Вы находитесь на странице: 1из 39

INTRODUCING F5 BIG-IQ

How F5 centralized management is changing

Dan Kim – Product Manager


BIG-IQ
CLOUD | SECURITY

CONFIDENTIAL
2
What is BIG-IQ?

BIG-IQ – Management Plane


BIG-IP – Data Plane

F5 BIG-IQ is an intelligent management platform to provide application


delivery intelligence across both Global Data Center and Cloud deployments
F5 BIG-IQ
Intelligent Management Platform in 2013

BIG-IQ SECURITY BIG-IQ CLOUD


(firewall)

BIG-IQ Platform
Intelligent Management Framework

F5 Networks Confidential
F5 BIG-IQ
Intelligent Management Platform
Modular Approach

BIG-IQ
SECURITY
(firewall)
BIG-IQ CLOUD BIG-IQ DEVICE Future
Modules

BIG-IQ Platform
Intelligent Management Framework

F5 Networks Confidential
BIG-IQ: Platform, Modules and REST API
• Open/exentsible
• Modular framework
• Platform provides services
common to all modules
• Modules interact with
platform using REST- API (Public REST/JSON)
based APIs
Services
• Modules licensed
BIG-IQ
separately Data Model
Platform
Store
F5 Networks Confidential
iControl Rest
Open and extensible platform

3rd Party - Completely open architecture


Management - iControl Rest leveraged for all device to device
Solution
communication
- Opportunity to provide value added services
API (Public REST/JSON)

API (Public REST/JSON)

BIG-IQ
Platform API (Public REST/JSON)
What is the BIG-IQ Platform?
Choice Between HW or VE

BIG-IQ Platform
Multi Device Management = F5 BIG-IQ™
OR
F5 BIG-IQ™
Hardware Platform
Virtual
Edition

1HCY2013 1HCY2014

F5 Networks Confidential
Hostname: dankim.pm.f5.com
BIG-IQ IP Address: 1.1.1.1

Select Product:

BIG-IQ CLOUD
BIG-IQ Security

TMOS

(c) Copyright 1996-2013, F5 Networks, Inc., Seattle, Washington. All rights reserved.
BIG-IQ

BIG-IQ Cloud
Benefits +
Gain Cloud Visibility

Simplify Provisioning and


Consolidate Management
Enable Flexibility with Third Party
Management Orchestrators

Enable Cloud Bursting


BIG-IQ

BIG-IQ Cloud
Benefits + REST based API integration for orchestration with other management platforms

Gain Cloud Visibility


Third-Party Cloud Orchestrators
Simplify Provisioning and
Consolidate Management
Enable Flexibility with Third Party
Management Orchestrators

Enable Cloud Bursting

Security Cloud

BIG-IQ Platform
BIG-IQ

BIG-IQ Cloud
Benefits + Leverage Public Cloud IaaS

Gain Cloud Visibility

Simplify Provisioning and


Consolidate Management
Enable Flexibility with Third Party
Management Orchestrators

Enable Cloud Bursting


BIG-IQ

BIG-IQ Cloud
Benefits + Manage iApp CRUD operations centrally and customizing the iApps for individual tenants

Gain Cloud Visibility

Simplify Provisioning and


Consolidate Management
Enable Flexibility with Third Party
Management Orchestrators

Enable Cloud Bursting


BIG-IQ

BIG-IQ Cloud
Benefits + Gain visibility across clouds, devices, tenants in a single view

Gain Cloud Visibility Provider View


Simplify Provisioning and
Consolidate Management
Enable Flexibility with Third Party
Management Orchestrators

Enable Cloud Bursting


BIG-IQ

BIG-IQ Cloud Today


Benefits + 2013 top-10 and bottom-10 policies by hitcount
Monitor

Gain Cloud Visibility Supports BIG-IP LTM only Clients


Monitor
Simplify Provisioning and Rule1 2.3 M
Available as a VE only
Consolidate Management dankim.pm.f5.com mgmt

