ppt for knowledge

1. APP WORLD
2025

3. Zen Exim Solution Team’s Expertise
Data Centre
Integration
Multicloud
Setup
Cyber
Security
Audit
Vulnerability
Assessment

4. Our Team Strength
Sales Presales
Field Support Engineering Team
300+

5. 5000+ Registered Partners Across
SAARC Countries
5000
+
India
Nepal
Sri Lanka
Afghanistan
Bangladesh
Bhutan

6. Warehousing Facilities
o Ahmedabad
o Singapore
o FTZ ( Free trade zone )
o Mumbai
o Chennai

7. Local sales
and technical
support
across
India
About Support

8. Leadership Team
Excellence in Global Trade

9. Where is AI today?
9 ©2025 F5

10. Where AI is located today
Divided between public cloud, on-premises, C hybrid
The location of AI engines today
35
%
In both public
cloud s on-
premises
20
%
On-
premises
45
%
Public
cloud
Organizations plan to deploy AI engines (development, training,
inference) and AI apps both in public cloud and on-premises
environments, solidifying hybrid, multicloud operations as the
norm.

11. 5 ©2025 F5
As organizations adopt AI, which
relies heavily on modern apps and
infrastructure, both modern apps
and APIs will continue to proliferate.
2024 State of Application Strategy Report, F5 Labs

12. We AI, but…

13. AI-powered
attacks
Increased
liability
Data
privacy
Data leakage
AI attacks leads AI security concerns
Percent of respondents concerned about each
29%
27%
23%
21%
Nearly one-third of decision makers
fear AI-powered attacks
2024 State of AI Application Strategy Report: A New AI Stack Emerges, F5
Labs

14. The necessary protective services for AI
Percent of respondents using or planning to use each type of protection
11
%
2024 State of AI Application Strategy Report: A New AI Stack Emerges, F5
Labs
37
%
38
%
39
%
41
%
42
%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
API security to safeguard
data as it traverses AI training
models
Monitoring / visibility of
usage
DDoS protection for AI
models
Bot protection for AI
models
Data masking /
exfiltration
Caching for AI
queries

15. AI protections vie for the
most important
Average overall ranking (of 100 possible points assigned)
Blocking data exfiltration
Preventing PII leakage
Preventing prompt injection
attacks to LLMs
Preventing LLMs from presenting biased data
Encrypting data in motion
Preventing LLMs from presenting hallucinations
Encrypting data in rest
12
13
16
1
G
10
1G
11
DataProtection

16. How you should defend AI

17. Secure applications Secure APIs
How organizations should defend AI
Organizations shouldn’t fear AI but need to secure for its use
17 © 2025 F5
Secure access Protect data
Protect training
data G
pipeline
Prevent
resource
exhaustion
Gain operational
visibility
Defend IP

18. Enabling AI Security
with BIG-IP

19. F5 s BIG-IP deliver the necessary security for your
AI
Enable AI security with BIG-IP
19 © 2025 F5
Secures apps s APIs
• Bot protection
• DoS / DDoS protection
• API security
Secures access s
protects data
• Data in-transit encryption
• Zero trust application access
• Compliance
Protects training s data
pipelines, prevents resource
exhaustion s defends IP
• Rate-limiting C resource optimization
• DDoS threat mitigation
• Secure traffic control
• AI model protection
Protects training s
data pipelines s
defends IP
• Scaling C resilience
• Data integrity
• Prevents data leakage

20. Protect your AI apps s APIs
BIG-IP Advanced WAF
20 © 2025 F5
Halt DDoS attacks
from overloading AI
services
Defend AI inputs from
vuln exploitation
attacks in AI
algorithms
Protect against injection
attacks that locate,
alter, or destroy AI
training info
Stop malicious bots
from negatively
affecting AI traffic

21. Secure access to your AI applications and data
BIG-IP Access Policy Manager
21 © 2025 F5
Zero trust app access Encrypt data in-
transit
Protect against unauthorized
access G ensure least
privilege access
Provide compliance
insights

22. Defend your AI apps, models, s infrastructure.
BIG-IP Advanced Firewall Manager
22 © 2025 F5
Defend against DDoS attacks
overwhelming AI model
training platforms or
supporting infrastructure
Ensure precious compute
resources reserved for
critical workloads
Enable consistent security and
traffic policies across all
environments

23. Application delivery s security for distributed data
ingestion
23 © 2025 F5
TRAINING SERVICES
FOUNDATION MODEL
REPOSITORY
MODEL
REPOSITORY
EXTERNAL TRAINING DATA
Websites
Databases
Syntheti
c Data
Knowledg
e Bases
Sensors
Geographi
c Data
Sensors
TRAINING
CLUSTERS
Normalized
Training
Object
Store
OBJECT PRE-
PROCESSING
Raw
Training
Object
Store
INFERENCE SERVICES
INFERENCE CLUSTERS
AI FACTORY
Load balance
AI data
traffic
Load
balancer
Firewal
l

24. Enhancing throughput s security with BIG-IP LTM s BIG-IP AFM
F5 VELOS enable high speed, parallel ingestion and movement of storage objects
24 © 2025 F5
TRAINING SERVICES
FOUNDATION MODEL
REPOSITORY
MODEL
REPOSITORY
EXTERNAL TRAINING DATA
Websites
Databases
Syntheti
c Data
Knowledg
e Bases
Sensors
Geographi
c Data
Sensors
TRAINING
CLUSTERS
Normalized
Training
Object
Store
OBJECT PRE-
PROCESSING
Raw
Training
Object
Store
INFERENCE SERVICES
INFERENCE CLUSTERS
AI FACTORY

25. Some organizations crack down on access to GenAI
chatbots
Concerns focus on privacy C data security
~25%
According to multiple reports, nearly 25%
of organizations have either banned or
severely restricted access to open
Generative AI chatbots, like ChatGPT G
others
May 2023:
Samsung Electronics banned GenAI
use, prompted by discovery of an
accidental leak of sensitive internal
source code uploaded to ChatGPT

26. GenAI is the most exciting, but ensuring its security creates fear
It’s all fun C games, until it isn’t
#
1
Generative AI tops the list
of most exciting trends,… #
2
but securing it is the
second highest concern.
2024 State of Application Strategy Report, F5 Labs

27. What concerns organizations most about GenAI.
Are you one of these organizations?
Data security
risks
Lack of
accuracy /
dependability
Productivity loss Ethics /
compliance
risks
Accidental
security
risks

28. What you can do to ensure proper, secure GenAI
use.
Ideas to mitigate risk
Develop G communicate
clear AI use policies
Invest in
secure AI
solutions
Develop G encourage
AI training
Require review G verify
any AI-generated
content

29. Identify AI tools and control access to them,s then
some.
BIG-IP SSL Orchestrator + F5 Secure Web Gateway Services
Detect G block
known AI
tools
Decrypt GenAI queries
and responses for
orchestration G
inspection
Control who may
access AI tools, when,
how, etc.
Prevent sensitive
training data or model
details from malicious
exfiltration

30. We’re still living in a hybrid world
Source: F5 state of application strategy 2024
App portfolios
What apps do you
operate?
Edge
8
%
Public
Cloud
2
0%
SaaS
1
9
%
Colocation
1
0%
On-premises
cloud
2
0%
On-premises
traditional
2
3%
Environments
Where are your
apps?
Mobile and
microservice
s based apps
Client-server,
three- tier web
app, and
monolithic apps
5
1
%
Moder
n
4
9
%
Traditional
Future AI
Where will AI engines
go?
4
C
% PUBLIC CLOUD
35%
20%
BOTH
ON-PREMISES

31. Complexity is common and pervasive
94%
Multi-cloud
challenges
52%
Complexity of
operations
C2%
Complexity of
tooling

32. Organizations need a holistic approach that
achieves business outcomes
Strengthen Security
and Ensure
Compliance
Enhance Observability
and Control
Lower Operational
Costs and
Complexity

33. NGINX One is the F5 Application
33 ©2025 F5
Delivery and Security Platform
solution for modern apps

34. NGINX is the modern app and API platform
NGINX is
preferred
The official NGINX
image has more
than 1 billion
downloads
Source: Docker Hub
Nearly a half
of organizations that
run containers use
NGINX
Source: Datadog
Over a third
of all
websites
use NGINX
Source: W3Techs
1
/
3
+
NGINX Capabilities
Reverse
Proxy/ Load
Balancer
API
Gateway
Kubernetes
Traffic
Manageme
nt
Access
Contro
l
SSL/TLS/mTLS
encryption
Auth/SSO/
OIDC/SAM
L
WAF
Protection
DoS
Protectio
n
AI Inference
Manageme
nt
interfaces
As-a-Service
solutions
Workflow
integration
s
Customer Use Cases
Build and
scale modern
apps
Layer security
closer to
code
Get visibility s
centralized
management
Deploy anywhere

35. Deploy anywhere
Build and
scale modern
apps
Layer security
closer to your
code
Get visibility s
centralized
management
Deploy NGINX One for your modern app use cases

36. Build and scale modern apps
Streamline delivery and delight customers

37. NGINX is the modern app and API platform
Reverse
Proxy/ Load
Balancer
API
Gateway
Kubernetes
Traffic
Management
Access
Contro
l
SSL/TLS/mTLS encryption Auth/SSO/
OIDC/SAM
L
WAF
Protection
DoS
Protectio
n
AI Inference
Management interfaces
As-a-Service solutions
Workflow integrations
NGINX Capabilities

