Aplikacija novi vladar poslovanja Dino Novak F5 Networks
What is an application nowdays? Device native or HTTP based (no longer on client only) Dynamic (many server GET/PUT requests) Talks to backend service(s) using HTTP(S) or limited number of HTTP protocols Cross-Integrated
The begining July 10, 2008 October, 22 2008 *July 12, 2004
What did it let to in just 7 years...
Why is it important?
Applications are driving the greatest innovations in today s business and the greatest risk.
Now everything is critical 76% are willing to wait 10 seconds or less for a single web page to load on Mobile phone before leaving. 2010 2014 97% As of December 2014, there were over 180 million active websites, a growth of 97% over the last 5 years. 2014 Every 100ms delay Costs Amazon 1% in sales. 2010 DNS has grown over 120% in the last 5 years.
Enterprise architecture has changed Cloud-based apps are used every day
New rules of the game User expirience is top priority Mobile is No1 consumer device Users are global now Non-stop environment HTTP is new TCP All apps require the same:
F5 Company Snapshot Founded: 1996 ADC Market Share IPO: June 1999 Employees: Over 4,000 Headquarters: Seattle, Wa President and CEO: Manny Rivelo 51.3% Market symbol: FFIV (NASDAQ) Operations worldwide: 32 countries Application Delivery Controller (ADC) Segment Includes: Server Load Balancing/Layers 4-7 Switching and Advanced (Integrated) Platforms. Graphic created by F5 based on Gartner data. Gartner, Inc. Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 3Q13,
We cooperate / DevOps F5 Networks, Inc. 13
We support the biggest 47 of the Fortune 50 Companies 9 of the top 10 US Airlines 29 of the top 30 US Commercial Banks 9 of the top 10 US Wireless Carriers 10 of the top 10 US Telecoms 10 of the top 10 Global Brands 9 of the top 10 Global Oil & Gas Companies 10 of the top 10 Global Automotive Companies
What does Application Delivery Controller do? L4-7 Overlays the intelligence (ADC) L2-3 Lays te foundation for traffic (Routing / Switching)
Application Delivery Controller what is this? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
What can F5 ADC do for your apps? BIG-IP Virtual Edition Cloud Hosted App Health monitoring Scaling / Load balancing Traffic steering TCP Optimization Caching Compression Encryption Visibility / SSL Dec/Encryption App App/Backend DNS DNS Protection Global Load balancing Cloud Bursting DDOS Protection Datacenter Firewall Laptop Server Storage Web Application Firewall App Smartphone Internet BIG-IP Platform Database Access Security Cloud Access & Security Attackers 0-Day Threat Inspection Virtual Servers User Directory SSL VPN Geolocation / IP Intelligence
F5 Can Be Customized to Your Specific Needs Programmabilty Every customer has specific needs CUSTOM PROTOCOL CONNECTION AND SESSION MANAGEMENT Unique custom requirements DevCentral SECURITY AND VIRTUAL PATCHING Standard out-of-box requirements CUSTOM CONTENT BASED ROUTING AND REDIRECTION
Where F5 is located within DC? Application Delivery Controller Datacenter SAN Router Switch Servers SDN Virtualization Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
The most significant data breaches in the last 15 years were a result of application vulnerabilities.
Control through context Client Information + Traffic Content + Application Health
1. Client context in security OS Device Operating Browser Geolocation IP intelligence system
2. Traffic context in security XSS Unauthorized access SYN flood XSS SQL injection Fraud
3. Application context in security v3.1??? App health Server status Software type/version App vulnerability Resource capacity
Securing today s Applications starts with fundamentals.
Blind, inflexible point solutions
Protecting your most critical business assets APPLICATION ACCESS APPLICATION PROTECTION
Using the Right Tool Next generation firewall F5 Application Delivery Firewall Corporate (users) Characteristics Outbound user inspection UserID and AppID Who is doing what? 1K users to 10K web sites Broad but shallow BIFURCATION OF FIREWALLS Internet Datacenter (servers) Characteristics Inbound application protection Application delivery focus 1M users to 100 apps Narrow but deep 12 protocols (HTTP, SSL, etc.)