Rule2 1.1 M
Enable Flexibility with Third Party dankim.pm.f5.com global
Separate from BIG-IQ Security BIG-IQ
Management Orchestrators Rule3 873 K
Security dankim.pm.f5.com selfip
Cloud Connectors – VMware Rule4 632 K
Enable Cloud Bursting vCloud Director and Amazon dankim.pm.f5.com virtual

Web Services Rule5 559 K


dankim.pm.f5.com virtual

BIG-IP AFM Rule6 546 K


dankim.pm.f5.com global

Rule7 481 K
dankim.pm.f5.com virtual

Rule8 248 K
dankim.pm.f5.com virtual

Rule9 223 K
dankim.pm.f5.com mgmt

Rule10 191 K
Data Center dankim.pm.f5.com global
BIG-IQ

Pricing
Benefits + 2013 Roadmap+
Product Description

Gain Cloud Visibility Supports BIG-IP LTM only F5-BIQ-CLD-VE-1k BIG-IQ


Additional BIG-IP AFM VE platform: 1000 Node License
benefits

Simplify Provisioning and


Available as a VE only F5-BIQ-CLD-VE-5k BIG-IQ ADF)
Additional solutions (e.g., VE platform: 5000 Node License
Consolidate Management
Enable Flexibility with Third Party
Separate from BIG-IQ Security F5-BIQ-CLD-VE-10k BIG-IQ
Available as appliance VE platform: 10000 Node License
or VE
Management Orchestrators
Cloud Connectors – VMware
Enable Cloud Bursting vCloud Director and Amazon F5-BIQ-CLD-VE-M BIG-IQ VE platform: Max Cloud Nodes
Web Services
F5-ADD-BIQ-CLD-VE-
BIG-IQ Cloud Software only: 1000 Nodes License
1K

F5-ADD-BIQ-CLD-VE-
BIG-IQ Cloud Software only: 5000 Nodes License
5K

F5-ADD-BIQ-CLD-VE-
10K BIG-IQ Cloud Software only: 10,000 nodes License

F5-ADD-BIQ-CLD-VE-
M BIG-IQ Cloud Software only: Max Cloud Node License
Hostname: dankim.pm.f5.com
BIG-IQ IP Address: 1.1.1.1

Select Product:

BIG-IQ CLOUD – VMware integration


BIG-IQ Security

TMOS

(c) Copyright 1996-2013, F5 Networks, Inc., Seattle, Washington. All rights reserved.
BIG-IQ

BIG-IQ – Vmware Integration


Benefits +
Integrated offering

Interconnection and portability


between traditional environments
and cloud
Flexible architecture that
supports SDN and traditional
networking
Ability to host private clouds for
sensitive data and outsource
non-critical apps to public cloud
BIG-IQ

BIG-IQ – Vmware Integration


Benefits + Shared Management Plane

Integrated offering

Interconnection and portability


between traditional environments
and cloud
Flexible architecture that
supports SDN and traditional
networking
Ability to host private clouds for
sensitive data and outsource
non-critical apps to public cloud
BIG-IQ

BIG-IQ – Vmware Integration


Benefits + BIG-IQ Objects in vShield

Integrated offering

Interconnection and portability BIG-IQ UI


between traditional environments
and cloud
Flexible architecture that
supports SDN and traditional
networking
Ability to host private clouds for
sensitive data and outsource
non-critical apps to public cloud VShield UI
BIG-IQ

BIG-IQ – Vmware Integration


Benefits + Integrated Application

Integrated offering BIG-IQ UI


Interconnection and portability
between traditional environments
and cloud
Flexible architecture that
supports SDN and traditional
networking
Ability to host private clouds for
sensitive data and outsource
non-critical apps to public cloud

vShield UI
Hostname: dankim.pm.f5.com
BIG-IQ IP Address: 1.1.1.1

Select Product:

BIG-IQ Security
BIG-IQ Cloud

TMOS

(c) Copyright 1996-2013, F5 Networks, Inc., Seattle, Washington. All rights reserved.
BIG-IQ

