Lora Čurković

Svijet izgleda bolje s F5®

Jakub Šumpich
The World Runs Better With F5®Networks Branko Radojević
Ana Klisura
Hrvoje Frühwirth

Zagreb, 15. veljače 2013.

 Općenito

WLAN „Forum Zagreb”, password „forum123”

parking karticu zamijeniti pri odlasku na recepciji za plaćenu parkirnu karticu
 Agenda

08:30 – 09:15 Registracija i kava dobrodošlice

09:15 – 09:30 Uvodni pozdrav – Sedam IT (Lora Čurković, CEO)

09:30 – 10:05 Ukratko o F5 Networks - F5 Networks (Jakub Šumpich, Territory
Manager)

10:05 – 10:40 Application Delivery and Security - Sedam IT (Hrvoje Fruehwirth)

10:40 – 11:25 Case study - CARNet NISpVU i eMatica - CARNet (Branko
Radojević) i Sedam IT (Ana Klisura)

11:25 – 11:45 Q&A

Ručak
 Lora Čurković
Svijet izgleda bolje s F5®
Predsjednik Uprave
The World Runs Better With F5®Networks Sedam IT d.o.o.

Zagreb, 15. veljače 2013.

F5 Networks i SedamIT

Partner od 2007.

Unity Silver partner, najviši partnerski status u regiji

8 certificiranih inženjera, najviše u regiji

Autorizirani service center za L1 & L2 podršku

on site hot spare set

Reference:
– Narodne novine
– Optima telekom
– FINA
– CARNet
– HT Eronet (Avacom)
– IDDEA (EMC)
– VIPNet (Nokia Siemens Networks)
– …

F5 BIG-IP
Customer Needs & Pains

Cannot scale ADC consider

infrastructure and part of critical
resources to deploy networking and
increasing number of application
applications infrastructure
Security attacks
are getting larger and
more sophisticated Security
(blend of L3 – L7 Multiple points of
DDoS) access control

Exponential increase Complexity of

in mobile devices accessing managing
apps causing higher
CapEx/OpEx & complexity to increasing number of
maintain performance, applications have led to
security, & availability infrastructure sprawl
requirements
Business Priorities

Scaling Business
Business Risk Improving Customer
without
Management Experience
Scaling Costs
F5 uses Purpose Built Hardware

• Integrated hardware and software

Focus on Customer system designed for application delivery
Experience
• High performance and on demand
scalability
• Carrier grade reliability—delivering
Performance and 99.999% availability
Scalability
• Products that will last and be supported
for many years
• Always On Management integrated into
Quality and Reliability design to detect and resolve issues

F5 spends over $20 million annually on R&D

 ScaleN Enabled BIG-IP Platforms Line Up

BIP-IP 2000s BIG-IP 2200s BIG-IP 4000s BIG-IP 4200v BIG-IP 10200v BIG-IP 11000 BIG-IP 11050
• 212K L7 RPS • 425K L7 RPS • 425K L7 RPS • 850K L7 RPS • 2M L7 RPS • 2.5M L7 RPS • 2.5M L7 RPS
• 2K SSL TPS (2K • 4K SSL TPS (2K • 4.5K SSL TPS (2K • 9K SSL TPS (2K • 42K SSL TPS (2K • 20K SSL TPS (2K • 20K SSL TPS (2K
key) key) key) key) key) key) key)
• 75K L4 CPS • 150K L4 CPS • 150K L4 CPS • 300K L4 CPS • 1M L4 CPS • 1M L4 CPS • 1M L4 CPS
• 5 Gbps L7 TPUT • 5 Gbps L7 TPUT • 10 Gbps L7 TPUT • 10 Gbps L7 TPUT • 40G L7 TPUT • 24 Gbps L7 TPUT • 40 Gbps L7 TPUT
• 2 10 Gigabit • 2 10 Gigabit • 2 10 Gigabit • 2 10 Gigabit Fiber • 16 10 Gigabit Fiber • 10 10 Gigabit • 10 10 Gigabit
Fiber Ports Fiber Ports Fiber Ports Ports (SFP+) Ports (SFP+) Fiber Ports (SFP+) Fiber Ports (SFP+)
(SFP+) (SFP+) (SFP+) • 8 Gigabit • 2 40 Gigabit Fiber
• 8 Gigabit • 8 Gigabit • 8 Gigabit Ethernet CU Ports (QSFP+)
Ethernet CU Ethernet CU Ethernet CU ports:
ports ports ports

