Page 1

F5 VMware Solution Overview

Alen Lin 林志斌 台灣技術經理 F5 Networks Taiwan


2

Common Practical Issues • How H can I provision i i more seamlessly? l l ? • How can I make application pp p performance better? • How can I automate more administrative tasks? • How can I simplify network configuration for VMs? • How can I take full advantage of VMotion? • How can I secure my virtual desktop deployments? • How can I streamline virtual desktop access steps?


3

F5 & VMware • F5 & VMware are active, global partners g p partners • 4 yyears of historyy as managed • Primary partnership goals  Compatibility / Interoperability Testing  New Solution Development  New N S Solution l ti D Documentation t ti

• Across all major F5 and VMware products • Ongoing cooperative solution development pp • Coordinated back-end customer support


4

Recent Highlights •

F5 named Global Technology Innovator Partner of the Year  VMware awards highest honor to F5 at 2011 Partner Exchange  Recognition for deep integration and solution development

“VMware-Ready” certifications  LTM Virtual Edition and FirePass VE

Recent Releases  View desktop solution (Edge Gateway and APM for LTM VE))  vCloud Director – joint cloud bursting solution  Management Plug-in for vSphere


5

Current Mapping F5/VMware Solutions to Features Top 6 Most Common Customer Virtualization Project Types Application Virtualization (vSphere)

Server Consolidation (vSphere)

Server Offload

Management Integration

Automated Provisioning

Top 10 F5 Solutions for VMware

Data Center Consolidation (vSphere)

BC/DR (SRM)

Cloud (vCD)

 

  

SRM Integration Global Availability

Long Distance vMotion

WAN Optimization

Multi-Tenant ADC

Desktop Virtualization (View)

 

Single Sign-On

Secure Access


6

Server Virtualization & F5


7

Improving VM Density

Offloa ad

Typical yp virtualized server

Same server with BIGBIG-IP     

SSL Caching Compression One Connect TCP Optimization


8

Reduced CPU Utilization on SAP Portal 68 %

38 %

Joint testing conducted at SAP Co-Innovation Lab


9

Automating Network Changes: vCenter • BIG-IP LTM & VMware vCenter can be integrated for automatic provisioning of local VMs on demand • Respond to changes in traffic volume • Provision to mean rather than peak • Reduce manual labor


10

F5 Management Plug-In for vSphere


11

F5 Management Plug-In for vSphere •

Free Software Plug-In for VMware vSphere

Attaches to vCenter Server – modifies vSphere Client GUI

Operates with both physical and virtual LTM editions

Streamlines the administrative steps of adding VM nodes from load b l balancing i pools l

Automates actions based on pre-defined policies

Reduces risk off error

Reduces manual effort

Officially supported by F5 (in it’s unmodified state)


12

vSphere Client GUI


13

Plug-In Home Screen


14

Illustration: LTM & vCenter Integration Demand ↑ ↑ ↑

Automation VM Provision F5 Provision D d↓↓↓ Demand Detection Automation F5 Deprovision VM Deprovision

Monito oring & Management

Detection

Web Clients iControl

+

Frontends Virtualization

BIG-IP LTM

F tE d FrontEnd

vCenter iControl

Web Clients

F tE d FrontEnd

FrontEnd

AppServers Virtualization

BIG-IP LTM

AppSpeed pp p (optional) App. Server

App. Server

Storage Virtualization

App. Server


15

Automating Network Changes: SRM • BIG-IP GTM & VMware SRM integrated to enable failover between sites • GTM makes traffic follow SRM failover • Automatic • Minimize Application Downtime


16

Automating Network Changes: Inter-Data Center Traffic Management •

Serving an application across multiple p data centers

Cloud Bursting

A t Automated t dF Failover il

Global Traffic Optimization

Intelligent Persistence

Federated Cloud Authentication

Control via – iControl API – Pre-defined global traffic policies – iRules

BIG-IP Global Traffic Manager

vCenter--1 vCenter

vCenter--2 vCenter


17

Illustration: GTM & SRM Integration

SRM Failover

Ongoing Replication

Site 1

Site 2

(a) GTM Health checks reveal unhealthy site 1. (b) GTM self-executes self executes a redirection to site 2 2.