BIG-IQ Security
Benefits +
Reduce operational overhead

Reduce errors and downtime

Mitigate compliance risks

Monitor policy effectiveness


BIG-IQ

BIG-IQ Security
Benefits + Manage multiple BIG-IP AFM devices from a single pane of glass

Reduce operational overhead Clients

Reduce errors and downtime


BIG-IQ
Mitigate compliance risks Security

Monitor policy effectiveness

BIG-IP AFM BIG-IP AFM BIG-IP AFM

Data Center
BIG-IQ

BIG-IQ Security
Benefits + Manage multiple
Centrally manageBIG-IP
firewallAFM
policies
devices
and from
deploy
a single
to selected
pane BIG-IP
of glassAFM devices

Reduce operational overhead

Reduce errors and downtime Select policy: Select device:


BIG-IQ Deploy
Changes
Security  1
Mitigate compliance risks
2
Monitor policy effectiveness 3

BIG-IP AFM BIG-IP AFM BIG-IP AFM


BIG-IQ

BIG-IQ Security
Benefits + Centrally manage
Centralized auditing
firewall policies and deploy to selected BIG-IP AFM devices

Reduce operational overhead

Reduce errors and downtime Select policy: Select device:


BIG-IQ Deploy
Changes
Security  1
Mitigate compliance risks
2
Monitor policy effectiveness 3

BIG-IP AFM BIG-IP AFM BIG-IP AFM


BIG-IQ

BIG-IQ Security
Benefits + Centralized
Monitor top-10
auditing
and bottom-10 policies by hitcount

Reduce operational overhead Clients


Monitor

Reduce errors and downtime Select policy: Select device:


Rule1 2.3 M
BIG-IQ Rule2
Deploy
dankim.pm.f5.com
Changes
mgmt

1.1 M
Security  1 dankim.pm.f5.com global
Mitigate compliance risks BIG-IQ
Rule3 873 K
Security 2 dankim.pm.f5.com selfip

Monitor policy effectiveness Rule4 632 K


3 dankim.pm.f5.com virtual

Rule5 559 K
dankim.pm.f5.com virtual

BIG-IP AFM Rule6 546 K


dankim.pm.f5.com global

Rule7 481 K
dankim.pm.f5.com virtual

Rule8 248 K
dankim.pm.f5.com virtual

Rule9 223 K
dankim.pm.f5.com mgmt
BIG-IP AFM BIG-IP AFM BIG-IP AFM
Rule10 191 K
Data Center dankim.pm.f5.com global
BIG-IQ

BIG-IQ Security Today


Benefits + 2013 top-10 and bottom-10 policies by hitcount
Monitor

Reduce operational overhead Supports BIG-IP AFM only Clients


Monitor

Reduce errors and downtime Available as a VE only Rule1 2.3 M


dankim.pm.f5.com mgmt

Rule2 1.1 M
dankim.pm.f5.com global
Mitigate compliance risks Separate from BIG-IQ Cloud BIG-IQ
Rule3 873 K
Security dankim.pm.f5.com selfip

Monitor policy effectiveness Rule4 632 K


dankim.pm.f5.com virtual

Rule5 559 K
dankim.pm.f5.com virtual

BIG-IP AFM Rule6 546 K


dankim.pm.f5.com global

Rule7 481 K
dankim.pm.f5.com virtual

Rule8 248 K
dankim.pm.f5.com virtual

Rule9 223 K
dankim.pm.f5.com mgmt

Rule10 191 K
Data Center dankim.pm.f5.com global
BIG-IQ

Pricing
Benefits + 2013 Roadmap+
Product Description

Reduce operational overhead Supports BIG-IP AFM only Additional BIG-IP AFM
F5-BIQ-SEC-10-VE benefits
BIG-IQ VE platform: 10 AFMs managed

