RAM on the Integrated Traffic Manager Web Servers Integrated WAF: Enforcers, Decider & Admin on single instance
- 21. Application Firewall – Distributed Any number or combination or Enforcers, Deciders and Admins is possible Admin ServersDecider ServersWeb Servers with Enforcers Enforcer Decider Admin
- 22. Dual Mode Protection Technical Aspects • Simultaneous dual-mode protection, enforcement & detection-only rulesets • Integration with third-party vulnerability scanning tools • Fine-grained protection policies per application Business Benefits • Allows iterative security policy changes without risk of false positives or relaxed defenses • Allows virtual patching of known vulnerabilities • Tune shielding to individual risk profile www www APPS APPS DB DB Detect Alert / log Protect Alert / log , Block © 2016 Brocade Communications Systems, Inc. CONFIDENTIAL
- 23. Web Application Firewall © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 27 •Reporting •Real-time Statistics •Logging Management • Proactive Security Features • Meet PCI-DSS compliance requirements • OWASP Top Ten Security • Aggregate SNMP, alerts and logs • Automated Learning and Ruleset Recommendations Aggregate data • Secure Session management, cookie protection, URL encryption, and form field protection • Bidirectional HTTP inspection App Level Security
- 24. • React appropriately to threats against relevant vulnerabilities as identified in the OWASP Top Ten • Enforce both positive and negative security models (white/black lists) • Inspect both web page content and the underlying protocols that deliver content • Support SSL termination so that encrypted transmissions are decrypted before being inspected by the WAF PCI DDS Details
- 25. Brocade Services Director Services Director • Elastic Services Director • Unique Flexible Licensing System • Flexible Footprint • Automation and Visibility Web App Firewall • Application Aware Firewall • Defends your applications against Layer-7 attacks Web Accelerator • Website Acceleration • Reduces page load time and cuts bandwidth Traffic Manager • Load Balancer / Traffic Manager / ADC • Provides reliability, security availability, offload, scripting and more • Old world = Static Licenses • Over Provisioned / Under Utilized • Difficult to manage • Inflexible • Expensive • New world = Flexible Licensing • Right Sized • Easily allocated / re-allocated • Flexible • Cost Effective
- 26. Services Director Licensing Unique Flexible Licensing System • Capacity is purchased in 2Gb/s or 5Gb/s blocks of Capacity • Unrestricted number of vTMs can be licensed: ‒ Minimum 1Mb/s • Capacity can be moved around ‒ Allocating draws from the bucket ‒ De-allocating returns to the bucket 30 vtm150 Enterprise Base Pack 10 Gbps Standard Base Pack 10 Gbps WAF Add-On 5 Gbps vtm151 vtm152 3 Gbps STD 3 Gbps ENT + WAF 2 Gbps STD + WAF
- 27. UNIQUE USAGE-BASED LICENSING MODEL DYNAMIC RESOURCE AND CAPACITY ALLOCATION FOR CHANGING WORKLOAD DRILL DOWN TO USAGE REPORTS AND EXPORT BILLING DATA FOR CHARGEBACK Enterprise Capacity Management
- 28. © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 32
- 29. Programmability Part 2 : Orchestration • Orchestration is easy: ‒ Full VMWare Guest Customization Support ‒ Cloud Init for AWS, Azure and Openstack ‒ Software form factor means Puppet, Chef just work • Configuration is easy: ‒ REST/SOAP API • Autoscale supported Natively on AWS, Rackspace ance VMWare vCentre. ‒ 3rd Party Extensible with PS © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 36
- 30. vRealize Orchestrator Plugin • Brocade plugin comes with 22 workflows to configure vTM. • Works in conjunction with vCenter plugins that can orchestrate VMs • Automation of these workflows through vCAC. • Complex workflows possible by combination of workflows. © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 39
- 31. Cloud Footprint All the rest can run Linux, so we can get in there too! vTM deployments are on more virtual and cloud platforms than any other application delivery controller.