18

Acceleration & Encryption • • • • •

F5 testing results of common bandwidth/latency combinations iSessions™ or WAN Optimization Module™ SSL encryption Acceleration: TCP Optimization Optimization, Deduplication Deduplication, Compression Able to successfully VMotion in conditions where previously failed Bandwidth (Mbps)

Link Latency (RTT ms)

Link Packet Loss (%)

Average Time without WOM in Minutes

Average Time with WOM in Minutes

Acceleration Factor

45 (T3)

100

0%

13:43

3:35

3.8X

100

25

0%

6:10

1:18

4.7X

155 (OC3)

100

0%

13:25

3:29

3 9X 3.9X

622 (OC12)

40

0%

5:57

1:57

3.1X

1000 (Eth (Ethernet) t)

20

0%

2:38

0:38

3.5X


19

LTM-Virtual Edition • • • •

Available as a trial trial, developer or production editions Runs on any server compatible with ESX Managed g jjust like a physical y LTM Same functionality.

ESX v4, ESXi v4


20

Benefits • BIG-IP LTM provides high availability, security and performance for the app. • Availability - BIG-IP GTM provides high availability for redirecting traffic in case there’s a problem with the primary site site. • Distance - The cloud does not have to be within metro distance latency for this solution to work work. • Choice of cloud providers – only requirement here is that they are running vCloud Director or a VMware vCloud API-compatible environment.


www.f5.com/vmware f5 /


22

Server Consolidation


23

Advanced Application Delivery Features


24

Cloud Customers Benefit From F5


25

Architecture Plug-In vCenter Linux Server

BIG-IP Mgmt Console

BIG-IP Local Traffic Manager

vSphere Cli t Client


26

Cloud Computing & F5


27

Escaping p g Boundaries Between DCs New Use Cases for Well Established Functionality

• • •

Mi ti Migration Disaster avoidance Capacity expansion

K Technical Key T h i lP Problems bl S Solved: l d • Performance problems caused by latency or bandwidth • Dynamic, transparent rerouting of client traffic from site 1 to site 2 • Loss of app pp sessions or connections when migrating to another location


28

On-Demand Scalability in the Cloud

Scale‐up by simply  plugging in a new blade.   p gg g Zero configuration

On‐Demand O D d Scaleability

Internal Cloud

O On‐Premise Servers i S

LAN

External Cloud te a C oud


29

Dynamic & Intelligent Traffic Management between Cloud & DC Dynamically load balance between data centers based on application availability, time of day, etc. Take into account all tiers of the application

BIG‐IP Link Controller

Enterprise Manager DMZ

Remote Users

Internet or WAN Internet or WAN

Firewalls BIG‐IP SAM BIG‐IP Global Traffic Manager BIG‐IP Link Controller

Enterprise Manager DMZ

BIG‐IP Local Traffic Manager

FirePass

Firewalls i ll

BIG‐IP Global Traffic Manager

BIG‐IP Local Traffic Manager

Blade Servers

D t b Database Servers

HQ Site 1

Database

Servers

Blade Servers


30

Secure & Optimized Tunnel between Cloud & DC “BIG-IP iSessions” Integrated and free with BIG-IP LTM v10

Symmetric Compression • Adaptive • Deflate • LZO SSL Encryption Note: Not available on the 1500 and 3400


31

M lti T Multi-Tenancy “Route Domains” BIG-IP BIG IP v10: Managing Networks in the Cloud •

Host multiple departments/organizations on one BIG-IP without conflicts

Granular control to p provide separate p routing g domains and overlapping pp g IPs