VIPRION 2400 / 4 x VIPRION 4480 / 4 x

VIPRION 4800 / 8 x 4300
2100 Blade 4300 Blade
• 10M L7 RPS
Blade
• 4M L7 RPS • 20M L7 RPS
• 120K SSL TPS (2K key)
• 40K SSL TPS (2K key) • 240K SSL TPS (2K key)
• 5.6M L4 CPS
• 1.6M L4 CPS • 10M L4 CPS
• 160G L7 TPUT
• 72 Gbps L7 TPUT • 320G L7 TPUT
• 32 10 Gigabit Fiber Ports
• 32 10 Gigabit Fiber Ports (SFP+) • 64 10 Gigabit Fiber Ports (SFP+)
(SFP+)
• 8 40 Gigabit Fiber Ports • 16 40 Gigabit Fiber Ports
(QSFP+) (QSFP+)
 BIG-IP Product Portfolio of Services
Application Intelligence
Rate Shaping / Rate Limiting
Resource Cloaking
Transaction Assurance
Universal Persistence
Selective Content Encryption
Advanced Client Authentication
Application Health Monitors
Application Switching
Web Acceleration

BIG-IP Products Caching

Geolocation
Intelligent Compression
DC to DC Replication
Web Application Firewall

Shared Application Services

Local Traffic Manager
Global Traffic Manager
Application Security Manager
Access Policy Manager
WebAccelerator
WAN Optimization Module
TMOS
Operating System
Shared Network Services
TCP Optimization IP Packet Filtering
Protocol Sanitization IPv6
Optimized SSL VPN Dynamic Routing
DoS and DDoS Protection Secure Network Addr. Translation
VLAN Segmentation Port Mapping
Line Rate L2 Switching
(Mirroring, Trunking, STP, LACP)
 F5’s Strategic Points of Control

Users
Application and Data

Availability Optimization Security Management

Delivery Network

• Scale • Network • Network • Integration

• HA / DR • Application • Application • Visibility
• Bursting • Storage • Data • Orchestration
• Load-Balancing • Offload • Access

Resources
APP APP APP APP
OS OS OS OS

APP APP APP APP Private

OS OS OS OS

Public

Physical Virtual Multi-Site DCs Cloud

 Optimize Traffic Management and
Offload Application Server
with BIG-IP Local Traffic Manager (LTM)

BIG-IP LTM
Physical

Virtual

Public or
private
cloud

OPTIMIZED APPLICATIONS & DATA SECURE APPLICATIONS & DATA

• Application • RAM Caching • Application Proxy

Intelligence • Intelligent • Transaction Assurance
• Load Balancing Compressing • Resource Cloaking
• TCP • Health • Secure Network Address Translation
Optimization Monitoring • Port Mapping
• Rate Shaping • SSL offload • Selective Content Encryption
• Server Offload
Increase application Server Capacity and
better utilize Bandwidth
with BIG-IP Local Traffic Manager (LTM)

OPTIMIZED APPLICATIONS & DATA

• Connection Management
(OneConnect™)
• RAM Cache
• Compression offload
• SSL offload
BIG-IP LTM

• Increase server capacity

60% with OneConnect™

9x with RAM Cache

20% with Compression offload

30% with SSL offload
• Reduce costs with centralize SSL key management
 Secure Applications and Data
with BIG-IP Local Traffic Manager (LTM)
SECURE APPLICATIONS & DATA

• Application Proxy
• Transaction Assurance
• Resource Cloaking
• Network and protocol attack BIG-IP LTM
prevention
• Secure Network Address Translation
• Port Mapping
• Selective Content Encryption

Security at the application, protocol, and network levels

• Meet compliance requirements (PCI, HIPAA, etc.)
• Protect data without interrupting legitimate traffic
Benefits of LTM

Increase Application Availability

Accelerate Applications

Increase Application Server Capacity

Optimize Bandwidth Usage

Secure Applications and Data

Take Control of Application Delivery
 F5 iRules

Skriptni jezik temeljen na događajima

Razvijen na osnovi TCL (Tool Command Language) programskog jezika

Omogućava pisanje skripti za dodatno upravljanje dolaznim i odlaznim
prometom

Presretanje, preusmjeravanje, pregledavanje i transformacija dolazećeg ili
odlazećeg aplikativnog prometa

iRules programi se izvode i manipuliraju putem jedinstvenog sučelja za
programiranje aplikacija razvijenog od strane tvrtke F5