38. Security
NGINX One: One Solution For Every Use Case, For Every Team
USE CASES
• Instance
Discovery
• Management
• Observability
• Actionable
Insights
• Policy
Distribution
• API Gateway
• Caching
• Load Balancing
• Policy
Enforcement
Data
Plane
Management
Plane
• Secure
Multicloud
Networking
• Web Application
+ API Protection
• DNS
MODERN APP
DELIVERY
NGINX
Plus
NGINX Open
Source
NGINX One Console
Distributed Cloud Services Console
LOCAL CONSOLE
OPTION
NGINX
Instance
Manager
KUBERNETES
SOLUTIONS
NGINX
Gateway
Fabric
NGINX
Ingress
Controller
• Web App + API
Protection
• DoS Protection
NGINX
App
Protect

39. Layer security closer to
your code
Reduce complexity, improve security, and meet compliance

40. Layer in security to reduce risk and meet compliance
Lightweight footprint Simplify security operations
Reduce deployment friction Automate security policies
into CI/CD pipeline
Lower costs
Meet regulatory compliance

41. Get visibility and
centralized management
Respond faster with improved collaboration across teams

42. Power like you’ve never had before over your NGINX
deployments
Rollback Feature: Solve the timeliness of
configuration rollback challenges with ease.
Certificate Management: Simplify and
streamline certificate lifecycles-a challenge for
most organizations today!
Configuration Recommendations: Improve
operational efficacy and efficiency with
intelligently automated optimizations.
Config Sync Groups: Simplify and standardize
multi- node management across deployments.

43. Deploy anywhere
Extend ADC 3.0 beyond the data center

44. Go anywhere with the ultimate deployment flexibility
• Light-weight software
with straightforward
deployment
• Docker images and
other integrations
• SaaS based services
and deployments
• Easily support hybrid
and multi-cloud
On-Prem
Any Cloud
As-a-Service

45. Meet your business objectives
with the power of NGINX One Simplify
Reduce
operational
complexity
Scale
Improve scalability
and consistency
across environments
Secure
Strengthen security
and meet compliance
Collaborate Empower
collaboration with
greater visibility
Consolidate
Eliminate
redundancies, reduce
manual effort, lower
costs
With NGINX One, we can provide enterprise-grade
services and consistent application traffic
management for any deployment model.
-Juan Zamora, CEO and founder of Hopla! Software

46. Why is BIG-IP evolving?
46 © 2025
F5

47. BIG-IP: The most trusted ADC for the last 27 years
iControl introduced
2001
3-DNS Controller
released (becomes BIG-
IP DNS)
1998
1997
BIG/ip Controller
released (becomes BIG-
IP LTM)
1997
iRules introduced and
TrafficShield acquired
(becomes BIG-IP ASM)
2004
FirePass acquired
(becomes BIG-IP APM)
2003
VIPRION
platform
released
2008
iApps
introduced
2014
Container Ingress
Services and Automation
Toolchain released
2017
BIG-IP iSeries
appliances
released
2016
Advanced WAF and
SSL Orchestrator
released
2018
BIG-IP Virtual
Edition released
2010
BIG-IP AFM released
2012
VELOS and rSeries
platforms
released
2021
2004
TMOS software architecture introduced
- Last major architectural change to BIG-IP software
- Resulted in creation of TMM, iRules, full-proxy architecture, and paved the way for BIG-IP Virtual
Edition

48. Requirements of ADC’s have evolved, and continue to
evolve
Scalability G
E:tensive
Functionality
Automatabilit
y
Centralized
management
G
observability
Cutting-Edge
Security
Ease-of-use
Today’s ADC Requirements
“I’m spending too
much time performing
manual operational
tasks every day”
“
“I’m constantly
worried about falling
victim to evolving
cyber threats”
“

49. What is BIG-IP Next?
49 © 2025
F5

50. Introducing BIG-IP Next: F5’s next-generation BIG-IP
software
What is BIG-IP Ne:t?
• The same BIG-IP you know and trust, modernised and optimised for the
future
• Architected using interconnected, containerized services abstracted from
users
M O N O L IT H
IC
C O NT A I NE R - BA S E
D
BIG-IP
TMOS
Control
Plane
Data Plane Functions
BIG -IP LTM
BIG -IP WAF
BIG -IP DNS
BIG -IPAFM
BIG -IP PEM
BIG -IPAPM
BIG -IP CGNAT
BIG -IP SSL
Orchestrator
BIG-IP Next
BIG -IP
Next
LTM
BIG -IP Next
Edge Firew
all
BIG -IP
Next
WAF
BIG -IP
Next
CGNAT
BIG -IP
Next
DNS
BIG -IP Next
Policy Enf
orcer
BIG -IP
Next
Access
BIG -IP Next SSL
Orchestrator
Data Plane
Control
Plane

51. Offering a unified solution for complex,
distributed cloud architectures
BIG-IP Next Instances C BIG-IP Next Central Manager
On-Premises
BIG-IP
Ne:t
F5 rSeries
Colocation
BIG-IP
Ne:t
F5 VELOS
BIG-IP Ne:t Central Manager
Holistic device management
Simple C automated
workflows Intuitive, data rich
dashboards Integrations C
OpenAPIs
BIG-IP Ne:t Instance
Load Balancing,
WAF, Network
Firewall, Access
Management C
more
Management
Traffic Not all environments shown here are currently supported, some are currently under
development.
Private Cloud
BIG-IP
Ne:t
Public Cloud
BIG-IP
Ne:t
DevOps / App
Dev
NetOps /
SecOps
API
GUI

52. Meet the BIG-IP Next product modules
BIG-IP
Ne:t

53. What will you gain from BIG-IP
Next?

54. BIG-IP Next reduces operational complexity 1
1
Rapid, Simple G
Hitless Upgrades
• Major BIG-IP Next
upgrades in ~20
minutes
• BIG-IP Next control plane
upgrades that are hitless
in nature, requiring
zero app downtime
Modernized User
Interface G policy
management
• Modernized GUI with
optimized workflows
• Modernize policy
management
across your BIG-IP fleet
54 © 2025 F5
Comprehensive Fleet
Management
• Management and configuration
tasks may be performed
through the BIG- IP Next
Central Manager, providing a
single, centralized interface for
total control

55. BIG-IP Next delivers greater automation efficiency 2
2
Fully Integrated
Automation G Telemetry
Tooling
• Automation tools are fully
integrated, eliminating the need
for post- deployment
extensions
• Built-in app services
configuration (AS3),
configuration templates,
declarative onboarding (DO)
and telemetry
streaming
• Maintain existing automation
Declarative, API-centric
framework
• BIG-IP Next can be managed
via its declarative (AS3)
or imperative
(iControl) API, providing
automation flexibility
• Deploy fully configured apps
in seconds in a
repeatable, reliable
manner
55 © 2025 F5
Rearchitected control
plane optimizedfor
automation
• Greater API efficiency with more
API requests per second
• Enabled to run automation
from multiple unique
orchestrators concurrently

56. BIG-IP Next improves security s reduces business
risk
3
3
Elevated Software Release
Security G Ǫuality
• Secure Software Development
(SSD) best practices ensure
security is leading priority
throughout
development; improving software
quality C reducing
vulnerabilities
Rapid Development
of Security Features
and Software
Patches
• Ǫuarterly security feature
releases ensure cutting-edge
security postures that thwart
evolving threats
• Patches for newly discovered
vulnerabilities delivered in
as little as 24hrs
56 © 2025 F5
Configuration Versioning,
Access Controls G
Auditing
• Version control for elements such
as iRules and app
configuration enables easy
rollback to known good version
and streamlines troubleshooting
• Enhanced role-based access
controls limit configuration
changes while auditing
provides visibility into change-
history

57. BIG-IP Next delivers performance, scalability s
resiliency
4
4
Superior Control Plane
Scale
• Significantly improved object
scale for larger scale
deployments
• Dedicated compute resources
ensures control plane
performance and
availability
Industry-Leading Data
Plane Performance
• Unparalleled data plane
performance C scale carried
forward from BIG-IP TMOS
• Massive throughput with ultra-
low latency to provide
optimal app
experiences for millions of
users
57 © 2025 F5
Seamless Global
App Resiliency
• Effortlessly implement Global
Server Load Balancing (GSLB)
within any multi-site app
deployment, providing
maximum application
redundancy with
minimal configuration effort

58. BIG-IP Next enhances application observability 5
5
Granular App G
Device Dashboards
• Granular dashboards with
extensive app and network
insights help optimize
application performance
and troubleshoot issues
Centralized
monitoring, alerting G
reporting
• Birds-eye visibility spanning
entire app portfolios and
BIG-IP Next fleet across
distributed environments
• Receive alerts to rapidly respond
to application events
and automate report
creation for auditing purposes
58 © 2025 F5
3rd Party
Telemetry
Streaming
• App and device data streaming
to popular 3rd party
visualization tools such as
Splunk and Grafana utilizing
Otel or Syslog
• Telemetry streaming is fully
integrated, removing the
need for post-deployment
extensions

59. BIG-IP Next maintains BIG-IP’s core functions…
L4
firewall
TLS/SSL
orchestration
iRule
s
Web app and API security Container
ingress
BIG-IP TMOS
Local and Global Traffic Management
Policy enforcement CGNAT
Platform and licensing
flexibility
Telemetry streaming
DNS
Access controls
6
6
59 © 2025 F5