Department A

Department B


32

Solution: Federated Authentication and Authorization • •

Retain user data in private cloud Leverage public cloud compute resources

vCenter--1 vCenter

Directory S i Service

Direct auth, session creation in private cloud p

Direct (authenticated) app workload to public cloud

vCenter--2 vCenter


33

F5/VMware Cloud Bursting Solution (Hybrid Cloud)

Hybrid Cloud APP Loads

APP Loads

APP Loads

Management

Management

vSphere

vSphere

Private Clouds

Public Clouds


34

Customer Needs – the perfect storm Desire to keep CapEx / OpEx low ( (servers, power, rent) t)

Facing unpredictable application demand

App SLA’s must be maintained

Want to leverage the cloud – but carefully


35

Solution: Cloudbursting with vCloud Director • Integrated solution that enables automatic cloud bursting • Combine Several Components • • • •

• • • •

vCloud Director vCloud API vSphere vShield Shi ld Edge Ed

• Gemstone SQLFabric • F5 BIG-IP LTM • F5 BIG-IP GTM • F5 BIG-IP WOM

Enables start/stop of bursting (keep costs low) Enables “right-sizing” in the cloud (scale-out) Completely seamless for application users Bursting hinges on application performance trigger


36

VMware vCloud Director Overview Organization 1

Organization m

Users

Admin

• Secure Private Cloud

U User P Portals t l

C t l Catalogues

S Security it

• Virtual Vi t lD Datacenter t t 1 (Gold)

Vi t l D Virtual Datacenter t t n (Silver)

• vCloud API

• VMware Cloud Director vCenter Server

vCenter Server

vCenter Server

vSphere

vSphere

vSphere

Multi tenant: secure Multi-tenant: organizational separation On-demand: Self-service virtual machine and virtual application li i d deployment l Hybrid: Compatible cloud service internally and at service providers Controlled: self-service within boundaries of virtual data center S Secure: organizational i ti l and app level security and control Manageable: role role-based based access and authentication using enterprise directory


37

Solution Workflow 1. Begin with application in private cloud only 2. Ramp up application traffic until it exceeds performance threshold 3 “Burst” 3. Burst to public cloud cloud, dynamically adding application nodes – Traffic management is globally balanced between private and public clouds 4. Continue ramping up traffic and expanding capacity in public cloud 5. Decrease application traffic, contracting the application by removing public nodes and eventually returning to steady state in private cloud


38

Solution Architecture at a Glance

LTM WAN Optimization

n+1

Private Data Center

Public Cloud


39

Hybrid Cloud Architecture  Definition: Serving an application across multiple clouds, data centers, or both

 Use Cases • Automated Failover • Federated Cloud Authentication • Elastic Applications

 Architectural features • Global traffic management • Intelligent application and session persistence

• Network API • Global traffic policies • L7 content inspection and routing

vCenter--1 vCenter

vCenter--2 vCenter


40

Scaling the Cloud • Global load balancing – Can be policy-based for automated changes (re: SRM) – Minimize unused resources – Geo-location improves user experience – Provision to Mean vs. Peak

• Scenarios S i – Capacity Expansion – BC/DR – Cloud Bursting


41

Customer Benefits • BIG-IP LTM provides high availability, security and performance for the app. • Availability - BIG-IP GTM provides high availability for redirecting traffic in case there’s a problem with the primary site site. • Distance - The cloud does not have to be within metro distance latency for this solution to work work. • Choice of cloud providers – only requirement here is that they are running vCloud Director or a VMware vCloud API-compatible environment.


