F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer,...
-
date post
22-Dec-2015 -
Category
Documents
-
view
235 -
download
1
Transcript of F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer,...
![Page 1: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/1.jpg)
F5 Networks Traffic Management by DesignF5 Networks Traffic Management by Design
Presented by: Jürg Wiesmann Field System Engineer, Switzerlandjü[email protected]
![Page 2: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/2.jpg)
2
Company Snapshot
Leading provider of solutions
that optimize the security,
performance & availability of
IP-based applications
Founded 1996 / Public 1999
Approx. 1,010 employees
FY05 Revenue: $281M
FY06 Revenue: $394M
– 40% Y/Y Growth
![Page 3: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/3.jpg)
3
Source: Gartner, December 2005
Magic Quadrant for Application Delivery Products
• “F5 continues to build on the momentum generated by the release of v9.0. It commands over 50% market share in the advanced platform ADC segment and continues to pull away from the competition. ”
• “F5 is one of the thought leaders in the market and offers growing feature richness. It should be high on every enterprise's shortlist for application delivery.”
Clear Leader in Application Delivery
Cisco Systems
Citrix Systems (NetScaler)
Radware
Juniper Networks (Redline)
Akamai Technologies
Netli
Stampede Technologies
Zeus Technology
NetContinuumFoundry Networks
Coyote Point Systems
Array Networks
Nortel Networks
F5 Networks
Challengers Leaders
Niche Players Visionaries
Ab
ilit
y t
o E
xe
cu
te
Completeness of Vision
![Page 4: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/4.jpg)
4
What CEO´s CFO´s und CIO´s are interested in
Low Investment costs– Reducing Load on Server infrastructure
Low Servicecosts– Simple Problem-, Change und Releasemgt.
– Less Service windows
– Reduction of work during Service windows
– Simple secure and stable Environements
High availability
![Page 5: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/5.jpg)
5
Application
Problem: Networks Aren’t Adaptable Enough
Applications Focus on Business Logic and
Functionality
Traditional Networks are Focused on
Connectivity
Network Administrator Application Developer
New Security Hole
High Cost To Scale
Slow Performance
?
![Page 6: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/6.jpg)
6
Application
How Do You Fix the Problem?
Network Administrator Application Developer
Hire an Army of Developers?
Add More Infrastructure?
More Bandwidth
Multiple Point Solutions
![Page 7: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/7.jpg)
7
CRMCRM
SFA
ERP
ERPERP
SFACRM
SFA
Point Solutions ApplicationsUsers
Custom Application
Mobile Phone
PDA
Laptop
Desktop
Co-location
A Costly Patchwork
SSL Acceleration
Application Load Balancer
Rate Shaping/QoS
DoS Protection
Content ProxyAcceleration/
Transformation
Traffic CompressionWAN Connection
Optimization
Network Firewall
IPS/IDS
Application Firewall
![Page 8: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/8.jpg)
8
The Better Application Delivery Alternative
The F5 WayThe Old Way
First with Integrated Application Security
![Page 9: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/9.jpg)
9
The F5 Solution ApplicationsUsers
Mobile Phone
PDA
Laptop
Desktop
Co-location
F5’s Integrated Solution
CRM
Database
Siebel
BEA
Legacy
.NET
SAP
PeopleSoft
IBM
ERP
SFA
Custom
TMOS
Application Delivery Network
![Page 10: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/10.jpg)
10
Enterprise Manager
TMOS
iControl & iRules
ApplicationsUsers
InternationalData Center
The F5 Application Delivery Network
WANJet FirePassBIG-IP Local
TrafficManager
BIG-IPApplication
SecurityManager
BIG-IP Link
Controller
BIG-IP Global Traffic
Manager
BIG-IPWeb
Accelerator
![Page 11: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/11.jpg)
11
F5 Networks Remote Access TodayF5 Networks Remote Access Today
Presented by: Jürg Wiesmann Field System Engineer, Switzerlandjü[email protected]
![Page 12: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/12.jpg)
12
Current Issues
Unreliable accessWorm/virus propagation
High support costs
Mobile Workforce
Limited application supportLack of data integrity
