Wer ist Radware?

Hochverfügbarkeit für IPv6,
Exchange und in virtuellen
Umgebungen
Uwe Lindmüller
(Regional Sales Manager)
UweL@radware.com
Benjamin Radtke
(Senior SE North/East Germany)
BenjaminR@radware.com

• Wir sind ein Spezialist für die Verfügbarkeit von Applikationen
• Wir unterstützen beim Aufbau von Netzwerken, die auf
Geschäftsprozesse ausgerichtet sind und garantieren:
• absolute Verfügbarkeit
• maximale Geschwindigkeit
• umfassende Sicherheit
für die geschäftskritischen Applikationen rund um die Uhr
Wer ist Radware?
• Unsere Business smarten Lösungen unterstützen das Netzwerk den
Anforderungen & Prozessen gerecht zu werden, um die Produktivität
zu steigern und die Infrastrukturkosten zu senken

Aktiengesellschaft – Sept. 1999
(NASDAQ: RDWR) gegründet in 1997
Mitglied der RAD Gruppe
14 Firmen (davon 6 an der NASDAQ,
über 4000 Mitarbeiter)
mehr als 700 Mitarbeiter weltweit
davon 340 in F&E
3xTACs Tel Aviv, New Delhi, & New Jersey
globale Präsenz
Vertrieb in über 40 Ländern
Firmeninformation
stetiger Umsatzwachstum
2010 Rekord Jahr
Übernahme von Alteon
(Nortel-Bereich) zum 01. April 2009
Übernahme Protegrity

Radware Alteon Team Deutschland
Martin Kroemer (Regional Director)
Uwe Lindmüller (RSM Nord)
Benjamin Radtke (Systems Engineer)
Markus Spahn (Key Accounts + RSM West)
Steffen Foitzik (RSM Mitte)
Vladimir Bojkovic (Sr. Systems Engineer)
Andreas Eckert (Alteon Support)
Sabine Grübner (Sales Admin)
Mandy Goodyear (Alteon Renewal Admin)
Roland Legler (RSM Süd)
Frank Hellwig (Systems Engineer)
Hubertus Geuenich (Channel Manager)
Michael Geigenscheder (Business Dev.)
Rainer Schmier (Service Manager Europe)
Günther Metelski (Alteon Trainer)
Jan Ole Lorenz (Business Dev.)

Radware Alliance & OEM Ecosystem
Advanced Enterprise Alliances & Technology Partnerships
Advanced ADC Carrier Partnerships

Auszug aus der RDWR Kundenliste (Deutschland)
Banken/Versicherungen Online-Medien Öffentlicher Bereich Industrie / Service
Medien
Gesundheitswesen/
Pharma

Over 10,000 Customers Trust Radware

Business Business Processes, Processes, Applications, Applications, Users Users
Business-Smart
Network
Packet Packet Network Network
Business-Smart Networks
Business-Smart Services:
• Verfügbarkeit
• Skalierbarkeit
• Antwortzeitoptimierung
• Beschleunigung d. Applikation
• Applikations- & Netzwerksicherheit
• Steuerung n. Geschäftsprozessen
• Priorisierung von Daten nach
Benutzer und Applikation
• übersichtlich und einfach zu
Managen

Partner
WAN Customers Link Optimizer /
LoadBalancer
LinkProof Branch
Mitarbeiter
Router
Router
HTTP Monitor
Inflight
LinkProof
Intrusion Prevention
DefensePro
Virtual Director
VM Ware Support
AppXML
AppDirector
ADC-VX
AppWall
Data Center
Produktübersicht
Web Services und XML
Gateway
Message Queuing
System
ESB
LoadBalancer
Application Delievery Controller
Web & Portal
Servers
Web Application
Firewall
Application Servers
Mainframe
Database
servers

Web
Server
Datenbank
Datenbank
z.B. OCS
Server
Loadbalancing – was sind die Herausforderungen?
HTTP / HTTPS
Health Check
z.B. ICMP
Health Check
Datenbank
Check
AppDirector
or
or

Next Generation Backbone
1. IPv4 – IPv6 Dual Stack Umgebung

Pure IPv6 Environment
IPv6
IPv6
Client
Service VIP
S1 S2 S3 S4
Supported Topologies

IPv4 Clients
IPv4, IPv6 or mixed Servers IPv4
IPv4
Client
Service VIP
S1 S2 S3 S4
IPv6
Supported Topologies

IPv6 Clients
IPv4, IPv6 or mixed Servers IPv6
IPv4
Client
Service VIP
S1 S2 S3 S4
IPv6
Supported Topologies

ADC-VX – Virtual ADC mit Radware Hypervisor !

