mopdf.com

INTRODUCING F5 BIG-IQHow F5 centralized management is changingDan Kim – Product Manager

BIG-IQCLOUD SECURITYCONFIDENTIAL2

What is BIG-IQ?BIG-IQ – Management PlaneBIG-IP – Data PlaneF5 BIG-IQ is an intelligent management platform to provide applicationdelivery intelligence across both Global Data Center and Cloud deployments

F5 BIG-IQIntelligent Management Platform in 2013BIG-IQ SECURITY(firewall)BIG-IQ CLOUDBIG-IQ PlatformIntelligent Management FrameworkF5 Networks Confidential

F5 BIG-IQIntelligent Management PlatformModular ApproachBIG-IQSECURITY(firewall)BIG-IQ CLOUDBIG-IQ DEVICEBIG-IQ PlatformIntelligent Management FrameworkF5 Networks ConfidentialFutureModules

BIG-IQ: Platform, Modules and REST API Open/exentsible Modular framework Platform provides servicescommon to all modules Modules interact withplatform using RESTbased APIs Modules licensedseparatelyAPI (Public REST/JSON)ServicesData ModelStoreF5 Networks ConfidentialBIG-IQPlatform

iControl RestOpen and extensible platform3rd PartyManagementSolutionAPI (Public REST/JSON)BIG-IQPlatform- Completely open architecture- iControl Rest leveraged for all device to devicecommunication- Opportunity to provide value added servicesAPI (Public REST/JSON)API (Public REST/JSON)

What is the BIG-IQ Platform?Choice Between HW or VEBIG-IQ PlatformMulti Device Management ORF5 BIG-IQ VirtualEdition1HCY2013F5 Networks ConfidentialF5 BIG-IQ Hardware Platform1HCY2014

BIG-IQHostname:dankim.pm.f5.comIP Address:1.1.1.1Select Product:BIG-IQ CLOUDBIG-IQ SecurityTMOS(c) Copyright 1996-2013, F5 Networks, Inc., Seattle, Washington. All rights reserved.

BIG-IQBIG-IQ CloudBenefits Gain Cloud VisibilitySimplify Provisioning andConsolidate ManagementEnable Flexibility with Third PartyManagement OrchestratorsEnable Cloud Bursting

BIG-IQBIG-IQ CloudBenefits REST based API integration for orchestration with other management platformsGain Cloud VisibilitySimplify Provisioning andConsolidate ManagementThird-Party Cloud OrchestratorsEnable Flexibility with Third PartyManagement OrchestratorsEnable Cloud BurstingSecurityCloudBIG-IQ Platform

BIG-IQBIG-IQ CloudBenefits Gain Cloud VisibilitySimplify Provisioning andConsolidate ManagementEnable Flexibility with Third PartyManagement OrchestratorsEnable Cloud BurstingLeverage Public Cloud IaaS

BIG-IQBIG-IQ CloudBenefits Gain Cloud VisibilitySimplify Provisioning andConsolidate ManagementEnable Flexibility with Third PartyManagement OrchestratorsEnable Cloud BurstingManage iApp CRUD operations centrally and customizing the iApps for individual tenants

BIG-IQBIG-IQ CloudBenefits Gain Cloud VisibilitySimplify Provisioning andConsolidate ManagementEnable Flexibility with Third PartyManagement OrchestratorsEnable Cloud BurstingGain visibility across clouds, devices, tenants in a single viewProvider View

BIG-IQBIG-IQ Cloud TodayBenefits Gain Cloud VisibilitySimplify Provisioning andConsolidate ManagementEnable Flexibility with Third PartyManagement OrchestratorsEnable Cloud BurstingMonitor2013 top-10 and bottom-10 policies by hitcountSupports BIG-IP LTM onlyClientsMonitorRule1Available as a VE onlydankim.pm.f5.comRule2Separate from BIG-IQ SecurityCloud Connectors – VMwarevCloud Director and AmazonWeb mBIG-IP dankim.pm.f5.comRule9dankim.pm.f5.comRule10Data Centerdankim.pm.f5.com2.3 Mmgmt1.1 Mglobal873 Kselfip632 Kvirtual559 Kvirtual546 Kglobal481 Kvirtual248 Kvirtual223 Kmgmt191 Kglobal