Reduced user efficiency
Employee onHome PC /
Public Kiosk
Complex access controlsNo application-level audits
High support costs
Business Partners
Systems orApplications
Complex APIUnreliable access
High support costs
![Page 13: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/13.jpg)
13
IPSec provides transparent Network Access – BUT…
Needs preinstalled Client
Does not work well with NAT
No granular Application Access (Network Level)
Hard to Loadbalance
Is expensive to deploy
![Page 14: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/14.jpg)
14
On the other hand SSL VPN…
No preinstalled Client Software needed
Works on transport Layer – No problem with NAT
Works on port 80/443 – No problem with Firewall/Proxy
Easy to Loadbalance
Offers granular Application Access
Is Easy to deploy
![Page 15: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/15.jpg)
15
Remote Access - Requirements
Any LocationAny
Application
Any Devices
Secure
HotelKiosk
Hot Spot
LaptopKiosk
Home PCPDA/Cell Phone
Data PrivacyDevice Protection
Network ProtectionGranular App Access
AAA ServersDirectories
Instant Access
Ease of Use
Ease of Integration
Highly Available
EmployeePartnerSupplier
WebClient/Server
LegacyDesktop
Any User
ClientlessSimple GUI
Detailed Audit Trail
Global LBStateful Failover
Disaster Recovery
![Page 16: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/16.jpg)
16
HotelKiosk
Hot Spot
Why not use IPSec?
Any LocationAny
Application
Any Devices
Secure
LaptopKiosk
Home PCPDA/Cell Phone
Data PrivacyDevice Protection
Network ProtectionGranular App Access
AAA ServersDirectories
Instant Access
Ease of Use
Ease of Integration
Highly Available
Global LBStateful Failover
Disaster Recovery
EmployeePartnerSupplier
WebClient/Server
LegacyDesktop
Any User
ClientlessSimple GUI
Detailed Audit Trail
![Page 17: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/17.jpg)
18
FirePass® Overview
Internet
Laptop
Mobile Device
Partner
SpecificApplication Access
Portal Access
Network Access
Dynamic PoliciesAuthorized
ApplicationsAny User
Any Device
Kiosk
Secured bySSL
Intranet
FirePass®
![Page 18: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/18.jpg)
19
Simplified User Access
Standard browser– Access to applications
from anywhere
Select application – Shortcuts automate
application connections
No preinstalled client software required– All access via a web
browser
![Page 19: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/19.jpg)
20
Access Types
Network Access
Application Access– Application Tunnels
– Terminal Server
– Legacy Hosts
– X Windows
Portal Access– Web Applications
– File Browsing (Windows, Unix)
– Mobile E-Mail
Desktop Access (Webtop)
![Page 20: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/20.jpg)
21
Access Methods Summary
BenefitsMost Flexible
Any DeviceAny NetworkAny OS
Most ScalableBrowser Compatible
Secure ArchitectureRestricted Resource Access
DrawbacksLimited Resource Access
Enterprise Web Apps/ResourcesWebified Enterprise ResourcesLimited Nonweb Applications
Portal Access Application Access
BenefitsC/S Application Access
Legacy Application AccessTransparent Network TraversalAny Network
Scalable DeploymentNo Network/Addr. Configuration
Secure ArchitectureRestricted Resource AccessHost Level Application Proxy
DrawbacksLimited Access Flexibility
OS/JVM Compatible IssuesNo Transistent Kiosk Access
Client SecurityInstallation Privileges
Network Access
BenefitsFull Network Access (VPN)
No Resource Restrictions
DrawbacksMore Limited Access
OS/JVM Compatible Issues
Client SecurityInstallation Privileges
![Page 21: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/21.jpg)
22
CorporatePolicy
Firewall/VirusCheck
Adaptive Client SecurityLaptopKiosk/Untrusted PC PDA
KioskPolicy
Cache/Temp FileCleaner
Mini BrowserPolicy
Client/Server Application
Full NetworkTerminal Servers
Files Intranet Email
![Page 22: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/22.jpg)
23
FirePass®
Quarantine Policy Support– Ensure Policy Compliance
– Direct to quarantine network
Policy Checking with Network Quarantine
Deep Integrity Checking– Specific antivirus checks
– Windows OS patch levels– Registry settings
FullNetwork
QuarantineNetwork
Please updateyour machine!
