5 Secure Applications Optimize Application Delivery Across ... · 7 BIG‑IP GTM Platforms 8...
8
What’s Inside: 1 Key Benefits 2 Globally Available Applications 4 Simple Management 5 Secure Applications 6 Network Integration 6 Architecture 7 BIG‑IP GTM Platforms 8 Professional Services and Support 8 More Information DATASHEET Optimize Application Delivery Across Your Globally Distributed Data Centers Deploying multiple data centers is a big step toward protecting your business from site outages and improving application performance. But to fully achieve these goals, your organization needs an efficient way to monitor infrastructure and application health, and to control this distributed infrastructure according to your business needs. BIG‑IP ® Global Traffic Manager ™ (GTM) provides a more intelligent way to respond to DNS queries than simple load balancing among multiple data centers. BIG‑IP GTM distributes end‑user application requests based on business policies, data center conditions, network conditions, and application performance. This gives you holistic control of your global traffic to ensure high availability and maximum performance for applications running across multiple dispersed data centers. The result is better application performance, less downtime, and simplified management. BIG‑IP Global Traffic Manager 1 Key benefits Ensure application availability across multiple data centers By ensuring that users are connected to the best site, BIG‑IP GTM can help you create a strong disaster recovery and business continuity plan. Take control of global app delivery Route users based on business, application, and network requirements, giving you flexibility and control over application delivery. Improve application performance Send users to the site with the best application performance based on application and network conditions. Manage your complex distributed network simply and efficiently Multiple management tools, including a streamlined GUI and powerful command line interface, give you complete visibility and a single point of control for all of your resources.
Transcript of 5 Secure Applications Optimize Application Delivery Across ... · 7 BIG‑IP GTM Platforms 8...
What’s Inside:
1 KeyBenefits
2 GloballyAvailableApplications
4 SimpleManagement
5 SecureApplications
6 NetworkIntegration
6 Architecture
7 BIG‑IPGTMPlatforms
8 ProfessionalServicesandSupport
8 MoreInformation
DATASHEET
OptimizeApplicationDeliveryAcrossYourGloballyDistributedDataCentersDeployingmultipledatacentersisabigsteptowardprotectingyourbusinessfromsiteoutagesandimprovingapplicationperformance.Buttofullyachievethesegoals,yourorganizationneedsanefficientwaytomonitorinfrastructureandapplicationhealth,andtocontrolthisdistributedinfrastructureaccordingto yourbusinessneeds.
BIG‑IP®GlobalTrafficManager™(GTM)providesamoreintelligentwaytorespondtoDNSqueriesthansimpleloadbalancingamongmultipledatacenters.BIG‑IP GTMdistributesend‑userapplicationrequestsbasedonbusinesspolicies,datacenterconditions,networkconditions,andapplicationperformance.Thisgivesyouholisticcontrolofyourglobaltraffictoensurehighavailabilityandmaximumperformanceforapplicationsrunningacrossmultipledisperseddatacenters.Theresultisbetterapplicationperformance,lessdowntime,andsimplifiedmanagement.
BIG‑IPGlobalTrafficManager
1
Key benefits
Ensure application availability across multiple data centersByensuringthatusersareconnectedtothebestsite,BIG‑IPGTMcanhelpyoucreateastrongdisasterrecoveryandbusinesscontinuityplan.
Take control of global app deliveryRouteusersbasedonbusiness,application,andnetworkrequirements,givingyouflexibilityandcontroloverapplicationdelivery.
Improve application performance Senduserstothesitewiththebestapplicationperformancebasedonapplicationandnetworkconditions.
Manage your complex distributed network simply and efficientlyMultiplemanagementtools,includingastreamlinedGUIandpowerfulcommandlineinterface,giveyoucompletevisibilityandasinglepointofcontrolforallofyourresources.
DATASHEET BIG-IP Global Traffic Manager
2
Globally Available Applications
Organizationsrelyonapplicationstostaycompetitive,soensuringavailabilityiscritical.BIG‑IP GTMofferssophisticatedhealthmonitoringthatsupportsawidevarietyofapplicationtypes,givingyourorganizationtheflexibilitytoadaptquicklyandstaycompetitive.
