INTRODUCING F5 BIG-IQ · INTRODUCING F5 BIG-IQ . How F5 centralized management is changing ....

Dan Kim – Product Manager

INTRODUCING F5 BIG-IQ How F5 centralized management is changing

CONFIDENTIAL 2

BIG-IQ CLOUD | SECURITY

What is BIG-IQ?

F5 BIG-IQ is an intelligent management platform to provide application delivery intelligence across both Global Data Center and Cloud deployments

BIG-IQ – Management Plane BIG-IP – Data Plane

F5 BIG-IQ Intelligent Management Platform in 2013

BIG-IQ Platform Intelligent Management Framework

BIG-IQ SECURITY (firewall)

BIG-IQ CLOUD

F5 Networks Confidential

F5 BIG-IQ Intelligent Management Platform Modular Approach

BIG-IQ Platform Intelligent Management Framework

BIG-IQ SECURITY

(firewall)

BIG-IQ CLOUD

BIG-IQ DEVICE

Future Modules

…


Store

Data Model

Services BIG-IQ

Platform

API (Public REST/JSON)

BIG-IQ: Platform, Modules and REST API

• Open/exentsible

• Modular framework

• Platform provides services common to all modules

• Modules interact with platform using REST-based APIs

• Modules licensed separately


API (Public REST/JSO

N)

iControl Rest Open and extensible platform

BIG-IQ Platform API (Public REST/JSON)

3rd Party Management

Solution

- Completely open architecture - iControl Rest leveraged for all device to device

communication - Opportunity to provide value added services

API (Public REST/JSON)

What is the BIG-IQ Platform? Choice Between HW or VE

BIG-IQ Platform Multi Device Management =

F5 BIG-IQ™ Virtual Edition

F5 BIG-IQ™ Hardware Platform

OR


1HCY2013 1HCY2014

BIG-IQ

BIG-IQ CLOUD Select Product:

BIG-IQ Security

TMOS

(c) Copyright 1996-2013, F5 Networks, Inc., Seattle, Washington. All rights reserved.

Hostname: dankim.pm.f5.com

IP Address: 1.1.1.1

BIG-IQ

BIG-IQ Cloud

Benefits

Simplify Provisioning and Consolidate Management

Enable Flexibility with Third Party Management Orchestrators

Gain Cloud Visibility

Enable Cloud Bursting

+

BIG-IQ

BIG-IQ Cloud

REST based API integration for orchestration with other management platforms Benefits





+

BIG-IQ Platform

Security Cloud

Third-Party Cloud Orchestrators

BIG-IQ

BIG-IQ Cloud

Leverage Public Cloud IaaS Benefits





+

BIG-IQ

BIG-IQ Cloud

Manage iApp CRUD operations centrally and customizing the iApps for individual tenants Benefits





+

BIG-IQ

BIG-IQ Cloud

Gain visibility across clouds, devices, tenants in a single view Benefits





+

Provider View

BIG-IQ

Monitor top-10 and bottom-10 policies by hitcount

BIG-IQ Cloud Today

Clients

Data Center

BIG-IP AFM

Monitor

Rule1 dankim.pm.f5.com

2.3 M mgmt


1.1 M global


873 K selfip


632 K virtual


559 K virtual


546 K global


481 K virtual


248 K virtual


223 K mgmt


191 K global

BIG-IQ Security

2013

Available as a VE only

Supports BIG-IP LTM only

Separate from BIG-IQ Security

Benefits





+

Cloud Connectors – VMware vCloud Director and Amazon Web Services

BIG-IQ

Pricing

Roadmap

Additional solutions (e.g., ADF)

Additional BIG-IP AFM benefits

Available as appliance or VE

Description

BIG-IQ VE platform: 5000 Node License



BIG-IQ VE platform: Max Cloud Nodes

BIG-IQ Cloud Software only: 1000 Nodes License

BIG-IQ Cloud Software only: 5000 Nodes License

Product

F5-BIQ-CLD-VE-5k

F5-BIQ-CLD-VE-10k

F5-BIQ-CLD-VE-1k

F5-BIQ-CLD-VE-M

F5-ADD-BIQ-CLD-VE-1K


+


F5-ADD-BIQ-CLD-VE-M

BIG-IQ Cloud Software only: 10,000 nodes License

BIG-IQ Cloud Software only: Max Cloud Node License

2013


Supports BIG-IP LTM only

Separate from BIG-IQ Security

Benefits





+

Cloud Connectors – VMware vCloud Director and Amazon Web Services

BIG-IQ

BIG-IQ CLOUD – VMware integration Select Product:

BIG-IQ Security

TMOS



IP Address: 1.1.1.1

BIG-IQ

BIG-IQ – Vmware Integration

Benefits

Interconnection and portability between traditional environments and cloud

Flexible architecture that supports SDN and traditional networking

Integrated offering

Ability to host private clouds for sensitive data and outsource non-critical apps to public cloud

+

BIG-IQ


Shared Management Plane Benefits



Integrated offering


+

BIG-IQ


BIG-IQ Objects in vShield Benefits



Integrated offering


+

BIG-IQ UI

VShield UI

BIG-IQ


Integrated Application Benefits



Integrated offering


+ BIG-IQ UI

vShield UI

BIG-IQ

BIG-IQ Security Select Product:

BIG-IQ Cloud

TMOS



IP Address: 1.1.1.1

BIG-IQ

BIG-IQ Security

Benefits

Reduce errors and downtime

Mitigate compliance risks

Reduce operational overhead

Monitor policy effectiveness

+

BIG-IQ

BIG-IQ Security

Manage multiple BIG-IP AFM devices from a single pane of glass

Clients

Data Center

BIG-IP AFM BIG-IP AFM BIG-IP AFM

BIG-IQ Security

Benefits +





BIG-IQ

BIG-IQ Security

Manage multiple BIG-IP AFM devices from a single pane of glass Centrally manage firewall policies and deploy to selected BIG-IP AFM devices