60. Configuration and iRules
versioning
Modernized user
interface
Software upgrades In
minutes
Superior control plane scale and
performance
Hitless upgrades for non-data plane
components
Accelerated feature
delivery
Seamless global app
resiliency
Fully integrated automation
suite
Elevated software
quality
Granular app and security
dashboards
Multi-threaded control
plane
Software patches released in
hours/days
Single-step, multi-site
deployments
Comprehensive centralized management and
visibility
…while delivering valuable differentiation
60 © 2025 F5

61. Game-changing improvements for day-to-day
operations
Use Case BIG-IP TMOS BIG-IP Ne:t
Software upgrades Hours
10 minutes
(C hitless if no data plane involvement)
App deployment Days / weeks (manual) Seconds / minutes (with automation)
Automation pipeline integration 1000s of lines of code 10s of lines of code
Multi-site app deployment Multi-step process
Single-step process
(with seamless GSLB configuration)
Software releases containing new
features
2 x per year 4 x per year
Configuration versioning Not available
Available
(including
iRules)
61 © 2025 F5

62. What to expect from the BIG-IP
Next Central Manager

63. Centralized Management of BIG-IP Next
Instances
Single Source of Truth Control Across Environments
Comprehensive Dashboards G Analytics
Obtain granular insights into the health and
performance of
apps and BIG-IP Next instances
Rapid G Declarative App
Deployment Configure L4-L7 services with
declarative API’s and FAST templates in a fast,
repeatable and automated manner
Streamlined Instance
Onboarding Declaratively onboard BIG-IP Next
instances with all the necessary L1-L3 settings
needed to get up and running
Centralized Monitoring, Alerting G
Reporting Receive alerts to rapidly respond to application
events and schedule reports to be automatically exported for
auditing purposes
Simplified Certificate Management
Complete TLS/SSL certificate lifecycle management
ensures operational continuity, compliance and
security
Seamless Instance Upgrades, Backup G Restore
Initiate rapid Instance software upgrades and backup /
restore Instance configurations
Licensing Management G Visibility
Allocate licenses to BIG-IP Next instances, track
total consumption and manage subscription
lifecycles
ǪKView Management G iHealth Integration
Generate ǪKView files for BIG-IP Next instances and
upload these directly to iHealth to begin issue
troubleshooting
BIG-IP Next
Central
Manager

64. Recent product changes s your
journey to BIG-IP Next
64 © 2025 F5

65. Your feedback continues to inform BIG-IP Next’s
strategy
“I’m very familiar and
comfortable with BIG-IP’s UI
and taxonomy as it is
today”
“Our current BIG-IP
operations are
heavily reliant on
iControl and TMSH”
“We don’t have the need or
capacity for the BIG-I
P Next
Central Manager
currently”

66. BIG-IP Next
Central
Manager
On-box Instance
Management +
Consistent Operations
Adding an on-box management milestone with
familiar operations will simplify your transition

67. What to expect with BIG-IP Next’s direct instance
management
1 2 3
Operational continuity
BIG-IP TMOS taxonomy
and interfaces including
iControl and TMSH will be
carried forward,
preventing the need for
unnecessary retooling
In-place upgrades
Simply upgrade your
existing BIG-IP TMOS
instance to BIG- IP Next;
nuke and pave migrations
are no longer required
Faster development
velocity
Entire protocols and use
cases will be introduced
collectively instead of
developing capabilities
parameter-by- parameter

68. BIG-IP Next will provide flexible management
options for everyone
BIG-IP Next
Central
Manager
Direct, On-bo: Management Centralized Management
GUI
API
Admi
n
iControl REST (API)
AS3 / DO (API)
GUI
TMSH (CLI)
Admi
n

69. Transition to BIG-IP Next at your own pace with in-place
upgrades
BIG-IP TMOS on iSeries
TMOS TMOS TMOS
Next Next
BIG-I
P Ne:t on rSeries
iSeries rSeries rSeries rSeries
BIG-IP TMOS on VIPRION TMOS TMOS TMOS Next Next
BIG-IP Ne:t on VELOS
VIPRION VELOS VELOS
VELOS
BIG-IP Virtual Edition
TMOS TMOS Next Next
BIG-IP Ne:t Virtual Edition
Virtual Virtual Virtual
Edition Edition Edition

70. What will the BIG-IP Next upgrade experience
look like?
BIG-IP v17.x
Install config
validator file
Validate
config is
compatible
Install v21.x
onto 2nd boot
location
BIG-IP v21.x

71. Primary Use
Cases
Full Use
Case
BIG-IP Next will be upgrade-ready for each module
by 202C
Ǫ4 2025 Ǫ1 2026 Ǫ2 2026 Ǫ4 2026
On-bo: mgmt.
LT
M
WAF
On-bo: mgmt.
DNS LT
M
WAF Access
SSLO Edge FW
Policy
Enforcer
CGNAT
On-bo: mgmt.
DNS LT
M
WAF Access
SSLO Edge FW
Policy
Enforcer
CGNAT
On-bo: mgmt.
DNS LT
M
WAF Access
SSLO Edge FW
Policy
Enforcer
CGNAT
Central
Manager
DNS
(core)

72. BIG-IP TMOS lifecycle extension grants additional time to transition
BIG-IP v16.1
BIG-IP v17.1
BIG-IP Next v20
BIG-IP Next v21
BIG-IP Next v22
BIG-IP v17.5* (LTS release including new
features)
BIG-IP TMOS/Next version
lifespan
Previous BIG-IP
v17.5 EoL
BIG-IP v17.5 End
of Lifecycle:
January 1st
2029
New BIG-IP
v17.5 EoL
2021 2022 2023 2024 2025 202C 2027 2028
2
2
0
02
2
9
9

73. Your feedback Our response
Perpetual licensing is a hard
requirement for regulatory and
budgetary reasons
BIG-IP Ne:t will be available with perpetual licensing
Time-limited free trial licenses won’t allow
us to adequately test BIG-IP Next
BIG-IP Ne:t will offer Lab licenses
vCPU-based metering for BIG-IP Next VE
isn’t a good fit for our organization
BIG-IP Ne:t VE will also offer bandwidth-based
metering (25Mbps – 10Gbps)
We don’t feel we’re getting value for our V18
BIG-IP VE licenses, since you’re not delivering
BIG-IP v18
Customers with V18 BIG-IP VE license are entitled to
use equivalent BIG-IP Ne:t VE licenses through BIG-IP
EoL
The lack of commercial bundling for BIG-IP
Next modules could inflate our costs
BIG-IP Ne:t will maintain Good, Better, Best (GBB)
licensing bundles
Your feedback continues to inform BIG-IP Next’s licensing strategy

74. All existing licensing and metering models carried forward
Metering Licensing
Subscription
8vCPU Lab (10Mbps)
12vCPU 25 Mbps Perpetual
16vCPU 200 Mbps
FCP
BIG-IP Next Virtual
Edition 20vCPU 1 Gbps
PAYG (Public Cloud)
BYOL (Public Cloud)
24vCPU 3 Gbps
5 Gbps
10 Gbps
BIG-IP Next on
rSeries
Licensed per appliance
Subscription
Perpetual
FCP
BIG-IP Next on
VELOS
Licensed per appliance
Subscription
Perpetual
FCP

75. What is PCI DSS?
PCI Security Standards Council (PCI SSC) is a global forum that brings together
payments industry stakeholders to develop and drive adoption of data security
standards and resources for safe payments worldwide
Payment Card Industry (PCI) Data Security Standard (DSS) defines
security requirements to protect environments where payment account
data is stored, processed, or transmitted
Sets the minimum technical and operational security requirements for
compliance for organizations storing, processing, or transmitting payment card
data

76. PCI DSS compliance can be expensive, but it’s
necessary
A breakdown of potential costs to obtain PCI DSS certification
Preparation costs
Employee training , infrastructure upgrades,
etc.
Audit costs
Self-Assessment Ǫuestionnaire (SAǪ):
$5,000 to
$20,000; or a Report of Compliance (ROC):
$35,000 to $200,000 – annual recurring
costs
Vulnerability scans
Ǫuarterly vulnerability scans internally
or by a PCI DSS-Approved Scanning
Vendor (ASV):
~up to $200 per IP annually
Penetration tests
Penetration testing required for most orgs: $3,000
to
$30,000, depending on org size
Compliance fees
Card service providers may charge between $70 to
$120 annually to recover compliance-related
expenses

77. And this is all before factoring in loss of reputation and revenue losses due to a breach!
However, PCI DSS non-compliance can cost even more
The costly consequences of not complying with PCI DSS
Non-compliance fees
~$5,000 - $100,000 per
month!
Increased transaction fees
Up to $90 per transaction!
Loss of merchant license
Losing license to accept credit
cards =
Serious business impact
Cost of a data breach
Investigations C legal expenses
FTC audits
Cardholder notifications
Affected customer compensation
Requirement to meet Level 1
compliance (additional $50,000 -
$200,000 annually)

78. What is PCI DSS v4.0?
78 © 2025
F5

79. What is PCI DSS v4.0?
PCI DSS v4.0: Developed with global industry collaboration
3
Request for
comment (RFCs) on
draft content
C,000+
Items of
feedback
received
200+
Companies
provided
feedback
• Updates firewall terminology to network security controls to support broader range of
technologies
• Requires multi-factor authentication (MFA) for all access into cardholder data environment
• Increases flexibility to demonstrate how different methods in use achieve security objectives
• Adds targeted risk analyses to allow flexibility to define how frequently certain activities may be
performed