42

Solution Architecture at a Glance

vCD LTM WAN Optimization

n+1

Private Data Center

Public Cloud


43

Solution Components • • • • •

VMware vCloud Director (aka “Redwood”) Redwood ) – Private and Public Cloud infrastructure built on vCenter and vSphere Java PetStore Demo Application powered by Tomcat SQLFabric – Database caching and synchronization between clouds F5 5G Global oba Traffic a c Manager a age – Global load balancing between private and public clouds F5 Local Traffic Manager – Local L l lload db balancing l i off application li ti iinstances t iin each h cloud l d – WAN optimization between clouds for acceleration of database caching API integrations – vCloud API – iControl API


44

Long Distance VMotion D t il d Review Detailed R i


45

Escaping p g Boundaries Between DCs New Use Cases for Well Established Functionality

• • •

Mi ti Migration Disaster avoidance Capacity expansion

Key Technical Problems Solved: • Performance problems caused by latency or bandwidth • Network retransmission of client traffic from site 1 to site 2 • L Loss off app sessions i when h migrating to another location


46

How it works – the fundamental steps 1. Storage VMotion to Site 2 2. VMotion to Site 2 3. LTM routes incoming connections for existing sessions to Site 2 VM 4. GTM routes new connections to Site 2 5. Register host and VM in vCenter Site 2 (optional)


Logical representation, not physical

Internet EtherIP Tunnel

EtherIP Tunnel

vCenter Server

47


48

Acceleration & Encryption • • • • •

F5 testing results of common bandwidth/latency combinations iSessions™ or WAN Optimization Module™ SSL encryption Acceleration: TCP Optimization Optimization, Deduplication Deduplication, Compression Able to successfully VMotion in conditions where previously failed Bandwidth (Mbps)

Link Latency (RTT ms)

Link Packet Loss (%)

Average Time without WOM in Minutes

Average Time with WOM in Minutes

Acceleration Factor

45 (T3)

100

0%

13:43

3:35

3.8X

100

25

0%

6:10

1:18

4.7X

155 (OC3)

100

0%

13:25

3:29

3 9X 3.9X

622 (OC12)

40

0%

5:57

1:57

3.1X

1000 (Eth (Ethernet) t)

20

0%

2:38

0:38

3.5X


49

Initial Environment

BIG-IP Global Traffic Manager

BIG-IP Local Traffic Manager

BIG-IP Local Traffic Manager

vCenter A

vCenter B


50

Step 1: F5 BIG-IP Local Traffic Manager Opens WAN Optimization Tunnel

BIG-IP Global Traffic Manager

1

BIG-IP Local Traffic Manager

vCenter A

• Compressed • De-Duplicated • Encrypted c ypted

BIG-IP Local Traffic Manager

vCenter B


51

Step 2: Storage VMotion Executed Across WAN Optimized Tunnel

BIG-IP Global Traffic Manager

BIG-IP Local Traffic Manager

BIG-IP Local Traffic Manager

vCenter A

vCenter B

2

This step p can be avoided if storage is already being synchronously replicated between sites


52

Step 2: Pending App VMotion, t transactions ti rely l on VM in i Site Sit A, A but b t Storage St in i Site Sit B

BIG-IP Global Traffic Manager

BIG-IP Local Traffic Manager

BIG-IP Local Traffic Manager

vCenter A

vCenter B

vCenter A still managing VM


53

Step 3: Application VMotion Executed Over WAN Optimized Tunnel

BIG-IP Global Traffic Manager

BIG-IP Local Traffic Manager

BIG-IP Local Traffic Manager

vCenter A

vCenter B

3


54

Step 4: GTM health checks register the move, and Cut Over to Site Site-B B

BIG-IP Global Traffic Manager

4

BIG-IP Local Traffic Manager

vCenter A

BIG-IP Local Traffic Manager

vCenter B


55

F5 BIG-IP Global Traffic Manager Routes All NEW Application Connections/Sessions Directly to Site B. B

BIG-IP Global Traffic Manager

BIG-IP Local Traffic Manager

BIG-IP Local Traffic Manager

vCenter A

vCenter B


56

F5 BIG-IP Local Traffic Manager in Site A retransmits incoming connections for EXISTING Sessions to Site B Until Clients Register DNS Change

BIG-IP Global Traffic Manager

BIG-IP Local Traffic Manager

BIG-IP Local Traffic Manager

vCenter A

vCenter B


57

Eventually, ALL Connections Go Directly to Site B. The Process Can C Be Reversed When Necessary.