Sedam IT presentation for CUC 2010

 Global Application Availability
with BIG-IP Global Traffic Manager (GTM)
OPTIMIZED APPLICATIONS & DATA

• Dynamic Datacenter Load Balancing

• TCP Optimization
• Health Monitoring
• Geolocation
• Automatic site-to-site failover

Data Data Center

Center 1 2
SECURE APPLICATIONS & DATA

• Transaction Assurance
• DNS Security
• Dynamic DNSSEC
Attack protection
with BIG-IP Application Security Manager (ASM)
Leading Web Attack Protection
with BIG-IP Application Security Manager (ASM)

Web Applications
BIG-IP ASM

SECURE APPLICATIONS & DATA

• Web Application Firewall

• Protection from top OWASP threats including
DoS and DDoS
• Log and report all application traffic
• Provides L2->L7 protection
• PCI Compliance

• Maintain security at application, protocol, and network levels

• Launch secure applications protected from vulnerabilities
Meet PCI Compliance
with BIG-IP Application Security Manager (ASM)

PCI reporting provides:

• Requirements with details
• Current compliancy state
• Steps to become compliant

Easily comply with audits

Dramatically Improve User Experience
when accessing your Web Application
with BIG-IP WebAccelerator

OPTIMIZED APPLICATIONS & DATA

• Cache repetitive content in
browser
• Intelligent Compress
• TCP optimization
Benefits of BIG-IP WebAccelerator
 F5 – news

New product – Big IP Advanced Firewall Manager

high-performance, stateful, full-proxy network firewall
640 Gbps of firewall throughput
288 million concurrent sessions
8 million connections per second
A Firewall Built for the Data Center

“Next Generation” Firewall Application Delivery Firewall

Corporate Data center

(users) (servers)

• Outbound user inspection • Inbound application protection

• Who is doing what? • Application delivery focus
• “Trusted” users to Internet • “Untrusted” users to data center
• App awareness: Broad but • App awareness: Specific but deep
shallow
 Use Case: Application Delivery

• Deliver a consistently fast experience regardless of the countless variables

Customer • Manage new and evolving protocols as well as ever-increasing and
inconsistent traffic
needs to • Guarantee application availability, while reducing OPEX and CAPEX

F5 Value Dynamic,
Delivered highly
interactive Availability: Intelligent traffic Mobile Content
Enterprise
Application
web Always on management Delivery
Performance
Improve end user
applications Direct users to the Optimize traffic Deliver experience,
at the speed best location management customized increase revenue,
and enhanced
based on real-time decisions based device-aware
of business. application on contextual content productivity
without the need
delivery data and message data. optimization
performance to rewrite
applications
 Use Case: Security

• Attain protection from full spectrum of DDoS attacks

Customer • Achieve full SSL visibility and protection
needs to • Rely on key partnerships give you full vulnerability checking and
website protection

F5 provides
application
layer security Accelerated and secure
Protection at scale
remote access
and protects The Access Policy Manager With high scale and
your Internet (APM) module running on BIG- performance capabilities, the
F5 Value data center
IP and VIPRION platforms
represents the industry’s most
BIG-IP and VIPRION hardware
platforms running the
Delivered from today’s
scalable remote access solution Advanced Firewall Manager
module represent the world’s
fastest firewall
attacks
regardless of
where they
live.
 Use Case: Service Provider

• Ensure optimal network performance during IPv6 migration and handle the high
number of translations and concurrent connections
Customer • Support millions of logs being generated during Network Address Translation (NAT)
with High Speed Logging
needs to • Consolidate multiple services onto a single platform to streamline their network
and introduce new services faster to market while reducing costs
• Provide highly available platform for a reliable network and continuous up-time.

