TMOS: Application delivery infrastructure that performs - F5 Networks

TMOS: Application delivery infrastructure that performs - F5 Networks

TMOSApplication Delivery Infrastructure that Performsonly be upgraded every 5 to 7 years at great expense, an application infrastructure will need to evolveover 3 to 5 year cycles to support the business. The architecture must be able to efficiently takeadvantage of new business opportunities, advances in technology and application enhancements.Specialized Architecture: Controlling the balance of security, performance and availability are the keyelements application delivery infrastructures must deliver to the enterprise. Applications have uniquedemands that cannot be met by general purpose networking equipment. The application deliveryarchitecture works with context provided at the upper layers of the protocol stack to support a widespectrum of applications, from the store and forward nature of mail delivery with only mild performanceand availability challenges, through Web applications with sensitivity to performance disruptions such aslatency and response time, to rich interactive applications based on multimedia content or VoIPcommunications with extreme performance capabilities to avoid jitter and to ensure end-usersatisfaction. Enterprises are advised to be sure the application infrastructure satisfies the flexibility,adaptability and performance requirements necessary to carry business applications forward over anumber of years.Operational Impact: The enterprise application delivery architecture has to meet cost, longevity andscale requirements to be successfully deployed across the enterprise. Operational costs are associatedwith the infrastructure’s ability to scale to enterprise requirements for performance, administration andapplication profiles. Infrastructures that scale properly protect the investment over longer periods of timeand enable application growth without significant operational and administrative costs.An application delivery infrastructure is a long-term architectural decision based on the ability to deliverimpressive performance for today’s applications and the flexibility to meet future application demands.ESG recommends a layered approach to application delivery, such as the type offered by F5 Networks.The heart of F5 Networks’ application delivery solution is its TMOS architecture. With TMOS,organizations can tailor the application delivery infrastructure to their specific needs, while preparing forextensive network upgrades required by new applications to meet business requirements. A strongapplication delivery architecture allows the enterprise to gain a competitive advantage by rapidlyadapting to changes in business, technology or application requirements.This special report, commissioned by F5 Networks, presents the business need for an extensiblearchitecture that supports application growth over several years. The purpose of this special report is toprovide information and make recommendations for an optimal applications delivery strategy.Information in this report is derived from Enterprise Strategy Group research and interviews with securityexecutives of global operations.Enterprise Strategy Group20 Asylum Street, Milford, MA 01757 508-482-0188 www.enterprisestrategygroup.comPage 2

Improving Application DeliveryTMOSApplication Delivery Infrastructure that PerformsEnterprise applications run the gamut of IP-based protocols including SMTP for email,HTTP/SSL and SOAP for Internet applications, and SIP-oriented protocols such as IM and VoIPfor voice and video. Supporting a substantial breadth of applications, from interactive end-usercommunications to automated machine-to-machine communications, requires a specializednetworking infrastructure that can optimize bandwidth utilization, offload backend servers fromrepetitive tasks, and secure the entire application session. ESG has found that the key decisioncriteria for application delivery services include evaluations of performance, security, availability,and management.Performance is the most critical element of an application delivery infrastructure. ESG’sexperience is that high-speed performance has to be intrinsic to network devices. Seldom canperformance be enhanced after deployment without significant product or network redesign.Applications are becoming more dependent on high performance, and voice and video servicedelivery can be very sensitive to disruptions in performance. Performance has additional costsavings benefits derived from efficient bandwidth utilization and optimal use of servers.Security must be intrinsic to application delivery. Security elements include the ability to protectapplications against denial of service attacks, validate compliance of application protocols, cloakdata center topologies from intruders, inspect traffic to protect sensitive servers, and feed auditlogging systems for compliance reporting. Security is a fundamental capability of applicationdelivery that should not be left to additional appliances that can clog up application data paths.Availability refers to the infrastructure’s ability to adapt to spikes in traffic, downtime ofapplications, and reconfigurations of networks. All of these features are essential in delivering anapplication service that is reliable and always ready to do business. Performance, security, andenterprise management are only relevant if high availability is an architecture goal of theapplication delivery network.Management drives enterprise adoption of network overlays for application delivery. Theadministration model needs to provide a common framework that supports multiple application types ina global business environment. Easy upgrades for feature enhancements to applications and theapplication delivery infrastructure are essential to enabling business growth. Expensive forkliftupgrades to the network should not be necessary to bring new applications online, to enhancecorporate security coverage, or to adapt to changing traffic profiles. Implementation of VoIP andSOAP applications present particular proactive management challenges as those technologiesare deployed.Application delivery has many stakeholders in the enterprise, including network management,application lines of business, security oversight, and internal auditing teams. These diverse functions allrequire useful services and operational intelligence from the application delivery infrastructure and thatcan only be achieved if performance, security, availability, and management are integrated into thesolution.Enterprise Strategy Group20 Asylum Street, Milford, MA 01757 508-482-0188 www.enterprisestrategygroup.comPage 3