80. Out with the old, in with the new
PCI DSS v.3.2.1 PCI DSS v4.0
Prescriptive controls and standard requirements
Focused on security outcomes (custom and risk-
based approach to meet security objectives)
Focused MFA for admin access to
cardholder data environments
Expanded MFA requirements across use cases
Encryption requirements limited to certain
data transmissions and storage scenarios
Broader requirements for encryption to address
emerging threats and technologies
Standardized testing process with fixed templates
More robust and flexible testing procedures
(targeted risk analysis and validation)
Reporting is primarily compliance-focused
Reporting focuses on security outcomes
and continuous improvement
Source:
pcisecuritystandards.org

81. Detailing some of the new changes in PCI DSS v4.0
Customized approach
Orgs can use alternative
methods if they prove
security objects are being
met
Stronger passwords
Updates password
rules: longer
passphrases,
no forced changes unless
compromised
Targeted Risk Analysis
Promotes risk analysis
for adaptive security
controls
Enhanced awareness
and training
Adds frequent
updates to training
on phishing and
social engineering
Monitoring and
logging
improvements
Requires continuous
monitoring and
automated log reviews
to enhance threat
detection
Cloud and
third-party security
Adds cloud security
and third-party
service requirements
Source:
pcisecuritystandards.org
Encryption key
management
enhancement
s
Tightens encryption key and
cryptographic process
controls
Implementation
timeline
Transition period until
March 31, 2025

82. PCI DSS v4.0 has 12 requirements that include security, access control,
vulnerability management, and data protection
Apply secure
configurations to
all system
components
Develop and
maintain secure
systems and
software
Protect all
systems and
networks from
malicious
software
5 C
Implement C
maintain controls
for network security
1 2
Log C monitor
all access to
system
components
C
cardholder
data
Restrict physical
access to cardholder
data
9 10
Protect cardholder
data with strong
cryptography during
transmission over
open, public networks
Identify users C
authenticate access
to system
components
Restrict access to
system components
and
cardholder data
by
business need to
know
7 8
Protect
stored
account data
3 4
Support info sec
with organizational
policies C programs
12
Test security of
systems C network
regularly
11

83. Why PCI DSS v4.0?
Continue to
meet the
security
needs of the
payment
industry
Promote
security as
continuou
s process
Add
flexibility for
different
methods
Enhance
validation
methods

84. Organizations now required to maintain compliance
Add new or extend existing security solutions to comply with PCI DSS v4.0
Required:
Vulnerability
security
assessment tools
Required:
Automated
detection and
prevention for web-
based attacks
Required:
Client-side
attack defense
Required:
Stricter access
controls C stronger
auth
Required:
Anti-
phishing
mechanism
s
Required:
Intrusion
detection and/or
prevention

85. PCI DSS and WAFs
85 © 2025 F5

86. WAFs and PCI DSS v4.0
compliance
Public Facing Apps
Mandatory deployment
Requires a solution in front of
public-facing web apps to detect,
prevent, C alert on web-based attacks
The role of WAF
A WAF fulfills requirements
by monitoring C filtering app
traffic
Comprehensive protection
WAFs defend against app layer
attacks like exploiting un/known
vulns in code, libraries, C build
tools
Broader security
WAFs mitigate risks from config flaws
C automated attacks targeting
payments, credentials, C installed
apps

87. How a WAF can help attain PCI DSS v4.x compliance
Source:
pcisecuritystandards.org
Protect
cardholder
data
Prevent SǪL
injection,
XSS attacks
Monitorin
g and
logging
Enhancing
encryptio
n
Mitigating
DDoS
attacks
Automate
s updates

88. F5 s PCI DSS

89. Business entity that is not a payment brand, directly involved
in the processing, storage, or transmission of cardholder data
on behalf of another entity. This also includes companies
that provide services that control or could impact the
security of cardholder data.
Examples include managed service providers that provide
managed firewalls, IDS and other services as well as
hosting providers and other entities.
If an entity provides a service that involves only the provision
of public network access—such as a telecommunications
company providing just the communication link—the entity
would not be considered a service provider for that service
(although they may be considered a service provider for
other services).
F5 is a PCI DSS v4.0 Certified Service Provider
89 © 2025 F5

90. F5 WAF
BIG-IP Advanced WAF
Distributed Cloud WAF
NGINX App Protect

91. F5 delivers the most comprehensive and flexible market
leading WAF solution delivered wherever your apps reside
Available in different deployment models and form factors to meet any app and API security requirement
Available in
multiple delivery
models
Appliance, software,
SaaS, and edge
Supports most
deployment
types
Hybrid, multicloud,
on-premises/data center, VM, public
cloud, private cloud, edge, and
containers (Kubernetes)
Designed to protect
all types of apps
Traditional, multicloud, hybrid,
cloud-native, modern
containerized, and microservices

92. All F5 WAFs share the same WAF engine
Platform-agnostic app security for distributed architectures from edge to cloud

93. PCI DSS v4.0: Protecting web apps from attack
BIG-IP Advanced WAF, Distributed Cloud WAF, NGINX App Protect
AI/ML powered detection
Signature-based attack
detection Behavioral analysis
User behavioral analytics
Secures against OWASP Top
10 CI/CD pipeline ready
Bot mitigation
DDoS attack
protection IP
Reputation
Automated updates
Rate-Limiting
CAPTCHA
Comprehensive logging C
reporting Integrates with Web
App Scanning
3.4.1
Mask primary
account number
(PAN)
6.2.4
Mitigate common
software attacks C vulns
in software development
6.4.1, 6.4.2*
Install automated solution
that continually detects C
prevents web-based attacks

94. Comprehensive PCI
DSS Coverage from
F5
94 © 2025 F5
Distributed Cloud Client-Side
Defense Distributed Cloud API
Security Distributed Cloud Web
App Scanning Distributed Cloud
Mobile App Shield BIG-IP APM
BIG-IP SSL
Orchestrator BIG-IP
AFM
Distributed Cloud Bot
Defense Mobile App Shield

95. PCI DSS v4.0: Detect s Prevent Skimming
Distributed Cloud Client-Side Defense
Prevents skimming and formjacking
Monitors client-side code for
continuous and comprehensive
protection against malicious
JavaScript
Apply all necessary measures
to safeguard personal data
Uncover suspicious data
exfiltration patterns with
advanced machine learning
algorithms
Provides actionable alerts on
unauthorized modifications via
emails, SMS, Slack, C more
6.4.3*
Confirm all payment
page scripts authorized
Assure integrity of
payment page scripts
Keep inventory of
scripts C justify need
11.6.1*
Alert personnel to
unauthorized HTTP headers
C payment page content
changes
Configure to evaluate
received HTTP header C
payment page
Perform at least once
every 7 days or
periodically

96. Comprehensive API discovery
Robust API
testing1 Runtime
protection
Continuous monitoring C anomaly
detection
PCI DSS v4.0: Securing APIs
Distributed Cloud API Security
1 Roadmap, anticipated delivery in 2
Ǫ
CY25
* Required after
3/31/25
6.2.3
Pre-production or -
release testing of
bespoke/custom
software including APIs
6.2.4
Mitigate common
attacks C vulns using
software
engineering or other methods
6.3.2*
Maintain inventory of
bespoke software C
components including APIs
6.4.2*
Install automated technical
solution to continually
detect C prevent web-
based attacks

97. PCI DSS v4.0: Understanding the attack surface
Distributed Cloud Web App Scanning
External attack surface management
Automated penetration testing
Continuous visibility C vulnerability
detection
4.2.1
Maintain an inventory
of software C
components
6.4.1
Regular reviews for new
threats C vulns in public web
apps using automated app
vulnerability security
assessment tools
11.3.1*
Perform internal
vulnerability scans C
rescans as needed
11.4.1
App-layer pentesting to at
least identify vulns listed in
6.2.4

98. PCI DSS v4.0: Authentication, authorization, s
securing access to cardholder data
BIG-IP Access Policy Manager (APM)
Zero trust application
access/Identity Aware Proxy
Use- and role-based access
controls Least privilege access
Policies based on time, day, inactivity,
etc. Dynamic security posture
assessment Secures in-transit data
MFA C step-up authentication support
4.2.1*, 8.3.2
Strong cryptography and security to
safeguard PAN over open, public networks
C make all auth factors unreadable during
transmission
7.2.5*
Use-based C least privilege access
7.2.6*
Deploy an access control system C
limit cardholder data (CHD) access
8.2.7, 8.2.8
Time-based, monitored third-party
access C idle session timeout C re-auth
8.3.G
Analyze account security posture
before allowing access
8.4.2, 8.4.3
Support for MFA for non-console C
remote access

99. PCI DSS v4.0: Addressing critical control system
failures
BIG-IP SSL Orchestrator
Orchestrate traffic through the security
stack
Monitor health of security stack solutions
Mitigate impact by active bypass of
offline solutions
Address security service
changes/insertions by seamless traffic
transfer without interrupting traffic flow
Defend against outbound traffic
dispersing malware, exfiltrating data, or
communicating with command-and-
control (C2) channels
5.4.1*
Processes C automated
mechanisms in place to
detect C protect against
phishing attacks
10.7.2*
Detect, alert, C address failures
of critical security control
systems
10.7.3*
Prompt response to critical
security control system
failures C quick restoration
11.5.5.1*
For service providers only:
Detect IDS and/or IPS
techniques, alert on/prevent, C
address covert malware
communication channels