![Page 23: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/23.jpg)
24
Visual Policy Editor
Graphically associates a policy relationship between end-points, users and resources
![Page 24: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/24.jpg)
25
Unique Application Compression
Results
Over 50% faster access Supports compression for any IP applicationFaster email & file accessWorks across both dial-up and broadband
Results
Over 50% faster access Supports compression for any IP applicationFaster email & file accessWorks across both dial-up and broadband
![Page 25: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/25.jpg)
26
30 Minute Install
Quick Setup enables rapid installation and setup even for non-experts
NEW
![Page 26: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/26.jpg)
28
Dynamic Policies
Enterprise SSO Integration
HTTP forms-based authentication
Single sign-on to all web applications
Major SSO & Identify Mgmt Vendor Support– Netegrity, Oblix and others
FirePass® 1. User ID
, Password
3. Session Cookie
2. Session Cookie
Internet
NetegritySiteMinder
WebServers
![Page 27: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/27.jpg)
29
Application Security
FirePass®
1. SQL Injection
XInternet
WebServers
Web application security– Cross-site scripting
– Buffer overflow
– SQL injection
– Cookie management
ICAP AntiVirus
Policy-based virus scanning– File uploads
– Webmail attachments
Integrated scanner
Open ICAP interface
![Page 28: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/28.jpg)
30
Product Lines
![Page 29: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/29.jpg)
31
FirePass Product Line
FirePass 1200Medium Enterprise
FirePass 4200Large Enterprise
25-100 Concurrent Users 100-2000 Concurrent Users
• 500+ employees• High performance platform • Comprehensive access • End-to-End security • Flexible support• Failover• Cluster up to 10
• 25 to 500 employees• Comprehensive access • End-to-End security• Flexible support• Failover
A product sized and priced appropriately for every customer
![Page 30: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/30.jpg)
32
FirePass Failover
Redundant pair– Stateful failover provides
uninterrupted failover for most applications (e.g. VPN connector)
Single management point– Active unit is configured
– Configuration and state information is periodically synchronized
Separate SKU – Active unit determines software
configuration and concurrent users
Internet
Active
Hot standby
Intranet application servers
![Page 31: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/31.jpg)
33
FirePass 4100 Clustering
Clustered pair– Up to 10 servers can be clustered for
up to 20,000 concurrent users
– Master server randomly distributes user sessions
– Distributed (e.g. different sites) clusters are supported
Single management point– Master server is configured
– Configuration information is periodically synchronized
Second FP 4100 Required– Software features purchased on 2nd
server
Internet
Intranet application servers
Cluster master
Cluster nodes
![Page 32: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/32.jpg)
34
Case Study: FirePass®vs IPSec Client300 end user accounts, high availability configuration
Savings: 390 hours for rollout, 20 hours/week sustaining
80% user callback for IPSec Client; 15% for FirePass
25 users unable to use IPSec Client; 2 specific hotel room issues w/FirePass
Engineering
Help Desk
End User
Engineering
Help Desk
End User
Rollout
Sustaining
IPSec Client
120 hrs
200 hrs
1 hrs +
1.5 hrs/day
5 hrs/day
0
FirePass®
20 hrs
60 hrs
.5 hrs x 300
.5 hrs/day
2 hrs/day
0
Savings
100 hrs
140 hrs
150 hrs
1 hrs/day
3 hrs/day
0
![Page 33: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/33.jpg)
35
Summary of Benefits
Increased productivity
– Secure access from any
device, anywhere
– No preinstalled VPN clients
Reduced cost of ownership
– Lower deployment costs
– Fewer support calls
Improved application security
– Granular access to corporate resources
– Application layer security and audit trail
![Page 34: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/34.jpg)
37
![Page 35: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/35.jpg)
38
![Page 36: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/36.jpg)
40
Partnerships
“F5's BIG-IP has been designed into a number of Oracle's mission-critical architectures, such as the Maximum Availability Architecture.”