- 32. Deploy your own Content Delivery Network (CDN) Content Delivery Cloud
- 33. How Does a CDN Work? 1. User Requests www.example.com 2. Connectivity established through multiple hops back to the application 3. All communication follows the same path Without a CDN CDN optimized 1 2 1 1. User Requests www.example.com 2. Application directs user to receive select content from the closest location 3. Dynamic communication still goes back to the origin location 2 3 3 www www APPS APPS
- 34. How does the Content Delivery Cloud solution work? 1. User Requests www.example.com and Traffic Manager will direct the user to the best location. Content available locally is served directly to the user. 2. For dynamic requests, Traffic Manager will proxy connectivity back to the application over optimized connections, and client connections are established through a single Traffic Manager. 2 1 vTM at the Datacenter • Reliability • Protection • Control • Performance vTM in cloud Web cache and Global Load Balancing requests www www APPS APPS
- 35. Traffic Manager Advantage vs CDN only Value Flexibility Throughput Adaptive (Pubic / Private/ Hybrid) Consumption Dynamic Compute Performance Optimizations Connections Protocols Deploy Everywhere Security Control Layers Resiliency Encryption Control Flexibility Programmability Simplify Development and Deployment Time
- 36. vRouter
- 37. Brocade Vyatta 5600 vRouter THE HIGHEST PERFORMING VIRTUAL ROUTER IN THE WORLD • New Architecture ‒ vPlane architecture ‒ Up to 10Gbps per Core on bare metal ‒ 10Gbps+ on VM with SRIOV or PCI pass- through • Target Use Case: NFV ‒ High Scalability Services vRR, vRS ‒ High Performance Routing, Firewall, NAT, etc. • VMware, KVM, Hyper-V, Bare Metal © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 49 Routing Security VPN System Management IP Services Platforms High Availability IPv4, IPv6, Static, PBR, OSPF, RIP, BGP, Multicast IPv4, IPv6, Stateful Firewall, NAT IPSec, SSL, Route-based, L2-bridging, DMVPN CLI, RESTful API, GUI SSH, DHCP, DNS, SNMP VRRP, Stateful Failover, Config Sync VMware, KVM, x86, Hyper-V Feature Highlights
- 38. Vyatta 5600 vRouter Architecture Intel DPDK © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 50 Packet Pipeline Packet Pipeline VM Packet Packet Packet Core 0 Core 1 Core 2 Core 3 Core 4 Core 5 Core 6 Core 7 Packet Packet Packet
- 39. 5600 Deployment Models Deployment models and relation to vSwitch © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 51 NIC NIC NIC vRouter vTM VM NIC NIC NICvRouter Bare Metal Deployment Virtualized Deployment Virtual Deployment with DPDK, SR-IOV/ PCI Pass- through vSwitch Hypervisor NIC NIC NIC vRouter VM VM vSwitch Hypervisor x86 x86 x86 vNIC SR-IOV
- 40. Software / Virtual Machines • Software environment: Traffic Manager: Linux x86_64: Kernel 2.6.18 - 3.19 (2.6.22+ for IPv6), glibc 2.5+ Solaris 10 (x86_64) Virtual Appliances: VMware vSphere 5.0, 5.1, 5.5, 6.0; XenServer 6.1, 6.2, 6.5; Oracle VM for x86 2.1, 2.2, 3.2, 3.3; Microsoft Hyper-V Server 2012 & 2012 R2; Microsoft Hyper-V under Windows Server 2012 & 2012 R2; QEMU/KVM (RHEL/CentOS 6.x, 7.x; Ubuntu 12.04, 14.04); Amazon EC2 - as a virtual appliance or native software install Microsoft Azure - as a virtual appliance CPU : 2-4 vCPU Memory: 2GB , 4GB with Web Accelerator Disk Space: Minimum : 1GB ; Minimum for Virtual Appliance Install: 16GB Platform Availability
- 41. Brocade Virtual Traffic Manager Functionality © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 53
- 42. Brocade Virtual Traffic Manager Specifications © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 55
- 43. Why Brocade vADC? •Programmability •Scale up & Scale Out: Done Right •Better for Virtual & Cloud •Breakthrough Licensing Model •Best Cloud Footprint © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 60
- 44. Questions? © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 61
- 45. Thank you
- 46. Global Load Balancing Overview © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 64
Editor's Notes
- The objective for this session is that, upon completion, you will have a basic understanding of the Traffic Manager portfolio
- PURPOSE BUILT FOR SOFTWARE Designed for virtual and cloud world - from clustering to the way we present services, unlike legacy hardware ADC vendors offerings. The Brocade vADC value prop. is better and doesn't leave your ADC value prop. bolted to floor of data center PROCESs AUTOMATION Because of our pure software heritage and the fact that we’re purpose built for virtual and cloud, it’s much easier to automate deployment and configuration management in the upcoming SDN world ENABLING BUSINESS LOGIC TrafficScript, programming language for the Brocade Traffic Manager, simplifies powerful programmability of sophisticated application traffic policies: reducing the amount of time and effort needed to apply business logic to how applications behave on the wire. Our processes are orders of magnitude easier than the competition HYPERSCALE AND PERFORMANCE ONE DEMAND The Innovative licensing model delivered by the Brocade Services Director uses license by pool rather than license by instance providing unmatched agility and flexibility truly providing a listening model that can scale Highest clustering capabilities for increased reliability and scalability (up to 64 vTM nodes per cluster) Based on our virtual heritage, the customer is empowered to scale p and out to meet the most complex needs No feature compromise even when at maximum scale