Global load balancing
Userexperiencesufferswhenorganizationswithdistributeddatacentersareunabletoallocateglobaltrafficbyroutingtheusertothebestandclosestdatacenterbasedonspecificbusinesspolicies.Changingnetworkanduserconditionscanoverwhelmadatacenterduringpeaktraffictimes.BIG‑IPGTMprovidescomprehensiveapplicationmanagementservicesthatsupportevolvingapplicationrequirements.
Dynamic ratio load balancing
BIG‑IPGTMroutesuserstothebestglobalresourcebasedoncomprehensivesiteandnetworkmetrics.Forexample,theQoSloadbalancingmodeincludesahopscoefficient,basedonthenumberofhopsbetweentheclientandthelocalDNS.Managerscanusehopratetosendtheusertothedatacenterthatrequiresthefewesthops,ensuringmorerapidaccess.DynamicRatioloadbalancingmodesolvestheproblemof“winnertakesall”commontootherglobaltrafficmanagementsystems.DynamicRatiosendsaportionoftraffictothebestperformingsite,secondbestperformingsite,andsoon—inproportiontothehealthandperformanceofnetworkandserverresources.
Wide area persistence
Userconnectionscanpersistacrossapplicationsanddatacentersandbeautomaticallyroutedtotheappropriatedatacenterorserver,basedonapplicationstate.BIG‑IPGTMsynchronizespersistenceinformationacrossalldevices,ensuringthatusersaredirectedbacktothesamesiteregardlessoftheirentrypoint.Finally,itpropagatesthedesiredpersistenceinformationtolocalDNSservers,reducingtherequiredfrequencyofsynchronizingback‑enddatabases.Sessionintegrityisalwaysmaintained,withnomorebrokensessionsorlostorcorrupteddata.Theresultisimprovedapplicationperformanceandmoreefficientuseofyourinfrastructure.
Geographic load balancing
Determiningthelocationofusersiscriticaltoensuringtheyareconnectedtothebestdatacenterandservedtherightcontent.BIG‑IPGTMincludesanIPgeolocationdatabasefromindustryleaderQuovatoaccuratelyidentifyexactlywhereauserislocated.EachIPcanbelocatedatthecontinent,country,andstate/provinceleveltoenableverygranulartrafficpoliciesandimproveapplicationperformance.
Custom topology mapping
BIG‑IPGTMoffersorganizationsdeployingintranetapplicationstheabilitytosetupcustomtopologymappings.Bydefiningandsavingcustomregiongroupings,youcanconfiguretopologybasedontrafficdistributionpoliciesthatmatchyourinternalinfrastructure.
Infrastructure monitoring
BIG‑IPGTMchecksthehealthoftheentireinfrastructure,eliminatingsinglepointsoffailureandroutingtrafficawayfrompoorlyperformingsites.Bycollectingperformanceand
Advanced global load balancing
BIG-IP GTM includes the industry’s most advanced traffic distribution capabilities to match the needs of any organization or globally deployed application.
· Round robin
· Global availability
· LDNS persistence
· Application availability
· Geography
· Virtual server capacity
· Least connections
· Packets per second
· Round trip time
· Hops
· Packet completion rate
· User-defined QoS
· Dynamic ratio
· LDNS
· Ratio
· Kilobytes per second
DATASHEET BIG-IP Global Traffic Manager
3
availabilitymetricsfromdatacenters,ISPconnections,servers,caches,andevenusercontent,BIG‑IPGTMensureshighavailabilityandadequatecapacitypriortodirectingtraffictoasite.