Reduce errors and downtime Available as a VE only Additional solutions (e.g.,


F5-BIQ-SEC-25-VE BIG-IQADF)
VE platform: 25 AFMs managed

Mitigate compliance risks Separate from BIG-IQ Cloud Available as appliance


F5-BIQ-SEC-50-VE or VE
BIG-IQ VE platform: 50 AFMs managed

F5-ADD-BIQ-SEC-
Monitor policy effectiveness 10
BIG-IQ Security Software only: 10 AFMs managed

F5-ADD-BIQ-SEC-
BIG-IQ Security Software only: 25 AFMs managed
25

F5-ADD-BIQ-SEC-
BIG-IQ Security Software only: 50 AFMs managed
50
BIG-IQ UI: Context Aware
Modern, innovative, intuitive UI
– Centralized Search and Filtering
– Show Relationships (brushing)
– Create Relationships (drag and
drop)
– Contextual Awareness
– Simplified Navigation Structure

Interactions with “Panels”


– Brushing
– Filtering
– Slide-out
– Creating new objects

F5 Networks Confidential
BIG IQ Security Roadmap
Subject to Change
Release: v4.0 (Allagash) v4.1 (Bigtime) v4.2 (Chuckanut)

Theme: Basic FW Mgmt Deployment Diagnostics

Timeframe April 2013 Aug 2013 Dec 2013

Device Setup (licensing, user BIG-IP Policy Support (Corona AFM) L3/L4 Policy Change Rollback
management)
Login ‘portal’ to BIG-IQ, launch pad Scale to 100 devices, 1000 rules each
to Security | Cloud Coarse-grained RBAC
Declaring Management Authority BIG-IP High Availability Policy Diferrence Review

Audit Log
Basic Multi-User Editing
L3/L4 rule edit & deploy, single
persona

Basic Monitoring
BIG-IQ

Zero provisioning for Private Cloud licensing pool for


VE

- EC2, Vmware vCloud Director, Openstack Connectors in BIG-IQ v4.3 (target December)
- EC2 demo currently targeted for BIG-IQ v4.2 (Bigtime release in August
- Ability to levarage private cloud licensing pools when working with VE
- Scope and Scenario currently being refined
BIG-IQ

Devops integration (puppet/chef)

- Rely heavily on F5 iControl for REST


- BIG-IP iControl for REST
- Early Access in 11.4 (Corona release)
- General Availability in Vancouver release
- BIG-IQ iControl for REST
- First release in BIG-IQ v4.0 (release in April)
- Next release in BIG-IQ v4.1 (release in August)
- Leverage BIG-IQ to proxy iControl to BIG-IP
- Consolidate
- Single point of Auth
BIG-IQ

Openstack

- Connector currently targeted for BIG-IQ v4.3 (Chuckanut)


- BIG-IQ chuckanut release is currently planned for Dec 2013/Jan 2014
- Dependency on Fall/Winter release of Openstack
- Current Scope to match level of integration with Vmware vCloud Director Integration
- F5 iApps integration
- These requirements will be more refined by Sept/Oct 2013
Hostname: dankim.pm.f5.com
BIG-IQ IP Address: 1.1.1.1

Select Product:

BIG-IQ Security

BIG-IQ Cloud

TMOS

(c) Copyright 1996-2013, F5 Networks, Inc., Seattle, Washington. All rights reserved.
BIG-IQ

What Is BIG-IQ?
Architecture

Management Plane

Data Plane

Applications
BIG-IQ

What Is Available Today?


Architecture 2013
Management Plane
Security Cloud

Data Plane
Management Plane
Applications Enterprise
Manager

Data Plane BIG-IQ Framework

Applications
BIG-IP AFM BIG-IP LTM
BIG-IQ

What You Can Expect


Architecture 2013 Roadmap
Management Plane BIG-IQ Security
Security Cloud Additional
Security Cloud Device Modules
Data Plane BIG-IQ Cloud

Applications Enterprise Manager Enterprise


Manager

BIG-IQ Framework

BIG-IP AFM BIG-IP LTM


BIG-IP AFM BIG-IP LTM All BIG-IP