- There are FOUR parts to the Brocade vADC portfolio story, which together provide a comprehensive on-demand solution, and build up to the concept we call “Application Delivery as a Service” or “ADC-as-a-Service” First, the core ADC platform is known as the Virtual Traffic Manager: this provides Layers 4 to 7 services, including load balancing, caching and SSL offload, and a powerful scripting tool, called TrafficScript - we cover this deeper in later slides. Traffic Manager also acts as the platform on which we build higher-level services for security and content optimization. The second part is the Web Accelerator, this provides Web Content optimization to reduce web page load times, bandwidth, boost Search Engine Optimization and improve overall end-user experience. While Traffic Manager includes a number of powerful tools to accelerate applications and services, the Web Accelerator specifically gives a boost for HTTP applications by automating web performance best practices. Third is our Web Application Firewall, this solution is a true Layer-7 WAF, which is designed to protect applications from Layer 7 Application-layer attacks, in other words, dealing with security in terms of the content of HTTP requests. While a network firewall ensures that only certain types of traffic are permitted or denied, a Web Application Firewall can be used to apply business rules to traffic, such as inspecting submitted text field data and blocking attacks in the form of SQL injection and cross-site scripting (XSS) and so on, even filtering outgoing traffic to mask credit card data, and help compliance with PCI-DSS and HIPAA standards (PCI DSS The Payment Card Industry Data Security Standard and HIPAA is the federal Health Insurance Portability and Accountability Act ) Finally, is the Services Director which is a separate platform to the Traffic Manager. The Services Director gives a framework to manage on-demand provisioning of Traffic Managers, by automating the deployment, licensing and metering of ADC services. We have flipped the consumption model of ADCs – instead of over purchasing and overprovisioning ADC instances, the Services Director model allows you purchase “buckets” of bandwidth and enables you to provision as many ADCs as you want with the add-on features you want. This fluid capacity-based model truly enables the “ADC-as-a-Service” concept, this gives you the ability create and manage on-demand and it transforms the way ADC services are consumed by enterprises and service providers
- Brocade’s vADC portfolio can be deployed in these form factors. Note that the complete feature set is available in each form factor, and in some cases we provide additional capabilities to support specific hosts. First in this sequence, we offer a pure software download, in this deployment, Traffic Manager is installed on top of a supported Linux kernel which gives maximum flexibility for architects or OEMs. Second, we provide pre-packaged virtual appliances for a number of hypervisors, including VMware, KVM, Microsoft Hyper-V and Oracle VM Third, we have close integration with several named cloud service providers such as an AMI for Amazon web services, an VHD for Microsoft Azure. They are directly available from the respective marketplaces And finally, we have a unique deployment mode, known as the “Micro ADC” – Using the Services Director model, hundreds of small foot print ADC can be provisioned on a host chassis, this providing a high-density implementation, by using Linux Containers, these micro ADCs are completely isolated from its ADC neighbor The Services Director, and the small footprint makes it very easy to create, start and stop individual services and even orchestrate the provisioning using the REST API and own Scripts
- This diagram shows at a high level how the Traffic Manager works. Traffic Manager sits in front of the web and application servers to accept requests on behalf of external users and manage the dialog with the web or application server. **Click** First, Traffic Manager protects the application by ensuring that only the right resources are shared with the outside world, and it optimizes the application by caching duplicate requests and reducing the number of connections and resources needed to manage the transactions. This increases the number of users that the application can service, and at the same time improves the response time seen by end users. And because Traffic Manager continuously monitors the health of the web and application servers, it can route traffic to avoid failing systems to maximize the availability and uptime of the application. **Click** Secondly, Traffic Manager can perform web content optimization using the Web Accelerator add-on. The Web Accelerator essentially automates Web Performance best practices. Reducing web content size , reducing HTTP round trips and caching optimized content on the Traffic manager all leads to faster page views for end users, especially over high latency connections. **Click** Thirdly, Traffic