BIG-IQPricing2013Roadmap ProductGain Cloud VisibilitySupports BIG-IP LTM onlyF5-BIQ-CLD-VE-1kBIG-IQVE platform: 1000 Node LicenseAdditional BIG-IP AFMbenefitsSimplify Provisioning andConsolidate ManagementAvailable as a VE onlyF5-BIQ-CLD-VE-5kBIG-IQ ADF)VE platform: 5000 Node LicenseAdditional solutions (e.g.,Enable Flexibility with Third PartyManagement OrchestratorsSeparate from BIG-IQ SecurityF5-BIQ-CLD-VE-10kBIG-IQVE platform: 10000 Node LicenseAvailable as applianceor VEEnable Cloud BurstingCloud Connectors – VMwarevCloud Director and AmazonWeb ServicesBenefits DescriptionF5-BIQ-CLD-VE-MBIG-IQ VE platform: Max Cloud NodesF5-ADD-BIQ-CLD-VE1KBIG-IQ Cloud Software only: 1000 Nodes LicenseF5-ADD-BIQ-CLD-VE5KBIG-IQ Cloud Software only: 5000 Nodes LicenseF5-ADD-BIQ-CLD-VE10KBIG-IQ Cloud Software only: 10,000 nodes LicenseF5-ADD-BIQ-CLD-VEMBIG-IQ Cloud Software only: Max Cloud Node License

BIG-IQHostname:dankim.pm.f5.comIP Address:1.1.1.1Select Product:BIG-IQ CLOUD – VMware integrationBIG-IQ SecurityTMOS(c) Copyright 1996-2013, F5 Networks, Inc., Seattle, Washington. All rights reserved.

BIG-IQBIG-IQ – Vmware IntegrationBenefits Integrated offeringInterconnection and portabilitybetween traditional environmentsand cloudFlexible architecture thatsupports SDN and traditionalnetworkingAbility to host private clouds forsensitive data and outsourcenon-critical apps to public cloud

BIG-IQBIG-IQ – Vmware IntegrationBenefits Integrated offeringInterconnection and portabilitybetween traditional environmentsand cloudFlexible architecture thatsupports SDN and traditionalnetworkingAbility to host private clouds forsensitive data and outsourcenon-critical apps to public cloudShared Management Plane

BIG-IQBIG-IQ – Vmware IntegrationBenefits BIG-IQ Objects in vShieldIntegrated offeringInterconnection and portabilitybetween traditional environmentsand cloudBIG-IQ UIFlexible architecture thatsupports SDN and traditionalnetworkingAbility to host private clouds forsensitive data and outsourcenon-critical apps to public cloudVShield UI

BIG-IQBIG-IQ – Vmware IntegrationBenefits Integrated offeringIntegrated ApplicationBIG-IQ UIInterconnection and portabilitybetween traditional environmentsand cloudFlexible architecture thatsupports SDN and traditionalnetworkingAbility to host private clouds forsensitive data and outsourcenon-critical apps to public cloudvShield UI

BIG-IQHostname:dankim.pm.f5.comIP Address:1.1.1.1Select Product:BIG-IQ SecurityBIG-IQ CloudTMOS(c) Copyright 1996-2013, F5 Networks, Inc., Seattle, Washington. All rights reserved.

BIG-IQBIG-IQ SecurityBenefitsReduce operational overheadReduce errors and downtimeMitigate compliance risksMonitor policy effectiveness

BIG-IQBIG-IQ SecurityBenefits Manage multiple BIG-IP AFM devices from a single pane of glassReduce operational overheadClientsReduce errors and downtimeMitigate compliance risksBIG-IQSecurityMonitor policy effectivenessBIG-IP AFMBIG-IP AFMData CenterBIG-IP AFM

BIG-IQBIG-IQ SecurityBenefits Manage vicesand fromdeploya singleto selectedpane BIG-IPof glassAFM devicesReduce operational overheadReduce errors and downtimeMitigate compliance risksBIG-IQSecuritySelect policy: Select device:1DeployChanges2Monitor policy effectiveness3BIG-IP AFMBIG-IP AFMBIG-IP AFM

BIG-IQBIG-IQ SecurityBenefits Centrally manageCentralizedauditingfirewall policies and deploy to selected BIG-IP AFM devicesReduce operational overheadReduce errors and downtimeMitigate compliance risksBIG-IQSecuritySelect policy: Select device:1DeployChanges2Monitor policy effectiveness3BIG-IP AFMBIG-IP AFMBIG-IP AFM

BIG-IQBIG-IQ SecurityBenefits CentralizedMonitortop-10auditingand bottom-10 policies by hitcountReduce operational overheadReduce errors and downtimeMitigate compliance risksClientsBIG-IQSecurityMonitorSelect policy: Monitor policy effectivenessRule1Select curity .pm.f5.comRule5dankim.pm.f5.comRule6BIG-IP m.pm.f5.comRule9BIG-IP AFMBIG-IP AFMdankim.pm.f5.comBIG-IP AFMRule10Data Centerdankim.pm.f5.com2.3 Mmgmt1.1 Mglobal873 Kselfip632 Kvirtual559 Kvirtual546 Kglobal481 Kvirtual248 Kvirtual223 Kmgmt191 Kglobal

