Contact information
Address
Chertsey Gate West
43-47 London Street
Chertsey
Surrey
KT16 8AP
Telephone: +44 (0)1932 582 000
Email: ukinfo@f5.com
Website: http://www.f5.com/
Press Releases
F5 and VMware Solution Yields 10x Improvement in Long Distance Live Migration Performance Using VMware VMotion
F5 Improves Customers’ IT Infrastructure Agility with BIG-IP Local Traffic Manager Virtual Edition
F5 Extends Application and Data Security to the Cloud
F5 Unlocks True Potential of ‘On-Demand IT’
Case Studies
Swisscom Provides Safe Internet Access to Schools Using F5 Solutions
Swisscom is Switzerland’s leading telecommunications provider, with 5.5 million mobile customers and 1.8 million broadband connections. To support Switzerland’s schoolchildren, Swisscom embarked on a project to provide free Internet access for all Swiss schools. With more than 5,000 primary and secondary schools in the country and a potential user base of 900,000 pupils and teachers, Swisscom needed a best-inclass solution for load balancing, URL filtering, proxy management, and security. The initiative had been widely publicized. Stability, performance, and reliability were the project’s highest priorities. F5® VIPRION® and F5 BIG-IP® Local Traffic Manager™ Application Delivery Controllers (ADCs) played a key role in helping
Swisscom deliver on its commitment.
Business Challenges
Swisscom wanted to provide all primary and secondary schools with free broadband Internet access. The company planned to assume the bulk of the installation costs and all charges, so that pupils and teachers could take full advantage of the Swisscom offering. With its Internet for Schools initiative,Swisscom saw the opportunity to fulfill its social responsibility as a major Swiss company by providing direct, long-term support for Switzerland’s education system.
The initiative would ensure that children in Swiss schools came into contact with the Internet at an early age and would begin to develop the media skills that are becoming increasingly important for their futures.
In a public-private partnership, Swisscom worked with federal and local authorities to connect all the country’s schools to theInternet. To connect the more than 5,000 primary and secondary schools, with a potential user base of 900,000 pupils and teachers, Swisscom needed a stable, high-performance, and reliable solution for
load balancing, URL filtering, proxy
management, and security.
Because most users would be children
and young people, a further important
consideration was the provision of accurate
URL filtering to protect users from viewing
inappropriate material. Each of Switzerland’s
cantons (federal states) has its own set
of policies regarding the type of content
allowed. For this reason, the solution needed
to be flexible enough to enable each canton
to adapt the system to its own requirements.
The initial project covered 5,000 schools,
with the remaining few hundred to follow
at a later date. With most potential users
wanting access at the same time—during
school hours—efficient load balancing was
a crucial issue.
Solution
Swisscom called on F5’s partner eXecure,
a systems house specializing in security
infrastructure, to provide design, product,
and implementation recommendations.
eXecure, which already had experience
with large-scale projects combining
security with flexibility and performance,
recommended F5 BIG-IP Local Traffic
Manager (LTM). eXecure supported Swisscom
in building out a test environment mirroring
the production environment and worked
with Swisscom in-house specialists to put
the solution through its paces.
In total, the project took approximately
nine months from inception to going live.
Although both Swisscom and eXecure
staff had made very generous estimates
of potential traffic levels during the design
phase, they were delighted to see that the
schools were making intensive use of the
Internet right from the outset.
“The initiative was so successful so quickly
that we had to act fast to expand it,” said
Martin Theiler from Swisscom’s Project
Management and Engineering department.
“With more than 4,000 HTTP requests and
a throughput of 2 Gbps, the traffic was
often more than 200 percent higher than
we’d initially planned.” As a result, the
second phase of the project—covering
increased bandwidth and additional
schools—had to be started much earlier
than projected.
The system continued to run, but it was
redesigned based on 10 Gbps technology
and resized by Swisscom together with
eXecure and F5. “This solution has been
running smoothly ever since then,” Theiler
said. “Handling this volume of requests
and throughput was quite a challenge,
especially in regard to the interoperability
of the products involved. This was where
F5’s support was crucial. They helped us
every step of the way. It was key to the
success of this project being delivered
on time.”
Today, Swisscom has connected more
than 5,600 Swiss schools to the Internet.
The schools are distributed across about
40 LANs and connected to Swisscom’s
IP‑Plus backbone with 40 firewalls. All of
the schools’ HTTP traffic is routed from
these firewalls to VIPRION proxy virtual
IPs (VIP). The backbone routers are directly
connected to the VIPRION systems’ 10 Gbps
interfaces.
The system has been set up with F5’s
patented cookie persistence technology.
This feature uses an HTTP cookie stored
on a client’s computer to allow the client
to reconnect to the same server previously
visited at a website. This is important
because approximately 100,000 concurrent
users are located behind just 30 IP addresses.
The VIPRION proxy VIP then balances the
load across 10 Blue Coat proxy appliances.
Using the Internet Content Adaptation
Protocol (ICAP) request/response protocol,
the proxy appliance sends requests, through
a virtual server on BIG-IP LTM (ICAP VIP),
to eight McAfee Web Gateway devices
(formerly known as Webwasher).
The firewalls’ source IPs are used as a basis
for defining McAfee Web Gateway policies.