BIG-IP Global Traffic Manager

BIG-IP Local Traffic Manager

BIG-IP Local Traffic Manager

vCenter A

vCenter B

Successful Application Migration Complete


58

Option: Have Original IP Space (Site A)

BIG-IP Local Traffic Manager

vCenter A

Reclaimed and Re-Used for Other Applications


59

WAN Optimization Module™ Acceleration of VMotion and Storage VMotion •

F5 tested many different bandwidth/latency combinations

Base Scenario: • • • • •

1 GB Virtual Machine Windows & Linux Servers Source host CPU 100% utilized 10 individual test runs averaged for each scenario First Pass only (deduplication)

SSL encryption

Acceleration – TCP Optimization – Byte-level deduplication – Dynamic compression


60

Requirements •

Duplicates in Primary & Secondary sites: – – – –

F5 BIG-IP Local Traffic Manager F5 BIG-IP Global Traffic Manager F5 BIG-IP WAN Optimization Module LTM iRule collecting any TCP connections that arrive to primary site after VM has been migrated, and forwards these connections to the secondary site. – vSphere, VMotion, Storage VMotion – Shared storage mounted via iSCSI or NFS that both ESX servers can mount

• • •

TCP Ports 8000 (VMotion) & 443 (LTM) must be open Guest IP & Network config (e.g. port groups) on hosts in migration must be identical For VMotion, VMware officially supports 622Mbps or higher WAN (type of WAN is irrelevant)


61

Online Follow-Up Follow Up Resources: Long Distance VMotion Solution • Overall F5/VMware Solution Guide –

http://www.f5.com/pdf/solution-center/f5-for-virtualized-it-environments.pdf

• Online Demo –

http://devcentral.f5.com/weblogs/nojan/archive/2010/02/02/introducing-long-distance-vmotion-withvmware.aspx

• Deployment Guide –

http://www.f5.com/pdf/deployment-guides/vmware-vmotion-dg.pdf

• Whitepaper –

http://www.f5.com/pdf/white-papers/cloud-vmotion-f5-wp.pdf


62

Desktop Virtualization & F5


63

33% of organizations plan to deploy hosted virtual desktops in 2010 Gartner April 2010


64

Common Desktop Virtualization Challenges •

User Experience – Performance over the Wide Area Network – Access methods / complexity – Login steps / annoyance

Security S it – Encryption of all WAN traffic – Unified Access (Local vs. Remote, Desktop vs. Smart Phone) – Integration with existing authentication infrastructure – Endpoint integrity inspection

Scalability/Availability – Scaling VDM servers without more power or rackspace – Ensuring total availability of connection brokers


65

Traditional Model is Inflexible Users

Resources

Private

Physical

Virtual

Multi-Site DCs

Public

Cloud


66

Finding a Better Solution

Degree of Control

Dynamic Services Model

Outsource Everything

Traditional Infrastructure

Degree of Flexibility


67

Remote Office

Remote Clients

Internet

Remote Office Clients

WAN BIG-IP Edge Gateway

L Local lM Mode d D Desktop kt

Primary Site BIG-IP Edge g Gateway y Local LAN Clients

BIG-IP Local Traffic Manager Centralized Virtual Desktops

Local Mode Desktop

Connection Servers

Connection Servers

Unencrypted RDP or Natively Encrypted PCoIP) Encryption (DTLS or SSL)


68

VMware Recommends UDP Native Support • • •

Scott Davis, CTO End User Computing Business Unit October 25, 2010 http://communities.vmware.com/blogs/cto-scott/2010/10/25/a-simple-experiment

“There are numerous ways to configure such VPN’s, however PCoIP utilizes UDP for the graphics packets and optimizes parallelism and retransmits at the higher layers of th protocol. the t l H Hence we recommend d using i a VPN technology t h l that th t supportt UDP packets natively, not to tunnel the UDP traffic over TCP/IP as doing so will typically cause responsiveness issues…”

Native UDP support is available in F5 FirePass and BIG-IP Access Policy Manager.