The Evolution of F5 Security 1996 2001 2003 2004 2012 2013 2014 2015 App Delivery SSL Inspection SSL VPN Web App Firewall Network Firewall, Network DDoS Protection Web Fraud Protection Cloud-Based DDoS Protection Cloud-Based WAF
F5 s Comprehensive Security Solutions Access Federation App Access Management Network Firewall Traffic Management DDoS Protection Web Fraud Protection APPLICATION ACCESS APPLICATION PROTECTION Remote Access Enterprise Mobility Gateway Secure Web Gateway DNS Security SSL Inspection Web App Firewall App Delivery SSL Inspection SSL VPN Web App Firewall Network Firewall Network DDoS Protection Web Fraud Protection Cloud-Based DDoS Protection Cloud-Based WAF F5 Networks, Inc 30
F5 Platforms BIG-IP VE BIG-IP 2000 BIG-IP 4000 BIG-IP 5000 BIG-IP 7000 BIG-IP 10000 VIPRION 2400 VIPRION 4480 VIPRION 4800 BIG-IP VE 10 Mbit (Lab ) 200 Mbps 1 Gbps 3 Gbps 5 Gbps 10 Gbps VmWare Hyper-V AWS Kvm XenServer BIG-IP 2x00 8 x 10/100/100 2 x 10Gb SFP+ 8 GB Ram 4G SSL Bulk Encryption 5M Connections 5G L4/L7 TPUT BIG-IP 4x00 8 x 10/100/100 2 x 10Gb SFP+ 16 GB Ram 8G SSL Bulk Encryption 10M Connections 10G L4/L7 TPUT BIG-IP 5x00 4 x 10/100/1000 8 x 10Gb SFP+ 32 GB Ram 12G SSL Bulk Encryption 24M Connections 30G L4/15G L7 TPUT BIG-IP 7x00 4 x 10/100/1000 8 x 10Gb SFP+ 32 GB Ram 18G SSL Bulk Encryption 24M Connections 40G L4/20G L7 TPUT BIG-IP 10x00 24 x 10Gb SFP+ 48 GB Ram 22G SSL Bulk Encryption 36M Connections 80G L4/40G L7 TPUT 4 x B2250 (blade) 16 x 40Gb QSFP+ 256 GB Ram 144G SSL Bulk Encryption 192M Connections 320G L4/320G L7 PUT 8M L7 RPS 4M L4 CPS 176,000 SSL TPS (2K) 240M HW SYN Cookies 4 x B4340 (blade) 64 x 10Gb SFP+ 384 GB Ram 80G SSL Bulk Encryption 288M Connections 320G L4/160G L7 TPUT 8M L7 RPS 4.4M L4 CPS 120,000 SSL TPS (2K) 320M HW SYN Cookies 8 x B4340 (blade) 128 x 10Gb SFP+ 768 GB Ram 160G SSL Bulk Encryption 576M Connections 640G L4/320G L7 TPUT 14.4M L7 RPS 8M L4 CPS 240,000 SSL TPS (2K) 640M HW SYN Cookies BIG-IP VE 5G 3G SSL Bulk Encryption 3,400 SSL TPS (2K) 10M Connection Max 5G L4/L7 TPUT 325K L7 RPS 100K CPS 2,500 APM Max CCU BIG-IP 2200s 425K L7 RPS 150K L4 CPS 4,000 SSL TPS (2K) 2,000 APM Max CCU BIG-IP 4200v 850K L7 RPS 300K L4 CPS 9,000 SSL TPS (2K) 10,000 APM Max CCU BIG-IP 5200v 1.5M L7 RPS 700K L4 CPS 20,000 APM Max CCU 21,000 SSL TPS (2K) 40M HW SYN Cookies BIG-IP 7200v 1.6M L7 RPS 775k L4 CPS 25,000 SSL TPS (2K) 40.000 APM Max CCU 40M HW SYN Cookies BIG-IP 10200v 2M L7 RPS 1M L4 CPS 42,000 SSL TPS (2K) 75,000 SSL TPS (10200v-ssl) 60.000 APM Max CCU 80M HW SYN Cookies BIG-IP 2000s 212K L7 RPS BIG-IP 4000s 75K L4 CPS 425K L7 RPS BIG-IP 5000s BIG-IP 7000s 2,000 SSL TPS (2K) 150K L4 CPS 750K L7 RPS 800k L7 RPS 500 APM Max CCU 4,500 SSL TPS (2K) 350K L4 CPS 390k L4 CPS 5,000 APM Max CCU 10,000 SSL TPS (2K) 15,000 SSL TPS (2K) 20,000 APM Max 40.000 APM Max CCU CCU CCU Copyright 2015 Hewlett-Packard Development Company, L.P. The information 20M HW contained SYN herein 20M is subject HW SYN to change without 40M HW notice. SYN Cookies Cookies Cookies BIG-IP 10000s 1M L7 RPS 500K L4 CPS 21,000 SSL TPS (2K) 60.000 APM Max 1 x B2250 (blade) 4 x 40Gb QSFP+ 64 GB Ram 36G SSL Bulk Encryption 48M Connections 80G L4/80G L7 TPUT 2M L7 RPS 1M L4 CPS 44,000 SSL TPS (2K) 60M HW SYN Cookies 1 x B4340 (blade) 16 x 10Gb SFP+ 96 GB Ram 20G SSL Bulk Encryption 72M Connections 80G L4/40G L7 TPUT 2M L7 RPS 1.1M L4 CPS 30,000 SSL TPS (2K) 80M HW SYN Cookies 1 x B4340 (blade) 16 x 10Gb SFP+ 96 GB Ram 20G SSL Bulk Encryption 72M Connections 80G L4/40G L7 TPUT 1.8M L7 RPS 1M L4 CPS 30,000 SSL TPS (2K) 80M HW SYN Cookies
Applications Rely on Stateful Layer 4 7 Service LAYER 4 7 STATEFUL SERVICES ADC Local Load Balancing Application Security Application Performanc e Secure Web Gateway Global Load Balancing DDoS Protection Identity and Access Malware Detection Firewall LAYER 2 4 STATELESS SERVICES VIRTUAL AND OVERLAY NETWORKING Router Switch
Hvala na pažnji! Thank you for your attention!