Julian Critchfield, Vice President, Oracle Server Technologies
“Microsoft welcomes F5 Networks' support of Visual Studio 2005… F5 complements our strategy by providing our mutual customers with a way to interact with their underlying network.”
Christopher Flores, Group Product Manager in the .NET Developer Product Management Group at Microsoft Corp.
![Page 37: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/37.jpg)
41
Services & SupportExpertise – F5 offers a full range of personalized, world-class support and services, delivered by engineers with in-depth knowledge of F5 products.
Software Solution Updates – Customers with a support agreement receive all software updates, version releases, and relevant hot fixes as they are released.
Flexibility – Whatever your support demands, F5 has a program to fit your needs. Choose from our Standard, Premium, or Premium Plus service levels.
Full Service Online Tools – Ask F5 and our Web Support Portal.
Fast Replacements – F5 will repair or replace any product or component that fails during the term of your maintenance agreement, at no cost.
![Page 38: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/38.jpg)
42
Experience – F5 Professional Consultants know F5 products and networking inside and out. The result? The expertise you need the first time.
High Availability – Our experts work with you to design the best possible high- availability application environment.
Optimization – Our consultants can help you fine tune your F5 traffic management solutions to maximize your network’s efficiency.
Knowledge Transfer – Our professionals will efficiently transfer critical product knowledge to your staff, so they can most effectively support your F5-enabled traffic management environment.
PROFESSIONAL SERVICES
Expert Instruction – With highly interactive presentation styles and extensive technical backgrounds in networking, our training professionals prepare students to perform mission-critical tasks.
Hands-On Learning – Theoretical presentations and real-world, hands-on exercises that use the latest F5 products.
Convenience – Authorized Training Centers (ATCs) strategically located around the world.
Knowledge Transfer – Direct interaction with our training experts allows students to get more than traditional “text book” training.
CERTIFIED GLOBAL TRAINING
Expertise – World-class support and services, delivered by engineers with in-depth knowledge of F5 products.
Software Solution Updates – Software updates, version releases, and relevant hot fixes as they are released.
Flexibility – Standard, Premium, or Premium Plus service levels.
Full Service Online Tools – Ask F5 and our Web Support Portal.
Fast Replacements – F5 will repair or replace any product or component that fails during the term of your maintenance agreement, at no cost.
SERVICES & SUPPORT
F5 Services
![Page 39: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/39.jpg)
43
F5 Networks Globally
International HQ – Seattle
Regional HQ / Support Center
F5 Regional Office
F5 Dev. Sites –Spokane, San Jose, Tomsk, Tel Aviv,
Northern Belfast
EMEA
Japan
APAC
Seattle
![Page 40: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/40.jpg)
44
F5 Networks Message Security ModuleF5 Networks Message Security Module
Presented by: Jürg Wiesmann Field System Engineer, Switzerlandjü[email protected]
![Page 41: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/41.jpg)
45
The Message Management Problem
Out of 75 billion emails sent worldwide each day, over 70% is spam!
The volume of spam is doubling every 6-9 months!
Clogging networks
Cost to protect is increasing
Nov 2005 Oct 2006
TrustedSource Reputation Scores
Higher score = worse reputation
![Page 42: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/42.jpg)
46
Typical Corporate Pain
Employees still get spamSome are annoying, some are offensiveInfrastructure needed to deal with spam is expensive!– Firewalls– Servers– Software (O/S, anti-spam licenses, etc.)– Bandwidth– Rack space– Power
Budget doesn’t match spam growthLegitimate email delivery slowed due to spam
![Page 43: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/43.jpg)
47
Why is this happening?
Spam really works!
Click rate of 1 in 1,000,000 is successful
Spammers are smart professionals– Buy the same anti-spam technology we do
– Develop spam to bypass filters
– Persistence through trial and error
– Blasted out by massive controlled botnets
Professional spammers have– Racks of equipment
– Every major filtering software and appliance available
– Engineering staff
![Page 44: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/44.jpg)
48
It’s not just annoying…it can be dangerous.