Manager can help to identify different kinds of users, based on their location, their identity, or even if they are frequent customers, by using a powerful set of rules you can tailor the experience for each of these unique users. As an example administrators can give priority to important requests or paying customers, while freeing up resources on the application by restricting less important traffic to anonymous and non purchasing users. With global load balancing, Traffic manager can even redirect customers to their nearest data centre to give even faster response times. **Click** Finally, Traffic Manager can identify and protect against application vulnerabilities and attacks such as cross-site-scripting, SQL injection and other common attacks on your web servers. This is an important feature as its been reported that there has been 51 percent more application layer attacks last year alone. Traffic Manager is available with an add-on Web Application Firewall, which can help achieve compliance with PCI-DSS and HIPPA requirements for protection against attacks prevalent today . Source : https://blogs.akamai.com/2016/01/q4-2014-state-of-the-internet---security-report-some-numbers.html
- In this example, we are only looking at one simple web service. Here we can see a typical web application on the right, with Traffic Manager sitting in front of the application. Traffic IP First the client sees a Virtual IP (VIP) which is also called Traffic IPs or TIPs in our Traffic Manager terminology. A Traffic IP is what the client sees and connects to, a virtual server can be setup to listen on one or more Traffic IPs There are two key parts to Traffic Manager : **Click** Virtual Server Firstly there is a “Virtual Server”, which is the liaison to the client connections, this is the incoming requests and outgoing responses. The Virtual Server handles all traffic for a particular protocol and port. Rules can also be applied here to act on specific conditions. Before Traffic Manager passes the request onto the application, we have the opportunity to apply Virtual Server configurations and custom “Request Rules.” These could include to protection against traffic overload, SSL offloading, denial of unwanted attacks, or even apply HTTP redirects by translating from one URL to another, for example, example.com/specials redirect to example.com/shoes Configurations and Rules are really easy to set up using the graphical web admin . A huge plus to Traffic Manager feature set is TrafficScript. TrafficScript is a simple scripting tool that understands the way applications and different protocols work. Application programmers, DevOps and people alike can even create complex rules and even extend TrafficScript to use external programs such Java for content processing, TrafficScript and External programs are cataloged and available for re-use across other services hosted on the Traffic Manager. **Click** Pools As well as managing the incoming requests on behalf of the web application, Traffic Manager also manages the server connections using one or more server “Pools”. A web application could use several Server “Pools” such as a group of primary web servers and back-up web servers or even pools serving landing pages for maintenance windows. Pool configurations and custom Rules can also be applied here where Server connections are handled. As well as managing the workloads across the servers, Traffic Manager also manages users sessions on behalf of the application. The graphical web admin makes it really easy to set up rules for how to manage user sessions, consolidate web connections or even encryption on the forward connections for additional security. **Click** Monitors In the background, Traffic Manager monitors the health of individual application servers, and can judge which servers are likely to respond more quickly to different types of requests. Enterprises can choose one of several built-in Load Balancing Algorithms to decide how the workload should be balanced across the server pools and how they should be treated when failed **Click** After Traffic Manager passes the request to the back end Servers, the server responds to our request, and we’re almost ready to return the information to the client. At this moment we have the opportunity to apply some “Response Rules” before we hand off the response. Here Traffic Manager could enable intelligent caching rules in place to cache static and selective content. SSL encryption and content compression can be applied here too, to offload significant workloads from the application servers. This is also the place to prioritize outbound bandwidth for unknown versus paying customers, and to verify service levels and application response times. And finally, we can also screen and trap data leakage, by screening out credit card, Social Security numbers or other sensitive information. Lastly, your extensive logging and graphical monitoring capabilities allow you to see real-time analytics for their application; how many concurrent user sessions are being processed, and the response times from servers. This makes it a really powerful tool for enterprises to understand their applications, and helps enterprises choose the right optimization strategies for their applications.