Traditionelle RZ im Vergleich zur Zukunft
“The ability to deploy capacity and server images virtually increases
speed of deployment Static Data by Center a factor of approximately Virtual Data Center 30”
Thomas Bittman, Gartner
• Es werden selten
Änderungen
durchgeführt
•
take Eli Lilly seven wenig and a half weeks to deploy a server internally”
Kommunikation
Dave Powers, at Eli Lilly and Company
zwischen den Teams
• Änderungen werden
manuell durchgeführt
• dynamisch
• häufige Updates
“A new server can be up and running in three minutes - it used to
• betrifft alle
Bereiche:Netzwerk,
Storage,
Applikationen,
Server
Folie 16

Dedicated ADC
ADC Computing Resources in the Virtualized Data
Center
• Dedicated physical ADC device running a single vADC
- “Siloed” data center architecture
Why are 3 form factors required?
- Hybrid (virtualized and physical) data center
• Application SLA requirements
- Applications requiring high performance predictability
• Number of required vADC instances
• Throughput capacity each vADC requires
Radware ADC-VX
• Cost savings objectives
• ADC hypervisor running multiple vADCs on a
specialized ADC hardware
• Data center footprint limitations
• Application deployment model
- ADC consolidation projects
- Virtualized data center requiring high ADC agility
- Applications requiring high performance predictability
Radware Soft ADC
• vADC on a general server virtualization infrastructure
- Cloud providers & virtualized data center requiring high ADC agility
- Development, testing and QA environments
- Applications requiring only best-effort performance

Dynamic vADC
resource allocation
vADC migration
by orchestration
system
Virtualized Application Delivery Infrastructure Unique Services
Instant provisioning
through orchestration
system
Virtualized Application Delivery Infrastructure
Network & Storage
Virtualized Data Center
SAN
Slide 18

Radware’s ADC-VX
The Agility of Virtual; The Predictability of Physical

Infrastructure
D
C
-
vADC – A V Shared/public Applications
Shared/public X
Applications
Customer Data Center
vADC - B
Executive only Applications
Executive only Applications
Internal application
vADC – C
Internal application
vADC – D
Business Unit Specific
Business Unit Specific
Radware ADC-VX
• ADC-VX is the industry’s first ADC hypervisor
• ADC-VX runs multiple virtual ADC instances on one physical device
• Each virtual ADC instance is called vADC
• vADCs provide the same functionality as traditional physical ADC devices

Global SLB, Security,
Application
acceleration
Fully featured ADC
Health Checks, Layer
7 Configurations, etc.
Vlans, ARP tables,
Virtual routing and
forwarding tables
Physical Resources
(CPU, Memory, SSL)
Customer Managed
On Demand
Global SLB
Services
Layer SharePoint 4-7 Services
IP Network Domain 1
Private:
config file
Infrastructure 1Gbps
logging
statistics
Full Encapsulation of vADC Instance
Customer “Monitor Only” Provider Managed
On Demand
Acceleration
Services
Layer Oracle 4-7 Services
IP Network Domain 2
Private:
config file
Infrastructure 2Gbps
logging
statistics
ADC-VX Hypervisor
On Demand
Security
Services
Marketing
Layer 4-7 Services
Applications
IP Network Domain 3
Private:
config file
Infrastructure 2Gbps
logging
statistics

h
The Agility y of Virtual; The Predictability of Physical
R
a
d
w
a
r
e
A
D
C
-
V
X
• Fault isolation
• Network isolation
• Management isolation
• Resource reservation
• SLA assurance
• Instant provisioning
• OnDemand scalability
• Resource abstraction
• Central management

Virtualized Application Delivery Infrastructure
• Reduce ADC CAPEX and OPEX through real ADC consolidation and
virtualization
• Full DC virtualization agility across the application delivery layer
• Accommodate any application: SLA, performance predictability and
resilience needs
• Reduce P2V risks and enable smooth migration
• Enable integration of ADC services into the virtual DC through open API
Slide 23

Radware All vADC VADI instances extends provide the virtual data
center similar agility functionality through and a set are of virtual
remotely infrastructure controlled services
Orchestration system -
Manages and operates all data center elements
Virtualized Application Delivery Infrastructure
Virtualized Application Delivery Infrastructure
Network & Storage
Virtualized Data Center
SAN
Slide 24