Application health monitoring
Today’ssophisticatedapplicationsrequireintelligenthealthcheckingtodetermineavailability.Insteadofrelyingonasinglehealthcheck,BIG‑IPGTMaggregatesmultiplemonitorssoyoucanchecktheapplicationstateatmultiplelevels.Thisresultsinhighestavailability,improvedreliability,andtheeliminationoffalsepositivestoreducemanagementoverhead.BIG‑IPGTMprovidespre‑defined,out‑of‑the‑boxhealthmonitoringsupportformorethan18differentapplications,includingSAP,Oracle,LDAP,mySQL,andmore.BIG‑IPGTMperformstargetedmonitoringoftheseapplicationstoaccuratelydeterminetheirhealth,reducedowntime,andimprovetheuserexperience.Itwillalsoallowyoutogrouprelatedobjectssothatifoneapplicationfails,otherappsthatdependonitwillbemarkedoutofservice.Thisenablesyoutoalignandmonitorapplicationobjectsaccordingtobusinesslogicandprofitability,buildscalabletrafficdistributionpolicies,andbettermanageapplicationdependencies.
Disaster recovery/business continuity planning
Inadditiontoperformingcomprehensivesiteavailabilitychecks,youcandefinetheconditionsforshiftingalltraffictoabackupdatacenter,failingoveranentiresite,orcontrollingonlytheaffectedapplications.
BIG-IPGlobal Traffic Manager
BIG-IP LTM
BIG-IP LTM
BIG-IP LTM
BIG-IPGlobal Traffic Manager
User Seattle
Site 2 – New York
Site 2 – Milan
Site 1 – San Francisco
BIG-IPGlobal Traffic Manager
Router
Router
Router
Corporate Servers
Corporate Servers
Corporate Servers
1
4
BIG-IP GTM ensures users are always connected to the best site (See illustration).
(1) User queries local DNS to resolve domain, and local DNS queries BIG-IP GTM.
(2) BIG-IP GTM uses metrics collected for each site and identifies the best server.
(3) BIG-IP GTM responds to local DNS with IP address.
(4) User is connected to site.
DATASHEET BIG-IP Global Traffic Manager
4
Simple Management
Managingadistributed,multiple‑sitenetworkfromasinglepointisanenormouschallenge.BIG‑IPGTMprovidestoolsthatgiveyouaglobalviewofyourinfrastructurewiththemeanstomanagethenetworkandaddpolicestoensurethehighestavailabilityforyourbusiness‑criticalapplications.
Web-based user interface
BIG‑IPGTMprovidesasimplewayforyourorganizationtomanageitsglobalinfrastructurefromacentralizedlocation:
•Efficientlistandobjectmanagementforcompletevisibilityofglobalresources
•Uniquenamingofglobalobjectstoreduceadministrationandbuildtheinfrastructurearoundbusinesspolicies
•Sortingandsearchingforfastaccesstoglobalobjects
•Streamlinedsetupandobjectcreationtoreduceconfigurationtimes
•Enhancedmanagementofdistributedapplicationsaspartofonecollectivegroup
•Context‑sensitivehelpforinformationonobjects,commands,andconfigurationexamples
Powerful command line interface
TMSH,atree‑basedcommandlineinterfaceforBIG‑IPGTMhasintegratedsearch,context‑sensitivehelp,andbatch‑modetransactions.Byprovidingashellthatissimpletonavigateandenablingyoutoscriptcomplexcommands,TMSHcansignificantlyreducemanagementtime.
Automated setup and synchronization
AutosyncautomatessetupandsecuresynchronizationofmultipleBIG‑IPGTMdevices.WithAutosync,youcanmakeconfigurationchangesfromanyBIG‑IPGTMdeviceinthenetwork,eliminatingdifficulthierarchicalmanagementcommontoDNS.
Configuration retrieval
AutoDiscoveryenablesBIG‑IPGTMretrieveconfigurationsfromanynumberofdistributedBIG‑IPsystems,removingtheneedtorepeatconfigurationsacrossdevices.
Data center and sync groups
BIG‑IPGTMallowsforthecreationoflogicalgroupsofnetworkequipmenttoensuretheefficientuseofmonitoringandmetricscollection.TheresultisahighlyoptimizedsolutionthatcansupporttheInternet’sbusiestsitesbyintelligentlysharingtheinformationwithmembersinthelogicalgroup.