2% of all email globally contains some sort of malware. – Phishing– Viruses – Trojans (zombies, spyware)
![Page 45: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/45.jpg)
49
High Cost of Spam Growth
Firewall
Email ServersMessaging
Security
DMZ
Spam volume increasesBandwidth usage increasesLoad on Firewalls increasesLoad on existing messaging security systems increasesEmails slow downNeedlessly uses up rackspace, power, admin time…
![Page 46: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/46.jpg)
50
MSM Blocking At the Edge
e hello
X
X
X
X
X
X
Terminating 70% of the
Spam from the “e hello”
X
BIG-IP MSM
First Tier
Messaging Security Server
Second Tier Mail ServersEmails
Filters out 10% to 20% of Spam
Works with anyAnti-Spam Solution
![Page 47: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/47.jpg)
51
Why TrustedSource?
Industry Leader– Solid Gartner reviews & MQ
– IDC market share leader
Superior technology
Stability
![Page 48: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/48.jpg)
52
TrustedSource: Leading IP Reputation DB
View into over 25% of email traffic50M+ IP addresses tracked globally
Data from 100,000+ sources; 8 of 10 largest ISPsMillions of human reporters and honeypots
![Page 49: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/49.jpg)
53
AUTOMATED ANALYSIS AUTOMATED ANALYSIS
Dynamic ComputationOf Reputation Score
Messages Analyzed per Month
• 10 Billion Enterprise• 100 Billion Consumer
Bad Good
GLOBAL DATA MONITORINGGLOBAL DATA MONITORING
TrustedSource
IntelliCenter
Brazil
London
PortlandAtlanta
Hong Kong
Global data monitoring is fueled by the network effect of real-time information sharing from thousands of gateway security devices around the world
Animation slide
![Page 50: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/50.jpg)
54
Shared Global Intelligence
PhysicalWorld
CIAFBI
Interpol
PoliceStations
PoliceStations
PoliceStations
IntelligenceAgents
Deploy agents officers around the globe
(Police, FBI, CIA, Interpol.)
Global intelligence systemShare intelligence information
Example: criminal history, global finger printing system
ResultsEffective: Accurate detection of offendersPro-active: Stop them from coming in the
country
Atlanta
Brazil
London
Hong KongPortland
IntelliCenter
CyberWorld
Intelligentprobes
Deploy security probes around the globe (firewall, email gateways,
web gateways)
Global intelligence systemShare cyber communication
info, Example: spammers, phishers, hackers
ResultsEffective: Accurate detection of bad IPs,
domainsPro-active: Deny connection to intruders
to your enterprise
![Page 51: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/51.jpg)
55
TrustedSource Identifies Outbreaks Before They Happen
11/03/05A/V Signatures
11/02/05Other Reputation Systems Triggered
9/12/05TrustedSourceFlagged Zombie
♦ 11/01/05: This machine began sending Bagle worm across the Internet
♦ 11/03/05: Anti-virus signatures were available to protect against Bagle
♦ Two months earlier, TrustedSource identified this machine as not being trustworthy
![Page 52: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/52.jpg)
56
Content Filters Struggle to ID certain spam
![Page 53: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/53.jpg)
57
Image-based spam
HashbustingScratches
![Page 54: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/54.jpg)
58
Summary of Benefits
Eliminate up to 70% of spam upon receipt of first packet
Reduce Cost for Message Management
– TMOS Module – High performance Cost effective spam blocking at network edge
– Integrated into BIG-IP to avoid box proliferation
Improved Scaleability and Message Control
– Reputation Based Message Distribution and Traffic Shaping
Slightly increase kill-rate on unwanted email
![Page 55: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/55.jpg)
59
Packaging
BIG-IP LTM Only
Version Support: 9.2 and higher
Module May be added to any– LTM or Enterprise
– No Module incompatibilities with other Modules
Licensed per BIG-IP by number of mailboxes
BIG-IP Platform sizing depends on:– Email volume
– Number of BIG-IP’s
– Other functions expected of BIG-IP (additional taxes on CPU time)
License Tiers
MSM for over 100,000 Mailboxes
MSM for up to 100,000 Mailboxes
MSM for up to 75,000+ Mailboxes
MSM for up to 50,000 Mailboxes
MSM for up to 25,000 Mailboxes
MSM for up to 10,000 Mailboxes
MSM for up to 5,000 Mailboxes
MSM for up to 1,000 Mailboxes
![Page 56: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/56.jpg)
60
ExistingMessaging
Security
Error Msgfor clean termination
How BIG-IP MSM Works
70% Bad?