69

U User E Experience i


70

Simplify Sign-On Frustrations Step 1 Local Login

Step 2 VPN Login

SSO Login Once

Step 3 Desktop Login


71

Simplify Restarts: At Home ((wireless))

?

Ongoing Logins!

?

On the way to work (Ai (Aircard) d)

Constantly Re‐connecting

?

? ?

In the office (docked LAN connection)

Presenting In the Cafe (wireless)

(corporate wireless)


72

Simplify Restarts: Reconnect Automatically At Home

On the way to work

((wireless))

(Ai (Aircard) d)

Auto‐Connect!

Always Connected Application Access

In the office (docked LAN connection)

Presenting In the Cafe (wireless)

(corporate wireless)


73

Accelerate Connection Restarts Source IP

Persistence to Desktop

Proxy/NAT

1 2 App Info JSessionID Etc.

Edge Gateway

Send the user to his existing desktop session – much faster restarts


74

Traffic QoS

Edge Client

Edge Client

Edge d Client

Rate Shape to ensure client-side View traffic receives priority over client-outbound li t tb d outbound tb d ttraffic ffi

View Desktops


75

Security


76

Unify Access to the Data Center BIG IP Edge Gateway BIG-IP

DMZ

Mobile Users Internet

View Servers

Branch Office Users

Internal LAN VLAN1

Use existing user directories Wireless Users Internal LAN VLAN2

LAN Users

• • • •

One solution to manage all access policies regardless of access network Capacity and performance to secure all user traffic Optimizes application delivery to remote and mobile users Improves quality of real-time applications; soft phones and streaming media


77

Maintain Native PCoIP Performance PCoIP

DTLS Encryption

PCoIP

DTLS Encryption

Mobile Users

SSL Encryption

Remote e ote Use Users s

Support for DTLS (UDP) encryption Support for SSL (TCP) encryption Avoids the alternative method of encapsulating UDP into TCP for SSL encryption (thus degrading UDP) UDP).

PCoIP

RDP

DTLS Encryption n

Branch Office Users

LAN Users

Connection B k Brokers

View Servers


78

Optimize Authentication & Authorization •

Integration g with existing g authentication mechanisms – AD, LDAP, RADIUS, 2-Factor, Client Certs, Etc. – Full support PKI infrastructures

Check the device prior to logon – OS, AV, firewall, process, file, registry, client/machine certs, etc.

Remediate if necessary, automatically

Use protected workspaces when the device is not completely trustworthy

• •

Enforce E f Group G Policies P li i on allll assets t (even ( non-corporate t assets) t ) Full FIPS compliant solution


79

Unified AAA Services for View •

Pre-Logon Checks: – OS, AV, firewall, process, file, registry, extended windows info, client and machine certs, etc. Remediation: – Group Policy enforcement (Corp & Non-Corp Assets) – Protected Workspace Intuitive, Visual Policy Editor


80

Availability a ab ty & Sca Scalability ab ty in the DataCenter


81

Enable Scalability by Offloading Processes from View Manager Servers 1. Improve efficiency by offloading SSL 2. HA & load balancing for View Manager servers


82

Bandwidth Reduction for RDP in View

LTM can also reduce bandwidth consumption up to 12:1 using its WAN O ti i ti M Optimization Module d l

1. 2. 3. 4.

Compression Deduplication TCP Optimization Encryption


83

Ensure Global Availability

Failover

WAN Accelerated Ongoing Replication

Sit 1 Site

Sit 2 Site

((a)) GTM Health checks reveal unhealthy y site 1. (b) GTM self-executes a redirection to site 2.


www.f5.com/vmware f5 /

2011.05.24 F5 Solution Day - F5 with VMware Solution  

F5 Networks 技術經理 林志斌

Read more
Read more
Similar to
Popular now
Just for you