Available Scale Consolidate

High availability platform
F5 Value ensures service uptime and at-
peak performance
Delivered
• Highly scalable platform
enables you to handle more
concurrent connections and
new CPS helps you manage
traffic with fewer resources
resulting in lower CAPEX and
OPEX
• Scales to support generation
millions of logging records and
exporting them to a system
logging server
• Intelligent Services Platform
is an intelligent software-
controllable platform
enabling any service to run
on any blade, resulting in
simpler configuration and
management of network
resources
• Consolidate the number of
servers along with power,
space, cooling, and
management requirements.
 Hvala!

hrvoje.fruehwirth@sedamit.hr
Case Study Branko Radojević
CARNet NISpVU i eMatica Ana Klisura

Zagreb, veljača 2013.

Takeaways

Molimo popuniti upitnike i kod hostesa zamijeniti za mali znak pažnje

F5 – puno više od Load Balancera

Optimizacija
 Hvala!

f5event@sedamit.hr
F5 Introduction
Jakub Sumpich
Territory Manager
j.sumpich@f5.com

the Fortune 10 companies • 44 of the Fortune 50 companies • 18 of the top 20 U.S. commercial banks • 3 of
 F5 is #1 WW for Traffic/App Optimization

Users Data Center

Application
Delivery
At Home Network SAP
In the Office Microsoft
On the Road Oracle

•Bigger competitive ability

Benefits: •Lower OPEX costs of DC
•Application investment protection
 F5 Overview

400.000

350.000
Publicly traded on NASDAQ F5 Networks is the leading
provider of application and data
delivery networking 300.000

250.000

$ Thousands
200.000

3,000+ employees Our products sit at strategic 150.000

points of control in any
infrastructure
100.000

50.000
1,380,000,000
-
IPO in 1999 Fiscal Year 2012 Revenue
US$1.38B
 Organizations Worldwide Trust F5
F5 Customer highlights
• 43 of the Fortune 50 companies1
• 15 of the top 15 US commercial banks1
• 6 of the 6 top US airlines1
• 10 of the top 10 US insurance companies - property
and casualty1
• 5 of the top 6 healthcare: pharmacy and other
services1
• 14 of the 15 executive branch departments of the US
federal government2
• 10 of the top 10 fixed AND mobile global service
providers3
• 9 of the top 10 US online video brands4
• 4 of the top 5 US Internet search providers5
• 17 of 20 cloud infrastructure and Web hosting
companies6

Sources: 1 Fortune 2010; 2 USA.gov Web site listing 3 Q310 Ovum Market share, by revenue, global; 4 Nielson NetRatings September 2010; 5 Comscore November 2010; 6 Gartner
Magic Quadrant Cloud Infrastructure as a Service and Web Hosting (On Demand, December 2010)
How to fulfil business needs?
Multiple Point Solutions

Application

More
Bandwidth

Network Administrator Application Developer

Hire army of developers?

Add equipment?
 Result: Complicated and expensive infrastructure

Users Network Point Solutions Applications

Mobile Phone DoS Protection

Rate Shaping SSL Acceleration

CRM CRM SFA ER
PDA

Server Load Balancer

Laptop
ERP CRM ERP SF
Content Application
Acceleration Firewall

Desktop
Connection Traffic
Optimisation Compression Customised Customis
Application Applicat

Co-location
 Solution – Application Delivery Controller (ADC)
Users The F5 Solution Applications

Application Delivery Network

CRM
Mobile Phone
Database
Siebel
BEA
PDA
Legacy
.NET
SAP
Laptop
PeopleSoft
IBM
ERP
Desktop SFA
Custom

Co-location TMOS
50 billion connected Cloud Computing is in the Top 3
devices by 2020 concern for CIO priority in 2012

71% of all work will be mobile

or web-based by 2020

More delivery More

mechanisms challenges
impacting IT
infrastructure
185 billion
mobile app
downloads
by 2014 More users and
more choices
Traditional Application Delivery Challenges

App servers Storage

Firewall
ADC App servers Storage

Clients
 Traditional Application Delivery Challenges

SaaS App servers Storage

Firewall
ADC App servers Storage

Clients
Cloud

More Endpoints More Delivery Models More Apps

Solution: An Intelligent Services Platform

Physical

Virtual
Storag
An Intelligent Services Platform
connects any user, anywhere, from any
device to the best application resources,
independent of infrastructure.