- Traffic Script: Carries business logic out to control how your application behaves on the wire Rules can run on client Request, Server Response, or after a transaction is completed (useful for connection tracing or collecting statistics on how long the connection took to process)
- OK, so here is a simple example of a Traffic Script rule. If you can describe what you want your application to do, and how you want it to process the requests, we can try to express that as a simple TrafficScript rule. In this example, the idea is simple: Without editing the web application code on the servers. we want the redirect our users requesting one page to another page. In this example, we’re looking for any request which is looking in the “products” folder and if I find a request for “products” then redirect to the new “services” folder. When I turn that sequence into TrafficScript, it is immediately recognizable – certainly any application programmer will see how similar it is to other web programming languages. The example user case is very simple, we could do even smarter things such as jumping directly to the right page, or even looking up in a table of possible pages based on cookie information.
- In this TrafficScript, we look for HTTP 500 Server errors. (You could tweak this rule to only interact with the credit card payment page for example) If we see an HTTP500 error, we tell the Traffic Manager to avoid the node that failed last time and try again, up to 3 times… We also put an entry into the log so the administrators know to go check to make sure the customer isn’t charged twice. As an extension to this rule, we could raise a custom event in the TS that would trigger an email to the application administrators with the log details, so they can easily go check it out!
- Here’s a more advanced implementation of Traffic Script. In this Example, Traffic Script is extended by a Java program. TrafficScript here is time stamping and watermarking sensitive PDF files on the fly. In Summary, TrafficScript is a competitive advantage for Traffic Manager Users because of its Layer 7 capabilities, extensibility and simplicity of its syntax and learning curve to adopt For more details: Watermarking PDF documents with Stingray and Java Extensions http://community.brocade.com/t5/vADC-Docs/Watermarking-PDF-documents-with-Stingray-and-Java-Extensions/ta-p/73617
- There are FOUR parts to the vADC story, which together provide a comprehensive on-demand solution, and build up to the concept we call “Application Delivery as a Service” or “ADC-as-a-Service” First, the core ADC platform is known as Brocade Traffic Manager: this provides core Layer 4 to 7 services, including load balancing, caching and SSL offload, and a powerful scripting tool, called TrafficScript. And we will see in a moment, Traffic Manager also acts as the platform on which we build higher-level services for security and content optimization. Second, Brocade Web Accelerator provides automatic HTML optimization, to reduce page load times. Traffic Manager includes a number of powerful tools to accelerate applications and services, but Web Accelerator gives an extra boost for some types of applications. Third, Brocade Web Application Firewall is a Layer-7 web application firewall, which is designed to protect applications from external application-level attacks. While a network firewall ensures that only certain types of traffic are permitted or denied, a web application firewall works with the business logic to decide whether to allow the request to be processed, checking for targeted attacks such as SQL Injection and Cross-Site scripting, and preventing data leakage. Finally, Brocade Services Controller gives a framework to manage on-demand provisioning, by automating the deployment, licensing and metering of ADC services across a virtual or cloud framework. When linked to a service orchestration framework, we call this ability to create and manage on-demand application delivery services “ADC-as-a-Service” and it transforms the way ADC services are consumed by enterprises and service providers to a much more fluid capacity-based model.
- There are FOUR parts to the Brocade vADC portfolio story, which together provide a comprehensive on-demand solution, and build up to the concept we call “Application Delivery as a Service” or “ADC-as-a-Service” First, the core ADC platform is known as the Virtual Traffic Manager: this provides Layers 4 to 7 services, including load balancing, caching and SSL offload, and a powerful scripting tool, called TrafficScript - we cover this deeper in later slides. Traffic Manager also acts as the platform on which we build higher-level services for security and content optimization. The second part is the Web Accelerator, this provides Web Content optimization to reduce web page load times, bandwidth, boost Search Engine Optimization and improve overall end-user experience. While Traffic Manager includes a number of powerful tools to accelerate applications and services, the Web Accelerator specifically gives a boost for HTTP applications by automating web performance best practices. Third is our Web Application Firewall, this solution is a true Layer-7 WAF, which is designed to protect applications from Layer 7 Application-layer attacks, in other words, dealing with security in terms of the content of HTTP requests. While a network firewall ensures that only certain types of traffic are permitted or denied, a Web Application Firewall can be used to apply business rules to traffic, such as inspecting submitted text field data and blocking attacks in the form of SQL injection and cross-site scripting (XSS) and so on, even filtering outgoing traffic to mask credit card data, and help compliance with PCI-DSS and HIPAA standards (PCI DSS The Payment Card Industry Data Security Standard and HIPAA is the federal Health Insurance Portability and Accountability Act ) Finally, is the Services Director which is a separate platform to the Traffic Manager. The Services Director gives a framework to manage on-demand provisioning of Traffic Managers, by automating the deployment, licensing and metering of ADC services. We have flipped the consumption model of ADCs – instead of over purchasing and overprovisioning ADC instances, the Services Director model allows you purchase “buckets” of bandwidth and enables you to provision as many ADCs as you want with the add-on features you want. This fluid capacity-based model truly enables the “ADC-as-a-Service” concept, this gives you the ability create and manage on-demand and it transforms the way ADC services are consumed by enterprises and service providers