100. PCI DSS v4.0: Addressing critical control system
failures
BIG-IP Advanced Firewall Manager (AFM)
Performs Layer 5 - 7 inspection of
all incoming traffic to adhere to
protocol standards C match
against known attack signatures
Protects DNS infrastructure
against protocol attacks and
exploits
11.5.1*
Intrusion detection
and/or intrusion
prevention techniques to
detect and/or prevent
intrusions into
the network

101. PCI DSS v4.0: Securing mobility
Distributed Cloud Bot Defense C Distributed Cloud Mobile App Shield
F5 Distributed
Cloud Bot
Defense
Significantly reduce bot
attacks Protect APIs
Reduce login attacks by 96%
Reduce app fraud costs by
30%
F5 Distributed
Cloud Mobile App
Shield
Prevent
repackaging Stop
runtime attacks
Meet compliance
requirements

102. F5 helps you meet and maintain compliance with PCI DSS
v4.0
Add new or leverage your existing F5 investments for quick, comprehensive compliance!
Required:
Vulnerabilit
y security
assessmen
t tools
Required:
Stricter
access
controls C
stronger auth
Required:
Automate
d
detection
and prevention
for web-
based
attacks
Required:
Anti-
phishing
mechanism
s
Required:
Client-
side
attack
defense
Required:
Intrusion
detection
and/or
preventio
n

103. 1
Time is running
out! So, the time is
now!!
Deadline: March 31, 2025!
Strengthen
payment security s
validation
F5 helps you address
PCI DSS v4.0
compliance!
The 3 things
to remember!
If you don’t
remember anything
else from this session,
this is what you need
to remember
2
3

104. Crawford s
Company
CUS T O M E R S T O RY
A1. Crawford & Company needed to deliver and secure “Digital
Desk” App, both publicly and privately.
B2. Suddenly, they were faced with impossible task of migrating apps
from a data center in Canada to AWS within 2 weeks.
C3. Next, they had to connect apps across AWS and Azure,
while facing personnel attrition and talent gaps
D4. Lastly, they had to migrate apps from 11 data centers to the two
public clouds AWS, Azure, and secure their apps in both the clouds
Cloud-native security offerings from various public
cloud providers did not meet their security
compliance standards and provided inconsistent
protection.
Connecting Apps across Clouds required multiple
disparate products resulting in complex operations.

105. Crawford & Company needed to deliver and secure
“Digital Desk” App, both publicly and privately from
AWS
Disjointed application security & lack of visibility
Increased complexity to deliver privately & publicly
AWS
Digital
Desk
AWS WAF AWS ALB
INTERNET
A

106. A node deployed in
every location that
abstracts hybrid
multicloud complexity
F5 Distributed Cloud provided Hybrid Multi-Cloud App Delivery and
Security services via five integrated solution components
A single console that
gives rich observability
and centralized
lifecycle management
Deliver apps locally
and globally and
connect apps privately
across clouds
Distributed
App
Security
Distributed
App Connect
Customer Edge
(CE)
1 2 3 4 5
Global anycast network
with presence in all
major markets, providing
edge app delivery and
security services
Global Network
(PoP)
SaaS
Console
Centralized security
policies, distributed
enforcement inside
enterprise boundary

107. Simplified operations via F5 Distributed Cloud’s Hybrid
SaaS (CE+PoP) App Delivery & Security services
AWS
Digital
Desk
INTERNET
AWS WAF AWS ALB
F5 Distributed Cloud Console
Centralized management and analytics
NETOPS DEVOPS SECOPS
1 2
5
4
App Connect
3

108. Inside the CE software stack -
Mesh
API
Security
WAF
Proxy
Load
Balancer
Firewal
l
Routin
g
Applicatio
n Delivery
Controller
Mesh
Integrated High Performance
Networking Stack [L3-L7]
App Stack
Identit
y
Service
Discovery
Secrets
Mgmt.
Distributed
Application [Fleet]
Cluster
Managemen
t
Compute
Platform
Service
Control
Simplified Application
Infrastructure Stack
1

109. apps from a data center in Canada to AWS within 2
weeks
AWS
Digital Desk
F5 Distributed Cloud Console
Centralized management and analytics
NETOPS SECOPS
DEVOPS
DATA CENTER
Increased operational complexity to migrate apps across hybrid cloud environment
App 1
App 2
B
Suddenly, they were faced with impossible task of
migrating

110. F5 Customer Edge (CE) and App Connect created an App
Fabric, enabling seamless migration of apps across Hybrid
Clouds
AWS
Digital
Desk
F5 Distributed Cloud Console
Centralized management and analytics
DEVOPS
SECOPS
NETOPS
DATA CENTER
App 1
Hybrid Multicloud App Delivery
App 2 App 2
1
App Connect
3

111. Azure
Next, they had to connect apps across AWS and Azure,
while facing personnel attrition and talent gaps
AWS
F5 Distributed Cloud Console
Centralized management and analytics
NETOPS SECOPS
DEVOPS
Digital Desk
App 2
DATA CENTER
App
1
App
2
Azure Azure Azure API
WAF LB
Mgr.
App
Disjointed application
security
Connecting apps private required 5 disparate products,
resulting in operational complexity
C

112. Azure
F5 Customer Edge (CE) provided consistent operations and
App Connect enabled secure app-to-app connectivity across
clouds
AWS
Digital
Desk
F5 Distributed Cloud Console
Centralized management and analytics
DEVOPS
SECOPS
NETOPS
App 2
DATA CENTER
App
1
App
2
Azure
WAF
Azure Azure API
LB
Mgr.
App
App Connect
Multicloud App Delivery

113. Azure
Lastly, they had to migrate apps from 11 data centers to the two
public
AWS
Digital
Desk
F5 Distributed Cloud Console
Centralized management and analytics
DEVOPS
SECOPS
NETOPS
DATA CENTER
App 1
App 2 App 2
App
D
clouds AWS, Azure, and secure their apps in all of these
locations
App Connect

114. Azure
F5 Distributed Cloud offered an architectural approach to
solve the most complex delivery and security challenges –
simply!
AWS
Digital
Desk
F5 Distributed Cloud Console
Centralized management and analytics
DEVOPS
SECOPS
NETOPS
DATA CENTER
App 1
App 2 App 2
App
Universal App Delivery s Security
Platform

115. F5 Distributed Cloud Services offered the best of both
worlds. We migrated our first data center in a matter of
weeks while putting in place the foundation for full
migration to a multicloud environment. We can now
apply security policies and protect distributed
applications in as little as five minutes.
— Matt Nears, Deputy Chief Information Security
Officer, Crawford & Company
115 © 2025
F5

116. Complement the power of BIG-IP with the
flexibility, added delivery capabilities C
security layers of Distributed Cloud
Services
Bring the cloud to BIG-
IP

117. Distributed Cloud helped Crawford s Company solve three
big challenges – BIG-IP customers can benefit from the
same!
1 2 3
Simplified app migrations
and app-to-app connectivity
across hybrid/multicloud for
both public and private apps
Consistent security policies
configured centrally, enforced
across enterprises’ distributed
multicloud environments
Simplified and consistent
operations via rich
observability, AI assisted
operations, centralized
management for all
applications, in any
location

118. Let’s see this in
action!

119. How do we do this?
3 simple steps to bring the cloud to BIG-IP
Deploy a Customer Edge
Configure a Customer Edge (CE)
with network reachability to BIG-IP
to discover apps and attach
services
CEs can be deployed in any
environment – on-premises,
cloud, co-location, or edge
Enable Service Discovery
Service Discovery will build a
centralized inventory view of
all applications (virtual
servers) configured on BIG-IP
Attach Cloud Services
Choose which cloud services to
use with specific virtual servers
1. Extend the security perimeter
to F5 Distributed Cloud
Services
2. Enable application
portability and migrations
3. Enable API Discovery for BIG-
IP virtual servers
1 2 3

120. Discover Applications on BIG-IP TMOS
Seamlessly build an inventory of all BIG-IP virtual servers and make them available to attach cloud services
App2
App1
App3
App Catalog
XC Console
ON-PREMISES DATA CENTER
App
Discovery
Public Client
Private Client
F5 globally managed point of presence running same CE
software
CE software stack deployed in customer environment Service Discovery control plane traffic
Key
BIG-IP TMOS

121. 19 © 2025
F5

122. Discover Applications on BIG-IP TMOS
Seamlessly build an inventory of all BIG-IP virtual servers and make them available to attach cloud services
App2
App1
App3
App Catalog
XC Console
ON-PREMISES DATA CENTER
App
Discovery
Public Client
Private Client
Key Value Delivered
• Discover all BIG-IP virtual
servers (applications) in
seconds
• Observability for all discovered BIG-
IP applications in the Distributed
Cloud Console
Key CE software stack deployed in customer
environment
Service Discovery control plane
traffic
F5 globally managed point of presence running same CE
software
BIG-IP TMOS

123. Use Case 1: Move your Application DMZ onto the F5 Global
Network
Effortlessly connect BIG-IP virtual servers to public users via the F5 Global Network using App Connect
App2
App1
App3
App Catalog
XC Console
Private
Client
Global
Network
Public
Client
Public
Client
ON-PREMISES DATA CENTER
App
Discovery
Key CE software stack deployed in customer
environment
Service Discovery control plane
traffic
F5 globally managed point of presence running same CE
software
BIG-IP TMOS