Clients Cloud

Anywhere, any service, any device Intelligent Dynamic, agile, adaptive

Full Intelligence Requires a Full Proxy
gent Full Proxy Benefits
point of delivery & definition”
ntelligence - layer 3- 7 visibility
ct client / server control
d services / context
perability and gateway functions

Client/Server Client/Server

Web Application Web Application

Application Application

Session Session

Network Network

Physical Physical

IT = Complete Control
Business = Reduced Delivery Costs
View of the Analytics
F5 Networks

Offers the most feature-rich AP ADC, combined
with excellent performance and programmabilit
via iRules and a broad product line.

Strong focus on applications, including long-
term relationships with major application
vendors, including Microsoft, Oracle and SAP.

Strong balance sheet and cohesive
management team with a solid track record for
delivering the right products at the right time.

Strong underlying platform allows easy
extensibility to add features.

Support of an increasingly loyal and large group
of active developers tuning their applications
environments specifically with F5 infrastructure.
Gartner Advanced Platform DC Market Share
 F5: An Intelligent Services Platform
F5 makes the connected world run better

olutions available today:

Application Delivery Controller User Community

DevCentral
Intelligent Ecosystem
Mobile optimization solution
Programmable/Extensible iRules iControl iApps
Application Delivery Firewall Customizable
Mobile User and Application Traffic Management

Access Management Enterprise Fast

WAN Opt and WAN acceleration Intelligent

Available
Integrated
DNS Delivery Services Context aware
Secure
Local and Global Load Balancer
Foundation TMOS
Scale
Hardware Software
The F5 Business Value
Increased availability, scalability, performance, and security
drives increased business productivity and faster ROI

Lowers cost and risk of Maximizes and protects

deployment and application investments, reducing
maintenance operating and capital expenses

Improves application
Improves end-to-end performance and the user
application delivery experience

Protects applications against security threats and

network problems
Benefits of the Intelligent Services Platform for Enterpris
Fast

Improves performance, increases employee productivity,

boosts business operations and drives
e-commerce revenue.

DevCentral
Available
iRules iControl iApps
Efficiently delivers highly reliable application services while
maintaining maximum availability regardless of location or
state. Fast

Available
Secure
Secure
Delivers applications to high-performance mobile and Enterprise
remote users while providing dynamic, flexible and
TMOS
powerful security.
Hardware Software
 Efficiently delivers highly reliable application services while
Available maintaining maximum availability regardless of location or state.

“Cloud-based disaster recovery has

the potential to give companies lower
costs yet faster recovery, with easier
testing and more flexible contracts.” BIG-IP GTM has had an
- Rachel Dines, Forrester immediate and profound
effect on our reliability.
If a server ever goes
down, it reduces our

75% IPv6
downtime from 8-10
minutes to a couple
of milliseconds.
all U.S. businesses
ve experienced
IPv6 Don Wood,
erruptions due to: Director of Technology,
DNSstuff.com
power
hardware
A new set of customers.
There is a large, untapped customer base in Asia that
telecommunications
connects with IPv6-only devices and can only
software problems communicate with IPv6 hosts.
 Fast Improves performance, increases employee productivity,
boosts business operations and drives e-commerce revenue.

2012

74% are willing to wait

DNS has
5 seconds or less grown When we moved our
for a single web page to load Microsoft application
before leaving the site. over 100% servers behind the
2007 BIG-IP LTM devices,
we immediately noticed
a dramatic performance
2012
in the last improvement—the
Every 100ms delay 5 years. difference was like
night and day.
Costs Amazon 180% Kevin Rice,

1% in 2007 As of October 2012, there were

Global Network Architect,
A.T. Kearney

sales. over 188 million active websites,

a growth of 180% over the last
5 years.
 Delivers applications to high-performance mobile and remote users while
Secure providing dynamic, flexible and powerful security.

of surveyed Internet, technology and

social experts predict most work will
be done via web-based or mobile BIG-IP APM gives us
applications by 2020. an essential additional
layer of security.
It also allows us to
provide secure remote
access to each of our
An everyday laptop on an customers’ corporate
IT environments from
average connection can take
4X down an enterprise web
their own networks
and devices.
server using SSL/TLS. Jeffrey Dahn, CIO,
Lokahi Solutions

Anonymous proxies… have steadily increased,

more than quadrupling in number as
compared to three years ago.
 BIG-IP Module Architecture

BIG-IQ BIG-IQ…
EM™ Security™

BIG-IQ™

BIG-IP® BIG-IP® BIG-IP® BIG-IP® BIG-IP® BIG-IP® BIG-IP® BIG-IP® BIG-IP®

Local Global Application Advanced Access Web- WAN Opt Policy Carrier
Traffic Traffic Security Firewall Policy Accelerator Manager Enforce- Grade NAT
Manager Manager Manager Manager Manager (WA) (WOM) ment (CGNAT)
(LTM) (GTM) (ASM) (AFM) (APM) Manager
(PEM)

iRules®, iApps®, and iControl®

ADC
TMOS®
Service Provid
Security
Why Does F5 Build Purpose Built Hardware?