Drop first & subsequent
packets
Email Servers
Delete Message
10% Bad?
Internet
ExistingMessaging
Security
Slow Pool
20% Suspicious?
20% Good?
Animation slide
10% Trusted?
Fast Pool
Secure ComputingTrusted Source™
IP Reputation Score
DNSQuery
![Page 57: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/57.jpg)
61
Spam Volumes Out of Control
Perc
en
t S
pam
% of Worldwide email that is Spam
Nov 2005 Oct 2006
70%
85%
![Page 58: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/58.jpg)
62
0%
5%
10%
15%
20%
25%
30%
35%
Apr 5t
h
May 3r
d
May 10
th
May 17
th
May 24
th
May 31
st
Jun 2
8th
Jul 2
6th
Aug 2n
d
Oct 9th
Oct 12
th
Oct 16
th
Oct 19
th
Oct 23
rd
Hard-to-detect Image Spam is GrowingP
erc
en
t o
f T
ota
l Em
ail
2006
![Page 59: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/59.jpg)
63
Reputation-based Security Model
ComputingCredit
Track
Compile
Compute
Use
Businesses & Individuals
Physical World
Business Transactions
Credit Score
Allow / Deny Credit
• Loan• LOC• Credit terms
• Timely payment• Late payment• Transaction size
• Purchases• Mortgage, Leases• Payment transactions
Cyber World
IPs, Domains, Content, etc.
Cyber Communication
Reputation Score
Allow / Deny Communication
• Stop at FW, Web Proxy, Mail gateway• Allow• Quarantine
• Good IPs, domains• Bad• Grey – marketing, adware
• Email exchanges• Web transaction• URLs, images
![Page 60: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/60.jpg)
64
Backup Slides
Firepass
![Page 61: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/61.jpg)
65
Windows Logon (GINA Integration)
Key Features– Transparent secure logon to
corporate network from any access network (remote, wireless and local LAN)
– Non-intrusive and works with existing GINA (no GINA replacement)
– Drive mappings/Login scripts from AD
– Simplified installation & setup (MSI package)
– Password mgmt/self-service
Customer Benefits– Unified access policy mgmt– Increased ROI– Ease of use– Lower support costs
![Page 62: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/62.jpg)
66
Configuring Windows Logon
![Page 63: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/63.jpg)
67
Windows Installer Service
Problem– Admin user
privileges required for network access client component updates
Solution– Provide a user
service on the client machine which allows component updates without admin privileges
![Page 64: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/64.jpg)
68
Network Access Only WebTop
Automatically minimizes to system tray
Simplified webtopInterface
![Page 65: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/65.jpg)
69
Windows VPN Dialer
Simple way to connect for users familiar with dial-up
![Page 66: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/66.jpg)
70
FirePass Client CLI
“f5fpc <cmd> <param>”where <cmd> options are:– start
– info
– stop
– help
– profile
Single sign-on from 3rd party clients (iPass)
![Page 67: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/67.jpg)
71
Auto Remediation
![Page 68: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/68.jpg)
72
Dynamic AppTunnelsFeature Highlights– No client pre-installation
– No special admin rights for on-demand component install
– No host file re-writes
– Broader application interoperability (complex web apps, static & dynamic ports)
Benefits– Lower deployment and
support costs
– Granular access control
![Page 69: F5 Networks Traffic Management by Design Presented by: Jürg Wiesmann Field System Engineer, Switzerland jürg.wiesmann@f5.com.](https://reader035.fdocuments.net/reader035/viewer/2022081800/56649d805503460f94a64a4e/html5/thumbnails/69.jpg)
73
Configuring Dynamic AppTunnels
Web Apps
Client/ServerApps