Distributed application management
Organizationsoftenstruggletoaligntheirapplicationsandinfrastructurewiththeirbusinessgoalsandpolicies.BIG‑IPGTMgivesyoutheabilitytodefinedependenciesbetweenapplicationservicesandmanagethemasagroup.Withdistributedapplicationmanagement,youcanbuildscalabletrafficdistributionpoliciesandimproveefficiencywithgranularcontrolofdatacenterobjects.
DATASHEET BIG-IP Global Traffic Manager
5
iRules
UsingF5’sevent‑driveniRules,™youcancustomizethedynamicdistributionofglobaltraffic.BIG‑IPGTMlooksdeepinsideDNSmessagestodistributeapplicationtraffictothedesireddatacenter,pool,orvirtualserver.Thiscapabilityreduceslatency,increasesprotectionagainstmaliciousattacks,andimprovesapplicationperformance.BecauseiRulesisbasedonaneasy‑to‑use,TCL‑basedscriptinglanguage,administrativecostsarenominal.
ZoneRunner
ZoneRunner™isanintegratedzonefilemanagementtoolthatsimplifiesDNSzonefilemanagementandreducestheriskofmisconfiguration.ItprovidesasecureenvironmenttomanageyourDNSinfrastructurewhilevalidatinganderror‑checkingzonefiles.BuiltonthelatestversionofBIND,ZoneRunnerprovides:
•Autopopulationofcommonlyusedprotocols
•Validation/errorcheckingforzonefileentries
•Rollbackforthelasttransaction
•Commandlineversionsofzonemanagement
•Zoneimportationfromanexternalserverorafile
•Automaticreverselookups
•Easycreation,editing,andsearchingofallrecords
F5 Enterprise Manager
EnterpriseManager™canhelpyousignificantlyreducethecostandcomplexityofmanagingmultipleF5devices.Yougainasingle‑paneviewofyourentireapplicationdeliveryinfrastructureandthetoolsyouneedtoreducedeploymenttimes,eliminateredundanttasks,andefficientlyscaleyourinfrastructuretomeetyourbusinessneeds.
Secure Applications
DNSdenial‑of‑serviceattacks,cachepoisoning,andDNShijackingthreatentheavailabilityandsecurityofyourapplications.BIG‑IPGTMprotectsagainstDNSattacksandenablesyoutocreatepolicesthatprovideanaddedlayerofprotectionforyourapplicationsanddata.
Hardened device
BIG‑IPGTMisdesignedtoresistcommonattacksbythwartingteardropattacks,byprotectingitselfandserversfromICMPattacks,andbynotrunningSMTPd,FTPd,Telnetd,oranyotherattackabledaemons.
Handles DNS attacks
BIG‑IPGTM’sunmatchedDNSperformancecantoleratehighlevelsofDNSattacks,protectingyourorganizationwhilestillmaintainingmaximumandcontinuousavailabilityforapplicationsandservices.
DNS load balancing
BIG‑IPGTMcanbeusedtofront‑endapoolofstaticDNSservers.IftheDNSrequestisforanamecontrolledbyBIG‑IPGTM,BIG‑IPGTMwillanswertherequest.Ifnot,BIG‑IP GTM
DATASHEET BIG-IP Global Traffic Manager
6
canloadbalancetherequesttoapoolofDNSservers,providingveryhighDNSqueryperformanceforstaticDNS.
Security control
StrengthensitesecurityanddiffuseattacksbeforetheycanstartwithBIG‑IPGTM.iRulescanhelpyoucreatepoliciesthatblockDNSrequestsfromroguesitesorknownsourcesofattacksbeforetheycandodamage.
Packet filtering
BIG‑IPGTMusespacketfilteringtolimitordenyaccesstoandfromwebsitesbasedonmonitoringthetrafficsource,destination,orport.