Focus on Customer Experience
Performance and Scalability
Quality and Reliability
Customers require:
• Integrated hardware and software system
designed for application delivery
• High performance and on demand scalability
• Carrier grade reliability—delivering 99.999%
availability
• Products that will last and be supported for many
years
• Always On Management integrated into design to
detect and resolve issues

F5 spends over $20 million annually on R&D

Leveraging Alliances
Programmability
Cisco’s recent ACE news
Cisco has decided it will not develop further generations of its ACE
load-balancing products…

Cisco Systems has significantly reduced its investment in the

development of the company’s ACE product... to re-align resources
with the company’s long-term opportunities.

As far back as 2009, Gartner was calling ACE a “legacy platform”,

predicting that Cisco would have to cede the application acceleration
market…

We also feel that F5, as the strong market leader, will be well-
positioned to capture a large portion of the share…
Benefits of F5 Global Services
iHealth
Better application performance, enhanced security and higher availability

Faster Maximum Increased Quicker

time to market return on investment project success problem resolution

Professional services Knowledge services Support services

Technology expertise | Service excellence | Customer focus | Global coverage

Case Study
CARNet NISpVU i eMatica Ana Klisura

Zagreb, 5. veljače 2013.

Sadržaj

1. NISpVU i www.postani-student.hr
2. eMatica
3. Izgradnja podatkovnog centra u CARNetu
4. Local Traffic Manager
5. Napredni nadzor sustava
6. Offload poslužitelja
7. F5 iRules
8. Što smo postigli u CARNetu?

Case Study – CARNet NISpVU i eMatica

NISpVU i postani-student.hr

NISpVU – Nacionalni informacijski sustav prijave na visoka učilišta

www.postani-student.hr – korisničko sučelje prema NISpVU sustavu

Prijave na državnu maturu, objave rezultate, upisne liste za fakultete

Servis se nalazi na LTM-u od samog

početka projekta Državna matura

Najveće korištenje stranice u trenutku
objave rezultata ispita državne mature

Između 30 000 i 40 000 korisnika svaku
godinu

Case Study – CARNet NISpVU i eMatica

 eMatica

Centralizirani sustav Ministarstva znanosti, obrazovanja i sporta za upisivanje

podataka o učenicima i zaposlenicima osnovnih i srednjih škola u Republici
Hrvatskoj

Na kraju godine omogućeno je ispisivanje svjedodžbi učenicima

Podaci uneseni u sustav automatski se sinkroniziraju s ostalim servisima

Sustav preseljen na poslužitelje iza LTM

uređaja u CARNetu u svibnju 2012. godine

Sustav se kontinuirano koristi kroz cijelu
godinu s najvećim opterećenjem na kraju
školske godine kod zaključivanja ocjena i
ispisivanja svjedodžbi

Case Study – CARNet NISpVU i eMatica

Izgradnja podatkovnog centra

Visokodostupan računalni sustav mora osigurati dostupnost, brzinu i

sigurnost aplikacija korisnicima u bilo kojem trenutku bez obzira na vrijeme,
lokaciju korisnika ili bilo koji faktor koji može utjecati na rad i dostupnost
sustava

Osiguravanje naprednih usluga i servisa i njihove nesmetane isporuke
članicama i korisnicima CARNet mreže

Središnjica IT arhitekture i veliki korak prema zaštiti poslovanje

Primarna i pričuvna lokacija podatkovnog centra

Cilj -> zaštititi servise organizacije i ostvariti efikasan način raspodjele
opterećenja

Case Study – CARNet NISpVU i eMatica

Local Traffic Manager

Nudi napredne funkcije poput upravljanja aplikativnim prometom, kontrole

pristupa i zaštite aplikativnog prometa na mreži

Glavna uloga LTM-a je raspodjela opterećenja klijentskih upita prema
pozadinskim aplikativnim poslužiteljima