- Shown here is a list of optimizations dynamically applied by the Web Accelerator. Most of these optimizations are well documented and most web applications developers are aware of them and their benefit In fact, Google PageSpeed and Yahoo ySlow are two well known grading tools that score your web performance based on how many optimizations best practices are applied your webpages. Having a high score in any of these benchmarks will not only ensure you have a light and fast loading webpage but also a highly SEO score as all the main search engines (Google, yahoo, Bing, etc.) all take into account the speed of your website in consideration when returning search engine results Although well documented, applying these best practices in a consistent manner is a different story. As you can imagine every time you push out new iterations of web designs and code you need to ensure all these best practices are followed, this takes time to test and implement, often taking time out of development to dedicate time to fix and optimize design and code and not all organizations have resources to do so. Think of Web Accelerator as a tool for your development team not a replacement – Web Accelerator automates these best practices at runtime and each time new content is pushed A website’s Google PageSpeed and Yahoo ySlow score instantly is improved Google PageSpeed: https://developers.google.com/speed/docs/insights/about YSlow: http://yslow.org/faq/
- Details are in the attached Gartner Research doc (found on competitor Imperva's website, not intended for re-distribution).
- The Open Web Application Security Project (OWASP) is a world wide not-for-profit organization focused on improving the security of software by keeping software security visible so that individuals and organizations worldwide can make informed decisions about true software security risks. The OWASP Top is update every few years and ranks the most common and important vulnerabilities. As you can see from the previous and most current vulnerabilities ranking that the top risks can be exposed on the application layer and can be eliminated and at least mitigated by a Layer 7 WAF See: https://www.owasp.org/index.php/Top_10_2013-Table_of_Contents
- There are FOUR parts to the vADC story, which together provide a comprehensive on-demand solution, and build up to the concept we call “Application Delivery as a Service” or “ADC-as-a-Service” First, the core ADC platform is known as Brocade Traffic Manager: this provides core Layer 4 to 7 services, including load balancing, caching and SSL offload, and a powerful scripting tool, called TrafficScript. And we will see in a moment, Traffic Manager also acts as the platform on which we build higher-level services for security and content optimization. Second, Brocade Web Accelerator provides automatic HTML optimization, to reduce page load times. Traffic Manager includes a number of powerful tools to accelerate applications and services, but Web Accelerator gives an extra boost for some types of applications. Third, Brocade Web Application Firewall is a Layer-7 web application firewall, which is designed to protect applications from external application-level attacks. While a network firewall ensures that only certain types of traffic are permitted or denied, a web application firewall works with the business logic to decide whether to allow the request to be processed, checking for targeted attacks such as SQL Injection and Cross-Site scripting, and preventing data leakage. Finally, Brocade Services Controller gives a framework to manage on-demand provisioning, by automating the deployment, licensing and metering of ADC services across a virtual or cloud framework. When linked to a service orchestration framework, we call this ability to create and manage on-demand application delivery services “ADC-as-a-Service” and it transforms the way ADC services are consumed by enterprises and service providers to a much more fluid capacity-based model.
- These modules scale independently in the case of a Distributed deployment and are bundled as one in the case of the Traffic Manager option. he integrated WAF is enabled on the VTM platform with a license key, it is a full web application firewall with feature parity with the distributed vWAF On the integrated WAF , Enforcers are enabled on the Virtual Servers where the web applications is configured The quantity of Deciders can be defined up to the maximum of CPU cores on the vTM instance. In a cluster the number of deciders must be identical therefore in a cluster of vTM, the number of deciders per instance will be up to the lowest number of the CPU cores of a Cluster member There is one WAF Admin Server accessible from the vTM admin web UI
- As with rest of vTM Manager family, software can run anywhere vWAF is made up of three modules: Enforcer modules for intercepting traffic, passing it to the decider module, and enforcing its decision. In a distributed WAF architecture, enforcers are installed as webserver plugins (e.g. apache module or IIS isapi filter) Decider modules do the heavy lifting of deciding whether a message should be let through. In a distributed WAF architecture, Deciders are hosted on Unix or windows machines as a daemon or server The Admin server is the Central web-based administration console to create and maintain rule sets. Hosted on any web server The scalability is massive. You can combine any number of Enforcers with any number of Deciders. Admin service is used for add/change/remove of rules. Enforcer/Decider can live without Admin server so not critical to have a redundant pair of Admin servers, but in general recommended. Realistic limit number of deciders is 500 as of Oct 2012. Enforcers store no centrally managed configuration, so really is not limited.