125. Use Case 1: Move your Application DMZ onto the F5 Global
Network
Effortlessly connect BIG-IP virtual servers to public users via the F5 Global Network using App Connect
App2
App1
App3
App Catalog
XC Console
Private
Client
Global
Network
Public
Client
ON-PREMISES DATA CENTER
App
Discovery
Key CE software stack deployed in customer
environment
Service Discovery control plane
traffic
F5 globally managed point of presence running same CE
software
BIG-IP TMOS
Key Value Delivered
• Seamlessly move the
application security perimeter
out of the datacenter
• Get defense in depth with multitude
of application security controls
• Get rich analytics to help
security operations

126. Use Case 2a: Migrate Apps with Distributed Cloud Services
Simplify application migrations for public-facing applications
App2
App1
App3
App
Discovery
App1
PUBLIC CLOUD
App VPC
Global
Network
XC Console
App Catalog
Public
Client
ON-PREMISES DATA CENTER
Key CE software stack deployed in customer
environment
Service Discovery control plane
traffic
F5 globally managed point of presence running same CE
software
BIG-IP TMOS

128. Use Case 2a: Migrate Apps with Distributed Cloud Services
Simplify application migrations for public-facing applications
App2
App1
App3
App
Discovery
App1
PUBLIC CLOUD
App VPC
Global
Network
XC Console
App Catalog
Public
Client
Key Value Delivered
• Effortlessly migrate applications
across any environments – saving
both time C operational costs
• Simplify operations with zero
networking and rich
observability
• Run both versions of applications
in parallel with granular control on
migration schedule
ON-PREMISES DATA CENTER
Key CE software stack deployed in customer
environment
Service Discovery control plane
traffic
F5 globally managed point of presence running same CE
software
BIG-IP TMOS

129. Use Case 2b: Private Application Delivery across Hybrid Cloud
Seamlessly connect BIG-IP virtual servers across hybrid and multicloud environments
Overlapping IPs
XC Console
App Catalog
App2
App1
App3
App4
PUBLIC CLOUD
App VPC
Overlapping IPs
ON-PREMISES DATA CENTER
App
Discovery
Key CE software stack deployed in customer
environment
Service Discovery control plane
traffic
F5 globally managed point of presence running same CE
software
BIG-IP TMOS

131. Use Case 2b: Private Application Delivery across Hybrid Cloud
Seamlessly connect BIG-IP virtual servers across hybrid and multicloud environments
Overlapping IPs
XC Console
App Catalog
CE software stack deployed in customer
environment
Key Service Discovery control plane
traffic
App2
App1
App3
App
Discovery
App4
PUBLIC CLOUD
App VPC
Overlapping IPs
Key Value Delivered
• Deliver private applications in
minutes, even with overlapping IPs
• Connect applications without
exposing underlying network
• Rich observability
F5 globally managed point of presence running same CE
software
BIG-IP TMOS
ON-PREMISES DATA CENTER

132. Use Case 2c: Private Partner App Delivery across Hybrid Cloud
Seamlessly deliver applications to partners privately with network separation
Overlapping IPs
XC Console
App Catalog
CE software stack deployed in customer
environment
Key Service Discovery control plane
traffic
App2
App1
App3
App4
PUBLIC CLOUD
App VPC
Overlapping IPs
App5
Partner VPC
Red
Segment
Isolated Partner Network
Traffic
ON-PREMISES DATA CENTER
App
Discovery
F5 globally managed point of presence running same CE
software
BIG-IP TMOS

134. Use Case 2c: Private Partner App Delivery across Hybrid Cloud
Seamlessly deliver applications to partners privately with network separation
Overlapping IPs
XC Console
App Catalog
App2
App1
App3
App
Discovery
App4
PUBLIC CLOUD
App VPC
Overlapping IPs
App5
Partner VPC
Red
Segment
Key Value Delivered
• Deliver private applications to an
isolated partner network segment
in minutes, even with overlapping
IPs
• Deliver applications to partners
without exposing underlying network,
even with overlapping IPs
• Rich observability
Key Isolated Partner Network
Traffic
CE software stack deployed in customer
environment
Service Discovery control plane
traffic
F5 globally managed point of presence running same CE
software
BIG-IP TMOS
ON-PREMISES DATA CENTER

135. Use Case 2d: Migrate Private Apps with Distributed Cloud
Services
Seamlessly migrate private applications from data centers to the cloud
Overlapping IPs
XC Console
App Catalog
App2
App1
App3
App4
PUBLIC CLOUD
App VPC
Overlapping IPs
App5
Partner VPC
Red
Segment
App2
ON-PREMISES DATA CENTER
App
Discovery
Key Isolated Partner Network
Traffic
CE software stack deployed in customer
environment
Service Discovery control plane
traffic
F5 globally managed point of presence running same CE
software
BIG-IP TMOS

137. Use Case 2d: Migrate Private Apps with Distributed Cloud
Services
Seamlessly migrate private applications from data centers to the cloud
Overlapping IPs
XC Console
App Catalog
App2
App1
App3
App
Discovery
App4
PUBLIC CLOUD
App VPC
Overlapping IPs
App5
Partner VPC
Red
Segment
App2
CE software stack deployed in customer
environment
Key Service Discovery control plane
traffic
Isolated Partner Network
Traffic
Key Value Delivered
• Migrate applications in minutes,
even with overlapping IPs
• Rich observability
• Run both versions in parallel with
granular control on migration
schedule
F5 globally managed point of presence running same CE
software
BIG-IP TMOS
ON-PREMISES DATA CENTER

138. Use Case 3: Enable API Discovery for BIG-IP Virtual Servers
Enable deep visibility into API traffic traversing BIG-IP virtual servers with API Discovery
Public
Client
API
Discovery SECOPS
API logs of
Virtual Server
App2
App1
App3
Private
Client
CE software stack deployed in customer
environment
Key Service Discovery control plane
traffic
App Catalog
XC Console
CE is not in
the data
path
ON-PREMISES DATA CENTER
App
Discovery
F5 globally managed point of presence running same CE
software
BIG-IP TMOS

139. 37 © 2025
F5

140. Use Case 3: Enable API Discovery for BIG-IP Virtual
Servers
Enable deep visibility into API traffic traversing BIG-IP virtual servers with API
Discovery
Public
Client
API
Discovery SECOPS
API logs of
Virtual Server
CE is not in
the data
path
App2
App1
App3
Private
Client
F5 globally managed point of presence running same CE
software
CE software stack deployed in customer
environment
Key
BIG-IP TMOS
Service Discovery control plane
traffic
App Catalog
XC Console
Key Value Delivered
• Seamlessly enable API Discovery
for virtual servers on BIG-IP
• Get deep visibility into API traffic to
help security operations
ON-PREMISES DATA CENTER
App
Discovery

141. By bringing the Cloud to BIG-IP, customers can benefit from …
1 2 3
Simplified app migrations
and app-to-app connectivity
across hybrid/multicloud for
both public and private apps
Consistent security policies
configured centrally, enforced
across enterprises’ distributed
multicloud environments
Simplified and consistent
operations via rich
observability, AI assisted
operations, centralized
management for all
applications, in any
location

142. Learn about enhancing BIG-IP with F5 Distributed Cloud
1 2 3
DevCentral
Article
Teachable Course Technical Documentation

143. F5 rSeries:
Meeting New
Standards
FIPS certificate BIG-IP
Tenant Cryptographic
Module
BIG-IP v17.1.0.1
tenant F5 rSeries
F5 VELOS
BIG-IP
v17.1.0.1
FIPS
Common
Criteria

144. BIG-IP 17.5: New Software Updates
and
New Hardware
Support
BIG-IP LTM
Post-
quantum
crypto
BIG-IP DNS
Hybrid Public
Key
Encryption
Support for
ODoH
BIG-IP AFM
SSH
Proxy
Ciphe
r
selectio
n
BIG-IP WAF
JSON Web
Token
Protectio
n
BIG-IP APM
Auto-
launch
BIG-IP SSLO
Bug Fixes
Support for F5
CX1610 and
BX520
TIME TO
UPGRADE

145. LATENC
Y
AI s High-Capacity Workloads Are Changing the
Game
AI Adoption is
increasing
rapidly
Workloads require ultra-
low
latency and high
throughput
Traditional infrastructure
is struggling to keep
up
THROUGHPU
T

146. Key Challenges in AI s High-Capacity Workloads
Network Congestion and
Inefficient Routing
Complex routing slows data
flow
Slow Throughput G Latency
Slow networks hinder AI
performance
Reactive Operations
No insights, no
optimization
Data Exposure
AI data is a high-value
target

147. Scaling AI Workloads without
Compromising
Intelligent Traffic Steering
BIG-IP DNS
Optimized AI Data Pipelines
BIG-IP LTM
Application Visibility G Analytics
BIG-IP APM
Security G Compliance
BIG-IP AFM
Speed or
Security

148. Optimizing S3 Data Ingestion and Replication
S3 Tier-1 Process
S3 Tier-1 Process
S3 Tier-1 Process
S3 Tier-2
Store
S3 Tier-2
Store
S3 Tier-2
Store
S3 Tier-3
Collect
S3 Tier-2
Store