Hardver dizajniran posebno za inteligentnu dostavu aplikativnog prometa: SSL
ubrzanje, kompresija, višejezgreno procesiranje

Brojne opcije za optimizaciju i upravljanje aplikativnim prometom

Modularnost i jednostavna nadogradnja

Case Study – CARNet NISpVU i eMatica

Visokodostupan računalni sustav u CARNetu

Izgradnja podatkovnog centra na dvije lokacije

Uređaji u active/standby načinu rada

Connection mirroring - kompletno zrcaljenje svih postojećih konekcija

Rezultat -> rješenje koje je visoko dostupno bez obzira na neispravnost sustava,
poslužitelja ili aplikacija te osigurava neprekidna usluga prema krajnjim
korisnicima

Case Study – CARNet NISpVU i eMatica

Napredan nadzor sustava

Napredan nadzor svih dijelova sustava

• Veliki broj ugrađenih aplikativnih monitora
• Mogućnost kreiranja custom monitora

Nadzor poslužitelja omogućuje odabir uvijek najboljeg resursa za isporuku
usluge korisnicima

Nadzor rada servisa omogućuje uvijek odabir poslužitelja koji će ispravnu
aplikaciju isporučiti korisnicima

Rezultat - > visoka razina raspoloživosti, veća pouzdanost i eliminacija false-
positive alarma

Case Study – CARNet NISpVU i eMatica

Offload poslužitelja

Terminacija SSL prometa

• SSL/TLS enkripcija i dekripcija podataka na LTM
• Posebni hardverski optimizatori za SSL promet omogućavaju potpuni offload
opterećenja sa središnjeg CPU sustava

Kompresija HTTP prometa
• Offload kompresije prometa s pozadinskih poslužitelja

Caching HTTP prometa
• Spremanje objekata u LTM memoriji

Brojni sigurnosni mehanizmi
• „Prva crta obrane”
• Veća sigurnost mreže i aplikativnih servisa
• Zaštita od DoS napada, SYN flood napada, UDP flood napada…

Case Study – CARNet NISpVU i eMatica

F5 iRules

Moćan i fleksibilan skriptni jezik temeljen na događajima

Omogućava kompletnu kontrolu i manipulaciju prometom koji prolazi kroz LTM

Moguće ih je primijeniti na bilo koji transportni protokol ili aplikativni promet

Posebno korisničko sučelje za pisanje iRule skripti

U CARNetu:
• http -> https redirekcija
• Cachiranje prometa
• Usmjeravanje klijentskih zahtjeva
na odgovarajući skup pozadinskih
poslužitelja
• Logiranje određenih događaja u
sustavu
• Promjena sadržaja HTTP headera

Case Study – CARNet NISpVU i eMatica

Što smo postigli u CARNetu?

Pouzdana i efikasna isporuka usluga korisnicima

Rasterećenje i smanjenje broja krajnjih poslužitelja

Raspodjela opterećenja na aplikacijskom sloju

Poboljšanje aplikacijskih performansi

Povećana sigurnost aplikacija i poslužitelja

Napredan nadzor poslužitelja i aplikacija

Uvijek odabir najboljih resursa

Inspekcija i manipulacija aplikacijskog sadržaja

Case Study – CARNet NISpVU i eMatica

Prepoznata kvaliteta LTM-a

Prepoznat doprinos LTM-a u uspostavi visoke dostupnosti i optimizacije servisa

Od ove godine na poslužiteljima u CARNetu nalaziti će se i NISPUSS

NISPUSS – Nacionalni informacijski sustav prijava i upisa u srednje škole

Case Study – CARNet NISpVU i eMatica

Kraj

Optimizirana i sigurna isporuka usluga korisnicima

Maksimalna dostupnost i optimalna dostava aplikacija

Kontrola i mogućnost jednostavnog skaliranja sustava

Mogućnost nadogradnje sustava kupnjom dodatnih modula ili licenci

Visoka dostupnost servisa ili aplikacija kao zahtjev danas se postavlja pred svaki
sustav

Case Study – CARNet NISpVU i eMatica

Pitanja, komentari…

mail to: ana.klisura@sedamit.hr

Case Study – CARNet NISpVU i eMatica

Hvala na pažnji!