DNSSEC (option)
WiththeBIG‑IPGTMDNSSECoption,youcandigitallysignyourDNSanswers.Thisenablestheresolvertodeterminetheauthenticityoftheresponse,preventingDNShijackingandcachepoisoning.ThesesignedDNSresponsescanbeusedinconjunctionwiththeBIG‑IP GTMdynamicDNSsystemtoenableyoutogetallthebenefitsofglobalserverloadbalancingwhilealsosecuringyourinfrastructure.Alternatively,youcanuseBIG‑IPGTMinfrontoftraditionalDNSserverstoeasilydeployandloadbalanceDNSSECwithinyourexistinginfrastructure.
Network Integration
BIG‑IPGTMisdesignedtofitintoyourcurrentnetworkandintoyourplansforthefuture.
SNMP management application support
BIG‑IPGTMintegratesitsMIBsandaSNMPagentwithDNS.ThisenablesSNMPmanagementapplicationstoreadstatisticaldataaboutthecurrentperformanceofBIG‑IPGTM.SNMPmanagementpackageshaveanexactviewofwhatBIG‑IPGTMisdoing,whilekeepinganeyeonstandardDNSinformation.
Third-party integration
BIG‑IPGTMcommunicatesandintegrateswithabroadarrayofnetworkdevices.Thisincludessupportforvarioustypesofremotehosts,includingSNMPagents:UCD,snmpd,SolsticeEnterprise,andtheNT/4.0SNMPagent.BIG‑IPGTMalsotalkstothird‑partycaches,servers,routers,andloadbalancerstoaccuratelydiagnosethehealthofyournetworkendpointsandprovideaheterogeneoussolutionforglobaltrafficmanagement.
IPv6 support
BIG‑IPGTMsupportsnextgenerationIPv6networks,resolvingAAAAquerieswithoutrequiringwholesalenetworkandapplicationupgrades.
Architecture
TheadvancedarchitectureofBIG‑IPgivesyoutotalflexibilitytocontrolapplicationdeliverywithoutcreatingtrafficbottlenecks.
DATASHEET BIG-IP Global Traffic Manager
7
TMOS
AttheheartofBIG‑IPGTMistheF5architecture,TMOS®,thatprovidesaunifiedsystemforoptimalapplicationdelivery,givingyoutotalvisibility,flexibility,andcontrolacrossallservices.TMOSempowersBIG‑IPGTMtointegratewithotherF5productsandintelligentlyadapttothediverseandevolvingrequirementsofapplicationsandnetworks.
Unmatched DNS performance
BIG‑IPGTMdeliversDNSperformancecapableofhandlingeventhebusiestsites.ThishelpsyourorganizationprovidethebestQualityofServiceforyouruserswhileeliminatingpoorapplicationperformance.
BIG-IP GTM Platforms
BIG‑IPGlobalTrafficManagerisavailableasastandaloneapplianceontheBIG‑IP1600,3600,and3900platforms.Itisavailableasanadd‑onmoduleforBIG‑IP®LocalTrafficManager™onanyBIG‑IPplatform.Fordetailedspecifications,refertotheBIG‑IPSystemHardwareDatasheet.
3900 Series 3600 Series
1600 Series
8
DATASHEET BIG-IP Global Traffic Manager
F5 Networks, Inc.Corporate [email protected]
F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com
F5 Networks Ltd.Europe/Middle-East/[email protected]
F5 NetworksJapan [email protected]
© 2010 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, FirePass, iControl, TMOS, and VIPRION are trademarks or registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. CS00-00006 0410
Professional Services and Support
F5isdedicatedtohelpingyougetthemostfromyourF5products.TofindouthowF5supportservicescanhelpyouimproveyourROI,reduceadministrativetimeandexpense,andoptimizetheperformanceandreliabilityofyourITinfrastructure,[email protected].
More Information
TolearnmoreaboutBIG‑IPGTM,usethesearchfunctiononF5.comtofindtheseandotherresources.
Datasheets
BIG-IP System Hardware Datasheet
White paper
Disaster Recovery: Not Just Planning for the Worst
Case studies
American Imaging Management
DNSstuff.com