- There are FOUR parts to the Brocade vADC portfolio story, which together provide a comprehensive on-demand solution, and build up to the concept we call “Application Delivery as a Service” or “ADC-as-a-Service” First, the core ADC platform is known as the Virtual Traffic Manager: this provides Layers 4 to 7 services, including load balancing, caching and SSL offload, and a powerful scripting tool, called TrafficScript - we cover this deeper in later slides. Traffic Manager also acts as the platform on which we build higher-level services for security and content optimization. The second part is the Web Accelerator, this provides Web Content optimization to reduce web page load times, bandwidth, boost Search Engine Optimization and improve overall end-user experience. While Traffic Manager includes a number of powerful tools to accelerate applications and services, the Web Accelerator specifically gives a boost for HTTP applications by automating web performance best practices. Third is our Web Application Firewall, this solution is a true Layer-7 WAF, which is designed to protect applications from Layer 7 Application-layer attacks, in other words, dealing with security in terms of the content of HTTP requests. While a network firewall ensures that only certain types of traffic are permitted or denied, a Web Application Firewall can be used to apply business rules to traffic, such as inspecting submitted text field data and blocking attacks in the form of SQL injection and cross-site scripting (XSS) and so on, even filtering outgoing traffic to mask credit card data, and help compliance with PCI-DSS and HIPAA standards (PCI DSS The Payment Card Industry Data Security Standard and HIPAA is the federal Health Insurance Portability and Accountability Act ) Finally, is the Services Director which is a separate platform to the Traffic Manager. The Services Director gives a framework to manage on-demand provisioning of Traffic Managers, by automating the deployment, licensing and metering of ADC services. We have flipped the consumption model of ADCs – instead of over purchasing and overprovisioning ADC instances, the Services Director model allows you purchase “buckets” of bandwidth and enables you to provision as many ADCs as you want with the add-on features you want. This fluid capacity-based model truly enables the “ADC-as-a-Service” concept, this gives you the ability create and manage on-demand and it transforms the way ADC services are consumed by enterprises and service providers
- Whether for services providers or enterprises, we provide a complete set of tools to manage the inventory of ADC instances, so you know how resource pools are being used, and to plan ahead for how to re-allocate resources between different applications and groups. Usage reports can be created for business units and individual clients, making it easy to implement charge-back and billing for cost allocation across the business.
- Ducktape, hammer, wd-40
- Traffic Script: Carries business logic out to control how your application behaves on the wire Rules can run on client Request, Server Response, or after a transaction is completed (useful for connection tracing or collecting statistics on how long the connection took to process)
- A Traffic Manager content delivery cloud provides solutions to the problems encountered with typical CDN deployments Traffic Manager delivers more functionality with a lower cost. Software and provider charges are cheaper than CDN throughput rates. Traffic Manager is available with No minimum traffic levels or contracts required with licensing down to the minute. The fluency of Traffic manger allows for deployment without code changes to the application. Software enables you to Rapidly Deploy Anywhere and Anytime you need, not limited by service options. Traffic Manager offers more Performance optimizations than a CDN service can offer. Deliver Automatic Content Optimization and Control, even for the dynamic objects. Provide Security for applications not possible with a CDN. Content now stays in your control and Traffic Manager Enables secure and encrypted communications. You now have a solution for intranets and secure document stores. With Traffic Manager, attacks are not forwarded to the origin. Now you can Provide layers of protection and Enforce security policies globally. The layer 7 fluency of Traffic Manager Provides Control FAR beyond static content into the application layer. With Traffic Manager, eliminate code change requirements and deploy applications not supported with CDN architecture. Extend control without the limitation of service portals and delays, provide full control of updates as needed when needed