BIG-IQBIG-IQ Security TodayBenefitsReduce operational overheadReduce errors and downtime Monitor2013 top-10 and bottom-10 policies by hitcountSupports BIG-IP AFM onlyClientsMonitorRule1Available as a VE onlydankim.pm.f5.comRule2Mitigate compliance risksSeparate from BIG-IQ f5.comRule4Monitor policy BIG-IP dankim.pm.f5.comRule9dankim.pm.f5.comRule10Data Centerdankim.pm.f5.com2.3 Mmgmt1.1 Mglobal873 Kselfip632 Kvirtual559 Kvirtual546 Kglobal481 Kvirtual248 Kvirtual223 Kmgmt191 Kglobal

BIG-IQPricing2013Roadmap ProductReduce operational overheadSupports BIG-IP AFM onlyF5-BIQ-SEC-10-VEBIG-IQVE platform: 10 AFMs managedAdditional BIG-IP AFMbenefitsReduce errors and downtimeAvailable as a VE onlyF5-BIQ-SEC-25-VEBIG-IQADF)VE platform: 25 AFMs managedAdditional solutions (e.g.,Mitigate compliance risksSeparate from BIG-IQ CloudF5-BIQ-SEC-50-VEBIG-IQVE platform: 50 AFMs managedAvailable as applianceor VEBenefitsMonitor policy effectiveness DescriptionF5-ADD-BIQ-SEC10BIG-IQ Security Software only: 10 AFMs managedF5-ADD-BIQ-SEC25BIG-IQ Security Software only: 25 AFMs managedF5-ADD-BIQ-SEC50BIG-IQ Security Software only: 50 AFMs managed

BIG-IQ UI: Context AwareModern, innovative, intuitive UI– Centralized Search and Filtering– Show Relationships (brushing)– Create Relationships (drag anddrop)– Contextual Awareness– Simplified Navigation StructureInteractions with Creating new objectsF5 Networks Confidential

BIG IQ Security RoadmapSubject to ChangeRelease:v4.0 (Allagash)v4.1 (Bigtime)v4.2 (Chuckanut)Theme:Basic FW MgmtDeploymentDiagnosticsApril 2013Aug 2013Dec 2013TimeframeDevice Setup (licensing, usermanagement)BIG-IP Policy Support (Corona AFM)Login ‘portal’ to BIG-IQ, launch pad Scale to 100 devices, 1000 rules eachto Security CloudDeclaring Management AuthorityBIG-IP High AvailabilityAudit LogL3/L4 rule edit & deploy, singlepersonaBasic MonitoringL3/L4 Policy Change RollbackCoarse-grained RBACPolicy Diferrence ReviewBasic Multi-User Editing

BIG-IQZero provisioning for Private Cloud licensing pool forVE-EC2, Vmware vCloud Director, Openstack Connectors in BIG-IQ v4.3 (target December)EC2 demo currently targeted for BIG-IQ v4.2 (Bigtime release in AugustAbility to levarage private cloud licensing pools when working with VEScope and Scenario currently being refined

BIG-IQDevops integration (puppet/chef)- Rely heavily on F5 iControl for REST- BIG-IP iControl for REST- Early Access in 11.4 (Corona release)- General Availability in Vancouver release- BIG-IQ iControl for REST- First release in BIG-IQ v4.0 (release in April)- Next release in BIG-IQ v4.1 (release in August)- Leverage BIG-IQ to proxy iControl to BIG-IP- Consolidate- Single point of Auth

BIG-IQOpenstack-Connector currently targeted for BIG-IQ v4.3 (Chuckanut)BIG-IQ chuckanut release is currently planned for Dec 2013/Jan 2014Dependency on Fall/Winter release of OpenstackCurrent Scope to match level of integration with Vmware vCloud Director Integration- F5 iApps integration- These requirements will be more refined by Sept/Oct 2013

BIG-IQHostname:dankim.pm.f5.comIP Address:1.1.1.1Select Product:BIG-IQ SecurityBIG-IQ CloudTMOS(c) Copyright 1996-2013, F5 Networks, Inc., Seattle, Washington. All rights reserved.

BIG-IQWhat Is BIG-IQ?ArchitectureManagement PlaneData PlaneApplications

BIG-IQWhat Is Available Today?Architecture2013Management PlaneSecurityCloudData PlaneManagement PlaneApplicationsData PlaneEnterpriseManagerBIG-IQ FrameworkApplicationsBIG-IP AFMBIG-IP LTM