SSL Acceleration Demo

Microsoft SharePoint Server 2007
• Better Quality of Experience (QoE) for end users
The Result: Certified to Optimize Leading Applications
• 300% improvement in page load time for remote (WAN) users
• Reduce OPEX
• 65% reduction in bandwidth consumption
• 40% reduction in CPU utilization
• 30% increase in TPS per server
Oracle E-Business Suite (EBS) 12
Slide 26

~40% drop in server
CPU utilization
More TPS can be served by
each server resulting in reduced
CAPEX & OPEX
Demo Conclusions

Content Acceleration Demo using Cache & Compression

~355% improvement
in page load time
Users’ QoE significantly
Improved and bandwidth
consumption and costs
reduced
Demo Conclusions

Inflight – real-time Event Monitoring

Inflight - Implementierung

Client HTTP request
GET /wps/portal/UserCentric HTTP/1.0
Raw HTTP
Analysis System
Compliance
Inflight Generated Audit Event:
Page title: User-Centric Experience
Client IP: 10.210.8.14
Client UID: 1202138491566-0
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5...)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, … Country: Germany
Referer: http://www1.alcatel-lucent.com/us/industries...
City: Bonn
Accept-Language: en-us
Server IP: 84.53.133.82
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; …) Inflight
Response code: 200
Cookie: JSESSIONID=00002HgoBbll62bR1xV2znWdY08:11c8tbtl5… URL: /wps/portal/!ut/p/kcxml/04_S…
Host: www.alcatel-lucent.com
Connection: keep-alive
Raw HTTP

• Konfiguration Transformer Output
4 Schritte zum Erfolg (2/4)
Folie 33

Beispiel Feed

Beispiel Feed

• Enable Transfomer
4 Schritte zum Erfolg (4/4)

Page Title
SysLog Events generiert durch Inflight

einheitliche Benutzer ID
(beschreibt eine Benutzer Session – auch für anonyme Benutzer)
SysLog Events generiert durch Inflight

Priorität
Datum & Zeit
Host Name
Message (kann angepasst werden)

Web Servers Farm 1
Zentralisierung von Log-Informationen
Web Servers Farm 2 Web Servers Farm 3
ein Log-File enthält alle 4 Log-Informationen
Web Servers Farm 4

Standard IIS 6.0 log
erweiterte Informationen
– die nicht in Web Logs verfügbar sind
Date/Time Client IP Method URL Server IP User Agent Response Code
2008-02-04 10:21:57 10.210.8.14 GET /wps/portal/!ut/p/kcxml/04_Sj…- 80 - 84.53.155.82 Mozilla/4.0+(compatible;+MSIE+7.0;+…) 200 0 0
Business Critical Communications France Paris 1202115078561-0 Processing Success User Account Updated
Event Type GEO IP User ID Success/Fail Affected Data
Inflight kann zusätzliche Informationen hinzufügen, z.B. für PCI compliance

Inflight Event-Informationen:
• Datum / Zeit
• Client IP
• HTTP Methode
• URL
• Server IP
• User Agent
• Response Code
• Event Type
• Geo Location
• User ID
• Success / Failure
• Auswahl spezifischer Daten
Event Informationen in Real-Time
• Verknüpfung von Datenmenge und Kosten (in USD)
• wiederkehrende Events in den vergangenen 30 Minuten

Standard Logging für alle Web Plattformen
standardisiertes Log Format

• passive Appliance, einfach zu integrieren
• keine Veränderung der Web Applikation notwendig
• Logging wird als Dienst geliefert
• keine Auswirklungen auf die Produktionsumgebung
• kein Einfluß auf den Benutzer / Kunde
• Verbesserung der Performance für die Web Server,
kein eigenes Sever Logging mehr notwendig
• Non-Human Aktionen werden in Real-Time erkannt (scraping)
• betrügerische Aktionen können analysiert werden
und für eine Profilerstellung genutzt werden
Inflight Vorteile

Partners
Customers
Employees
Enables creating enhanced audit logs from a central
location tracking each individual user activities (Req.
10.1-5)
Inflight
DefensePro
Firewall
Provides the most up-to-date
protection from known vulnerabilities
as well as zero-day attacks and
enforces security policies and
accurate access control (Req. 11.4,
7)
Constitutes a best of breed ADC
solution for addressing PCI DSS
requirement 6.x
AppXML
AppDirector
AppWall
Data Center
Lösungsübersicht
Enforces security policies and accurate
access control for web services (Req.7)
Message Queuing
System
ESB
Encrypts cardholder data and enforcing
security policies and access control
(Req. 4, 7)
Web & Portal
Servers
Application Servers
Mainframe
Database
servers

Vielen Dank !