The F5 Networks Difference: TMOSTMOSApplication Delivery Infrastructure that PerformsF5 Networks is a public company that specializes in network devices designed to enhance applicationdelivery. Their BIG-IP application delivery products are among the leaders in the industry. F5 Networksimplemented TMOS to meet the performance, security, availability, and management needs ofapplications as enterprises drive business through the Internet. The TMOS architecture, as shown inFigure 2, features architectural elements of a proxy approach, high-speed performance, modularfunctionality, and customization tools that are required for enterprise deployment of application deliverynetworks.Proxy architecture. There is only one way to reliably inspect traffic, optimize application performance,and off-load downstream servers, and that is through a proxy architecture. TMOS enables F5 Networksappliances to actively participate in the data flow where it can deliver advanced functionality such astranslating addresses to keep sensitive servers hidden from the Internet, terminating SSL sessions toenable security inspections, encrypting cookies to deliver privacy-enabled transactions, and fulfillingrequests for static data from caches. TMOS uses a proxy architecture so that downstream servers canfocus on supplying application services without regard to the application delivery infrastructure.High-speed performance. Network security devices must be specially designed for high performancebefore features can be added. In ESG’s experience, products that need to be retrofitted for performancenever achieve their market goals. F5 NetworksTMOS separates client-side flows from server-side flows forcustomized acceleration, and minimizes overhead energy spent on process context switching andresource allocation in ways that network devices built on a general-purpose architecture cannot match.TMOS delivers a focus on application delivery that allows intelligent parallel processing for security,availability, and performance.Modular functionality. Protecting enterprise investments in application delivery requires the ability toreadily add features without embarking on costly network infrastructure upgrades. F5 Networks enablesenterprises to plug in software modules or products for functions such as link controls to optimize the useof ISP connections, global traffic management to meet business continuity requirements betweendatacenters, and application firewalls to provide security at the application layer. Enterprises may useapplications in innovative ways that are difficult to foresee today without burdening administrative teamswith multi-year network upgrade projects.Customization tools. Enterprises always tailor applications to specific business needs and networkconfiguration profiles. F5 Networks provides the iRules scripting language that enables networkadministrators to customize their application delivery infrastructure. This may be the best way to meetunique cryptographic requirements, support corporate access control policy, or replace sensitive contentto ensure consumer privacy. DevCentral, ( ) F5 Networks’ developer community,openly shares iRules scripts, users forums, and video tutorials to help network administrators customizeapplication delivery for their specific enterprise environments.Enterprise Strategy Group20 Asylum Street, Milford, MA 01757 508-482-0188 www.enterprisestrategygroup.comPage 4

TMOSApplication Delivery Infrastructure that PerformsFigure 2TMOS ArchitectureSource: F5 Networks, 2006iRulesR ate S haping / R ate LimitingResource CloakingTransaction AssuranceUniversal P ersistenceCachingCompressionS elective Content E ncryptionAdvanced Client AuthenticationApplication Health MonitorsApplication S witchingShared Application ServicesSecurityPerformanceTMOSArchitectureAvailabilityManagementShared Network ServicesTCP E xpressP rotocol S anitizationHigh Performance SSLDoS and DDoS ProtectionVLAN S egmentationLine Rate L2 Switching(Mirroring, Trunking, S TP , LACP )IP P acket FilteringIPv6Dynamic RoutingS ecure Network Address TranslationP ort MappingCommon Management FrameworkWith TMOS, services that used to be hard-coded into an application can be off-loaded into the BIG-IP.Specific capabilities that TMOS shared services have on application delivery include:Load balancing: Improving the availability of application services under various load conditions. ITteams can also add servers for additional processing capacity or remove servers for maintenance withoutreconfiguration of the application environment.Content inspection: The ability to detect sensitive information loss on egress traffic, modify IP headerinformation for application efficiency, or catch network-borne attacks against the application. The TMOSproxy approach inspects the entire application conversation to make decisions that improve servicedelivery, enhance application security, and preserve consumer privacy.Server discovery: Security teams are often the last to know when new copies of application serverscome online. Server discovery helps automate the process to validate compliance with security policiesas new instances of application servers come online.SSL Processing: Offloading cryptographic calculations allow enterprises to realize the cost savings ofSSL for access to applications over the Internet. Sessions can share an encrypted tunnel between F5Networks and the server to save on expensive SSL setup and teardown operations.Common management framework: Reducing the operating expenses of delivering IP-basedapplications through the TMOS-enabled application delivery infrastructure. This includes the ability toupgrade the infrastructure, report to application stakeholders, and adapt to changes in traffic profiles.Enterprise Strategy Group20 Asylum Street, Milford, MA 01757 508-482-0188 www.enterprisestrategygroup.comPage 5

Recommendations and ConclusionsTMOSApplication Delivery Infrastructure that PerformsApplication delivery has unique requirements on performance, security, availability, andmanagement that are difficult to implement in lower layers of the network stack that cannot havethe benefit of application context. Proven best practice implementations involve overlaying anapplication delivery infrastructure on top of network transport services. ESG recommends thatenterprises distinguish between the unique demands of application delivery and the underlyingswitched networks.Form cross-functional teams of network managers, security operations, and line-of-businessapplication owners to identify application delivery requirements. Involve all of the corporatestakeholders to ensure that corporate application architecture can meet the needs of corporatestakeholders.Place requirements for application delivery infrastructure into RFPs for network upgrades.Make networking vendors share product roadmaps for application delivery, including sections forperformance, security, availability, management, and extensibility.Evaluate performance metrics for application delivery infrastructure vendors. Products that donot meet performance requirements do not get to move ahead to security, availability,management, and extensibility evaluations. If the vendor cannot perform in an evaluation, it willnot perform in production.In conclusion, ESG believes that a distinct application delivery infrastructure overlaid with lowerlevel networking processes is the best way forward for enterprises. Proxy oriented approaches,such as those enabled by F5 NetworksTMOS, give enterprises the performance, security,availability, management, and extensibility capabilities they require in an application deliveryinfrastructure.All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources TheEnterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, whichare subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. and was sponsored by F5Networks. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwiseto persons not authorized to receive it, without the express consent of the Enterprise Strategy Group, Inc., is in violation of U.S. Copyrightlaw and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, pleasecontact ESG Client Relations at (508) 482.0188.Enterprise Strategy Group20 Asylum Street, Milford, MA 01757 508-482-0188 www.enterprisestrategygroup.comPage 6

More magazines by this user
Similar magazines