BIG-IQ Security

Select device: 1

2

3

Select policy:

Deploy Changes


1

3

Benefits +





BIG-IQ

BIG-IQ Security

Centrally manage firewall policies and deploy to selected BIG-IP AFM devices Centralized auditing

BIG-IQ Security

Select device: 1

2

3

Select policy:

Deploy Changes


1

3

Benefits +





BIG-IQ

Centralized auditing

BIG-IQ Security

BIG-IQ Security

Select device: 1

2

3

Select policy:

Deploy Changes


1

3


Clients

Data Center

BIG-IP AFM

Monitor


2.3 M mgmt


1.1 M global


873 K selfip


632 K virtual


559 K virtual


546 K global


481 K virtual


248 K virtual


223 K mgmt


191 K global

BIG-IQ Security

Benefits +





BIG-IQ


BIG-IQ Security Today

Clients

Data Center

BIG-IP AFM

Monitor


2.3 M mgmt


1.1 M global


873 K selfip


632 K virtual


559 K virtual


546 K global


481 K virtual


248 K virtual


223 K mgmt


191 K global

BIG-IQ Security

2013


Supports BIG-IP AFM only

Separate from BIG-IQ Cloud

Benefits





+

BIG-IQ

Pricing

Roadmap

Additional solutions (e.g., ADF)

Additional BIG-IP AFM benefits

Available as appliance or VE

Description

BIG-IQ VE platform: 25 AFMs managed



BIG-IQ Security Software only: 10 AFMs managed



Product

F5-BIQ-SEC-25-VE

F5-BIQ-SEC-50-VE

F5-BIQ-SEC-10-VE

F5-ADD-BIQ-SEC-10

F5-ADD-BIQ-SEC-25

F5-ADD-BIQ-SEC-50

+ 2013


Supports BIG-IP AFM only

Separate from BIG-IQ Cloud

Benefits





+

BIG-IQ UI: Context Aware

Modern, innovative, intuitive UI – Centralized Search and Filtering – Show Relationships (brushing) – Create Relationships (drag and

drop) – Contextual Awareness – Simplified Navigation Structure

Interactions with “Panels” – Brushing – Filtering – Slide-out – Creating new objects


BIG IQ Security Roadmap Subject to Change

Release: v4.0 (Allagash) v4.1 (Bigtime) v4.2 (Chuckanut)

Theme: Basic FW Mgmt Deployment Diagnostics

Timeframe April 2013 Aug 2013 Dec 2013

Device Setup (licensing, user management)

BIG-IP Policy Support (Corona AFM)

L3/L4 Policy Change Rollback

Login ‘portal’ to BIG-IQ, launch pad to Security | Cloud

Scale to 100 devices, 1000 rules each Coarse-grained RBAC

Declaring Management Authority

BIG-IP High Availability

Policy Diferrence Review

Audit Log Basic Multi-User Editing L3/L4 rule edit & deploy, single persona

Basic Monitoring

http://devcentral.f5.com/

http://www.facebook.com/f5networksinc

http://www.linkedin.com/company/f5-networks

http://twitter.com/f5networks

http://www.youtube.com/f5networksinc

BIG-IQ

Zero provisioning for Private Cloud licensing pool for VE

- EC2, Vmware vCloud Director, Openstack Connectors in BIG-IQ v4.3 (target December) - EC2 demo currently targeted for BIG-IQ v4.2 (Bigtime release in August - Ability to levarage private cloud licensing pools when working with VE - Scope and Scenario currently being refined

BIG-IQ

Devops integration (puppet/chef)

- Rely heavily on F5 iControl for REST - BIG-IP iControl for REST

- Early Access in 11.4 (Corona release) - General Availability in Vancouver release

- BIG-IQ iControl for REST - First release in BIG-IQ v4.0 (release in April) - Next release in BIG-IQ v4.1 (release in August)

- Leverage BIG-IQ to proxy iControl to BIG-IP - Consolidate - Single point of Auth

BIG-IQ

Openstack

- Connector currently targeted for BIG-IQ v4.3 (Chuckanut) - BIG-IQ chuckanut release is currently planned for Dec 2013/Jan 2014 - Dependency on Fall/Winter release of Openstack - Current Scope to match level of integration with Vmware vCloud Director Integration

- F5 iApps integration - These requirements will be more refined by Sept/Oct 2013

BIG-IQ

BIG-IQ Security

Select Product:

BIG-IQ Cloud

TMOS



IP Address: 1.1.1.1

BIG-IQ

Architecture

Data Plane

Applications

Management Plane

What Is BIG-IQ?

BIG-IQ

Data Plane

Applications

Management Plane

What Is Available Today?

Architecture 2013

BIG-IP AFM BIG-IP LTM

BIG-IQ Framework

Security Cloud

Enterprise Manager

Management Plane

Data Plane

Applications

BIG-IQ

2013

What You Can Expect

Architecture

Data Plane

Applications

Management Plane

BIG-IQ Cloud

Enterprise Manager

BIG-IQ Security

BIG-IP AFM BIG-IP LTM

BIG-IQ Framework

Security Cloud

Enterprise Manager

Roadmap

Device Cloud Security

All BIG-IP BIG-IP AFM BIG-IP LTM

Additional Modules

INTRODUCING F5 BIG-IQ · INTRODUCING F5 BIG-IQ . How F5 centralized management is changing ....

Documents

Transcript of INTRODUCING F5 BIG-IQ · INTRODUCING F5 BIG-IQ . How F5 centralized management is changing ....