149. Optimizing S3 Data Ingestion and Replication
S3 Tier-1 Process
S3 Tier-1 Process
S3 Tier-1 Process
S3 Tier-2
Store
S3 Tier-2
Store
S3 Tier-2
Store
S3 Tier-3
Collect
S3 Tier-2
Store
S3 Tier-2
Store
S3 Tier-2
Store
F5 VELOS CX410 C
BX520
Ingress LB
BIG-IP
LTM BIG-IP
APM BIG-
IP DNS
F5 VELOS CX1610 C
BX520
Ingress LB
BIG-IP LTM
BIG-IP AFM
BIG-IP SSLO

150. F5 VELOS helps organizations achieve unmatched performance, reliability,
and security for mission-critical applications, safeguarding workloads and
reducing downtime in high-performance environments.
UNCOMPROMISED SPEED
AND SECURITY:
F5 VELOS MODULAR ADC

151. • Revolutionize traffic management with multi-
terabit Layer 4-7 throughput.
• Strengthen resilience with redundant
system controllers that safeguard against
failures.
• Reduce operational complexity while
boosting performance with a fully
automatable, API-first architecture.
• Effortlessly scale performance with advanced
multi- tenancy and blade groupings to
securely isolate resources across your
environments.
• Integrate powerful FPGA hardware offloading
for encryption at massive scale.
Meet VELOS CX410 and the new
CX1C10

152. Half-Width Heavyweight:
BX520
56 Physical
Cores
112 Logical
Cores
4TB SSD
Storage
512GB DDR4
RAM
Ejector
Handle
Latch
Release
Port 2 ǪSFP-
DD
400G or
4x100G
Port 1 ǪSFP-
DD 100G or
4x100G
Alarm
LED
Status
LED
USB 3.0
Port

153. Plug-N-Play Swappable:
BX520

154. THE ALL NEW BX520
BLADE
supercharges your chassis with 400GbE connectivity, delivering next-level throughput, security, and resource agility
for demanding enterprise and service providers workloads.
VIPRIO
N
B4450N
VELO
S
BX110
VELO
S
BX520
Physical Cores 12 14 56
Logical Cores / vCPU 24 28 112
RAM 256 GB 128 GB 512 GB
Disk 1.2 TB 960 GB SSD 4TB SSD
100G Interfaces 2x100G 2x100G 8 * 100G
400G Interfaces N/A N/A 1*

155. Maximize Tenant Density
F5 VIPRION
4800
8x 4450N
Blades
F5 VELOS
CX410
8x BX110
Blades
F5 VELOS
CX1610
16x BX520
Blades
19
2
Maximu
m
Tenant
s
176
Ma
eT
xi
na
mum
snt
38
4
Maximu
m
Tenant
s

156. 0
150
125
100
75
50
25
200
175
F5 VELOS BX520
Blade
0
150
125
100
75
50
25
200
175
0
150
125
100
75
50
25
200
175
65Gbp
s
Compressio
n
Throughpu
t
180Gbp
s
Offload Encrypted Traffic At Scale
F5 VIPRION 4450N
Blade
F5 VELOS BX110
Blade
Compressio
n Throughp
ut
Compressio
n
Throughpu
t
80Gbp
s
160K SSL TPS (RSA 2K)
80K SSL TPS (P-256-
ECDSA)
100K SSL TPS (RSA
2K)
70K SSL TPS (P-256-
ECDSA)
200K SSL TPS (RSA 2K)
140K SSL TPS (P-256-
ECDSA)

157. F5 VELOS BX520
Blade
300
250
200
150
100
50
400
350
0
95Gbps
L4
95Gbps
L7
Unleash Massive Throughput
F5 VIPRION 4450N
Blade
F5 VELOS BX110
Blade
1.2M L4
CPS
3M L7
RPS
Throughp
ut
375Gbps
L4
300Gbps
L7
5M L4
CPS
14M L7
RPS
Throughp
ut
Throughp
ut
140Gbps
L4
140Gbps
L7
2.9M L4 CPS
5M L7 RPS
300
250
200
150
100
50
400
350
300
250
200
150
100
50
400
350
0 0

158. Maximize VELOS CX410 with BX520 Blades
800Gbps
Redundan
t System
Controller
800Gbp
s
Redundan
t
Syste
m
Controlle
r
4x
100Gbps
4x
100Gbps
400Gbp
s
1.2Tbps of
Throughput.
C0% Increase over the
BX110

159. Scale Beyond Limits:
CX1610
USB 3.0
Port
32 Ǫuarter Width
Slots
AC or DC Power
Inputs support up to
12 power supplies
n + 1 Redundant Fan
Trays
Console
Port
Management
Port
Dual System Controllers Status C Alarm LEDs LCD Display
4 x Power Supply
Controllers

160. Maximize VELOS CX1610 with BX520 Blades

161. Maximize VELOS CX1610 with BX520 Blades
3.2Tbps
Redundan
t System
Controller
3.2Tbp
s
Redundan
t
Syste
m
Controlle
r
4x
100Gbps
4x
100Gbps
400Gbp
s
CTbps of Low-Latency High-Throughput Application
Services

162. Take advantage of
F5’s
generous trade-in offers
UNLEAS
Visit the App Delivery Showcase to Learn more
about the VELOS CX1C10 s
BX520
H MASSIVE
THROUGHPUT

163. The F5 Application Delivery
and Security Platform
Presenter | Presenter title

164. This complexity drives cost, operational fragmentation,
and increased cybersecurity risk
HIGH COST
Caused by unoptimized cloud
spend and multiple operational
siloes
OPERATIONAL
COMPLEXITY
Fragmented control across
teams, policies, consoles = point
product sprawl
UNMANAGEABLE CYBER-
RISK EXPOSURE
Expanded threat surfaces from app
and API sprawl and lack of resources

165. ADCs are the right technical approach for addressing app
security and delivery challenges
Consolidate multiple
services, reducing the
number of network bumps.
Adaptable to various
environments, like physical
data centers, service meshes,
and far edge environments, etc.
ADCs

166. Demands have evolved since the days of the very first
ADC
The ADC began as a consolidated, physical platform. Cloud and containerization rendered this approach
impractical.

167. 2023 -
Hybrid
Multicloud
Distributed AI
Applications
AI Security
Data
Center
2005 - 2015
ADC appliance
Monolithic and
Three-Tier Apps
WAF & DoS
Protection
We are at the beginning of “the next ADC
evolution”
The Next ADC
Evolution
F5 CONFIDENTIAL – NOT FOR EXTERNAL USE
Cloud
Disruption
2016 - 2022
ADCaaS
Microservice &
Containerization
Cloud
WAAP

168. The next-gen of ADCs must have six key properties
F5 CONFIDENTIAL –
NOT FOR EXTERNAL
USE
1
2
3
4
5
6
Complete delivery
and security for
every app
Deployable
anywhere and in any
form factor
Single policy, unified
management
Rich analytics and
insights
Fully programmable
data planes
Full lifecycle
automation
Next-generation ADCs must have
these 6 key properties to meet
organizational demands
in the AI era.

169. Enterprises have been trying to address this, actively
consolidating both application delivery and security functions
F5 State of Application Strategy 2024
NOV-DEC 2023 Global Survey of 632 IT decision makers
ALL verticals and geographies represented
Consolidating/auditing
application delivery
Consolidating/auditing
application security
Consolidating/auditing both
application delivery and
security
No specific policy or plan to
consolidate/auditing
application delivery and
security
0%
10%
20%
30%
40%
50%
60%
12%
29%
52%
7%
Percentage of respondents actively consolidating application delivery, security, or both

170. A significant percentage of the market uses both WAAP and at least
one availability service (load balancing, ingress, or service mesh)
F5 State of Application Strategy 2024
NOV-DEC 2023 Global Survey of 632 IT decision makers
ALL verticals and geographies represented
Respondents with both WAAP and Availability
Services
Respondents without both WAAP and Availability
Services
67%
33%
Percentage of respondents with or without both WAAP and Availability
Services

171. © 2024 F5
​ 172
​
There's a clear need to converge
application delivery and security into a
unified platform

172. 2023 -
Hybrid
Multicloud
Distributed AI
Applications
AI Security
Data
Center
2005 - 2015
ADC appliance
Monolithic and
Three-Tier Apps
WAF & DoS
Protection
Welcome to ADC 3.0
“ADC 3.0”
“ADC 1.0”
F5 CONFIDENTIAL – NOT FOR EXTERNAL USE
Cloud
Disruption
2016 - 2022
ADCaaS
Microservice &
Containerization
Cloud
WAAP
“ADC 2.0”

173. © 2024 F5
​ 174
​
We are fully implementing the ADC 3.0 vision

174. © 2024 F5
​ 175
​
Introducing a converged application delivery and
security platform

175. © 2024 F5
​ 176
​
Introducing the F5 Application Delivery
and Security Platform

176. • Converges app and API security with high-
performance delivery—all in a single platform. ​
• Is API-driven and enables consistent policies
across environments.
• Provides rich analytics, and leverages AI
assistants to greatly simplify operational
workflows.
• Runs where you need it:
o close to your applications on hardware
o on digital processing units (DPU) for AI
applications
o in containerized environments like
Kubernetes
o in software or in SaaS environments.
The F5 Application
Delivery and Security
Platform is the most
extensive in the industry
F5 CONFIDENTIAL – NOT
FOR EXTERNAL USE

177. Drive down your cost and reduce your complexity
and risk
Operational
simplicity
Reduce the complexity
and costs that come with
managing disparate point
products that aren’t
interoperable and lack
integration
Policy consistency
Enable every app, app
component and API—at
the edge or in the cloud—
to benefit from
consistent,
comprehensive security
and delivery.
Full visibility and AI
insights
Full automation and high
programmability
streamline workloads
while visibility and AI
insights across the
portfolio improve
outcomes.
Flexible deployment
options
Run close to your apps on
hardware; on DPUs or AI
apps; in containers like
Kubernetes; on software;
or via SaaS.

178. This is the F5 Application Delivery and Security
Platform

179. ©2025 F5
​ 181
New AI uses cases driven by LLMs and technology
innovations are propelling deployments of large-scale AI
infrastructure
Large-scale AI
Infrastructure
Investment
Use Cases
AI Factories / Private AI
AI-SaaS / GPU-aaS
Sovereign AI
Edge AI
Technology
Innovation
Specialized AI Accelerators:
GPUs/TPUs
High-Performance Computing
DPUs for high-performance
networking

180. ©2025 F5
​ 183
1 2 3
Key focus areas for companies investing and deploying
AI infrastructure
Maximize Investment
Ensure that valuable GPU and CPU
resources are fully utilized
Increase the number of supported
users and customers
Security
Secure data, apps, and APIs
Isolate user and customers on
shared infrastructure
Scale for Production
Move from POCs to production
Full stack integration with
observability

181. ©2025 F5
​ 184
AI brings great technology innovation and potential business
growth, but with it comes new challenges
CONFIDENTIAL
Networking
AI training and inferencing presents
new challenges to networking
• Large sustained data flows for
training
• Low latency needed for performant
inferencing
• Network security
APIs
APIs are central to AI and used
extensively during training and
inference
• Greater number of APIs compared
to traditional apps
• Protecting the explosion new APIs
required to connect AI models
• Lack of visibility into AI APIs
AI Apps
AI workloads introduce new
management complexity and security
challenges
• Defending against attacks on AI
apps
• Safely connecting AI models with
data that lives in disparate
environments
• Insufficient visibility into AI app
health and performance

182. ©2025 F5
​ 185
S3
Local Data
Storage
North-South Traffic
GPU cluster GPU cluster
MODEL MODEL
CPU cluster
AI APPS
DPU
GPU-to-GPU Network
AI TRAINING
PODS
PCIe
GPU cluster
MODEL
CPU cluster
AI APPS PCIe
AI INFERENCE
PODS
AI FACTORY
Multi-Tenant
Training / RAG
Admin Access
Multi-Tenant
Inference
Client Access
AI infrastructure differs from
traditional data center
architectures, driven by
unique AI workload
requirements
DPUs are becoming a key
component in accelerated
networking for AI
infrastructure
Kubernetes is the de facto
standard for AI workload
deployments, confronting
scaling and complexity
challenges that F5 solves
©2025 F5
​
185
AI Factories: Next generation data
centers
DPU
DPU

183. ©2025 F5
​ 186
1 2 3
F5 has been the leader in application deliver at critical
industry inflection points
Traditional data centers Public cloud AI cloud
ADC 1.0
Traditional Apps
ADC 2.0
Modern Apps
ADC 3.0
AI Apps

184. ©2025 F5
​ 187
Powering Kubernetes
Networking for Today’s
Complex Workloads

185. ©2025 F5
​ 188
Major challenges emerge when deploying cloud-native
infrastructure, leading to Kubernetes "Ball of Fire"
THE REALITY
THE VISION THE REALITY
Simple Cloud-Native Deployment
(apps connecting users or to other apps)
Advanced Cloud-Native Deployment
(Complex Apps, Telco 5G, Large Enterprise, AI)
Kubernetes
is the
orchestration
layer for containerized
cloud
Kubernetes Cluster
INGRESS
Users
Kubernetes Cluster
Is this app
or app or
app
traffic?
App
po
d
po
d
App
po
d
po
d
App
po
d
po
d
INGRESS
Edge
Users
Private

186. ©2025 F5
​ 189
F5 BIG-IP Next for Kubernetes overcomes limitations,
significantly simplifying the Kubernetes "Ball of Fire"
Advanced Cloud-Native
Deployment
(Complex Apps, Telco 5G, Large Enterprise, AI)
BIG-IP Next for Kubernetes
Scalable networking and security for ingress and egress traffic
control
Highlights
• Simplified Operation
• High Performance
• Integrated Security
Kubernetes Cluster
App
po
d
po
d
App
po
d
po
d
App
po
d
po
d
BIG-IP Next
for
Kubernetes
Edge
Users
Private
North-South
Traffic

187. ©2025 F5
​ 190
F5 empowers Kubernetes deployment for 4G/5G/MEC with enhanced security, scalability, and visibility
Enhancing Verizon's 5G Core: BIG-IP for Kubernetes Streamlines
Verizon’s Webscale Cloud Infrastructure
30 Million Subscribers
Today
Traffic Management and Control
• L4 load balancing: TCP, UDP, and SCTP
• L7 load balancing: HTTP/2, Diameter, SIP
• GTPcV2 load balancing
• BGP routing
• Rate limiting
Security
• Signaling firewall and DDoS
• Topology hiding
Visibility
• Statistics and analytics
DEPLOY FOR OVER

188. ©2025 F5
​ 191
Leveraging F5 BIG-IP Next for
Kubernetes to Solve AI
Factory Networking
Challenges

189. ©2025 F5
​ 192
1 2 3
Maximizing AI infrastructure utilization
requires three key capabilities…
Multi-tenancy Zero Trust &
Tenant Isolation
Observability

190. ©2025 F5
​ 193
Solving the unique challenges AI workloads bring to data
centers
BIG-IP Next for Kubernetes deployed on NVIDIA BlueField-3 DPUs
Switching
HOST COMPUTE
BlueField-3 DPU
Switching
BlueField-3 DPU
Switching
HOST COMPUTE
BlueField-3 DPU
Switching
BIG-IP
AI Node Host Compute
BlueField-3 DPU
AI
App
Scalable
BIG-IP NEXT ON NVIDIA BLUEFIELD-3 DPUS CUSTOMER BENEFITS
Central control and management for AI traffic (incl.
inference, RAG, storage) will all application services,
delivered by BIG-IP Next for Kubernetes
BIG-IP Next for Kubernetes runs on BlueField-3 DPU;
Minimizes hardware footprint and optimizes
performance.
1. Multi-tenancy: for AI Cloud providers
2. Tenant Isolation and Security: Required to
support AI-aaS and GPU-aaS use cases
3. Rich Observability: reporting and packet capture
4. High performance and low latency networking:
Increasing GPU utilization, while also freeing up
valuable CPU resources
5. Fine grain traffic management: including smart
load balancing of elephant flows, etc.

191. ©2025 F5
​ 194
Multi-tenancy and security are critical requirements for AI-
aaS and GPU-aaS providers to maximize ROI
BIG-IP Next for Kubernetes BIG-IP Next for Kubernetes
AI FACTORY
Customer A Customer B Customer C
CLUSTER 1 CLUSTER 2
DPU DPU
Customer B
Customer A Customer C
AI
Infrastructure
AI
Infrastructure
AI
Infrastructure
Without With
DPU
CLUSTER 3 CLUSTER
AI FACTORY
DPU
AI Infrastructure
Underutilization
To achieve multi-tenancy AI-aaS and GPU-aaS providers
dedicate clusters per customer
Resource Maximization
BIG-IP Next for Kubernetes allows customers’
tenants to be isolated for security on shared AI
infrastructure

192. ©2025 F5
​ 195
F5 delivers high-performance networking and security
AI infrastructure, storage clusters, and Edge AI
Key Capabilities
1. Improve infrastructure and GPUs
efficiency for AI factories and GPU-aaS
use cases
Intelligent traffic management, multi-
tenancy, and security for greater data
ingestion performance and optimized GPU
utilization
2. Greater performance for storage clusters
DPU’s are starting to be deployed in storage
clusters to improve data ingestion
performance
3. Multi-tenant inferencing and security for
AI and edge use cases
Single solution for traffic management,
networking and security on NVIDIA DPU for
Edge AI use cases
PCIe
S3
Local Data
Storage
North-South Traffic
GPU
cluster
GPU
cluster
MODEL MODEL
CPU cluster
AI APPS
GPU-to-GPU Network
AI TRAINING PODS
PCIe
GPU
cluster
MODEL
CPU cluster
AI APPS PCIe
AI INFERENCE PODS
AI FACTORY
Multi-Tenant
Training / RAG
Admin Access
Multi-Tenant
Inference
Client Access
DPU
1
EDGE AI
DPU
2
DPU
3
DPU
3
GPUs
MODEL
CPUs
AI APPS

193. ©2025 F5
​ 196 ©2025 F5
​
196
F5 delivers high-performant
networking and security for
your AI deployments
Remove
limitations in AI
infrastructure
©2025 F5
​
196
Traffic Management
Intelligent Load-balancing
Ingress / Egress
High-Performance
Scale and Flexibility
Seamless scale-out
Multi-tenancy for
customer and network
isolation
Security
Edge Firewall with DDoS
mitigation
Intrusion Prevention
Encryption and Certificates
Observability
Traffic analytics and capture
Unified view across traffic
management and security
Feeds for external
monitoring dashboard and
apps