This is important because each canton is
responsible for defining its own thresholds
regarding certain types of content, such
as violence. For DNS name resolution,
the relevant DNS requests are distributed
across four DNS servers through two virtual
servers (TCP/UDP).
Swisscom has repurposed the initial, smaller
solution for future managed security
services. It is used for beta tests of cloudbased
security solutions for customers.
Benefits
Switzerland’s schools benefit from robust,
stable URL filtering in which F5’s solutions
play a central role.
“This is something of a flagship project,
given its extent,” said Theiler. With about
900,000 users in total—of which more than
100,000 are concurrent—the system is one
of Switzerland’s largest centralized web
access and security initiatives.
“Since the implementation was concluded,
the system has been running smoothly and
is extremely stable,” added Theiler. “It is
exactly right for our requirements. We’re
particularly impressed with its reliability and
scalability, enabling us to extend it whenever
we need to.”
F5’s VIPRION chassis-and-blade hardware
is particularly well adapted to projects
requiring scalability, like the Swisscom
schools initiative. Processing power can be
increased by simply plugging an additional
blade into the device without interrupting
any applications.
As Christoph Loitz, Senior Account Manager
from eXecure, concluded: “This was a huge
swisscom-cs.pdf 760.60 kB
RHWL Architects - Gains 5000+ Hours of User Productivity with Automated Storage Tiering from F5
RHWL is a multi-skilled architectural practice, renowned for designing a broad range of buildings from sports stadiums and theatres to residential developments and commercial premises. It has approximately 130 employees based at offices in the UK and Germany. Its architects create large, technical documents embedded with images and diagrams. These huge files can place a considerable strain on servers and rapidly consume available storage capacity.
The company found itself struggling to meet the need for additional capacity while attempting to manage its storage budget. Users were often disrupted as IT shuffled files and archived files offline to salvage enough storage capacity to operate. By implementing F5 ARX to manage its file storage more effectively, RHWL achieved time, productivity, and cost savings, with an expected time to
ROI of less than one year.
Business Challenges
RHWL’s IT infrastructure consists of multiple servers running Microsoft Windows applications and a range of specialist computer-aided design (CAD) and image manipulation packages. In addition, the company has a storage area network (SAN), which holds the majority of its file storage. A high-speed wide area network (WAN) provides a vital connection between the London and Berlin offices.
As the company grew and started to work on more and more projects, it began to face
a series of challenges in its UK office. “We were continually running out of storage space on our SAN solution,” says Dave Allerton, IT Director at RHWL. “As a result, we had to do emergency archives of data that, ideally, we would have preferred to have kept online.” Soon, these “emergencies” became an almost weekly event. “They started to take up a lot of time in the IT department and also inconvenienced employees,” explains Allerton. “Taking files offline required
interacting with the architects to ask them which folders we could offload. Then, just
as we finished offloading and freeing capacity, we would invariably need to refer to plans and documents that had just been archived, and then the IT team would have to reverse the process. This cost the business a lot of money in terms of wasted IT time, wasted architects’ time, and possible delays in design projects.”
Additionally, every Friday, RHWL performs a complete backup of all of its files, with smaller incremental backups occurring during the week. “This process was causing problems for us as well,” says Allerton. “The weekly backup was taking so many tapes and taking so much time that we were struggling to accomplish it during the course of a weekend.”
Solution
RHWL realised that it needed a better longer-term storage solution. “The obvious choice would have been to expand the capacity of our SAN,” explains Allerton. “But this required spending another several hundred thousand pounds on new storage, which we just did not have in the budget.” The company decided to consider other alternatives and Allerton began researching automated tiered storage solutions.
“My main criterion was that the new solution had to make financial sense,” says Allerton. “We didn’t just want to add more space; we wanted to reduce the cost of storage per gigabyte and gain a solution that would be much more scalable to support our future growth.”
After reviewing the solutions offered by a number of IT vendors, RHWL selected F5’s ARX500. This intelligent file virtualization solution provides an easy way for organisations to access, move, and manage data across multiple servers. “F5 came out more cost effective by far,” notes Allerton. “F5 also had experience in delivering solutions to other architect firms and businesses facing similar challenges to RHWL.”
ARX enables companies to define their own policies for managing stored data across servers, generally based on age, type, and frequency of access characteristics. RHWL can adjust its data archive to suit its business needs and make changes to it, on the fly if necessary. Allerton explains, “I carried out an analysis of our files and found that many of them hadn’t been touched in more than six months. We were able to set up the F5 ARX to migrate different files to different platforms, according to how recently they had been modified.” He continues, “Initially we set up the solution to archive files that hadn’t been modified within 12 months, but we can increase or decrease this time period whenever we want to. We can also elect to migrate documents based on file type. The solution gives us all sorts of flexibility.”
Benefits
RHWL worked closely with F5 and one of F5’s partners, TecTrade Computers Limited, to implement the ARX solution. The project went very smoothly. “I don’t think that employees within the firm were even aware that any changes had been made,” says Allerton. “That was a real win from my point of view. The individuals from F5 that we worked with were very flexible and knowledgeable.”
With its new solution in place, RHWL no longer has to perform lengthy and costly backups at the end of each week. “Our weekend backup times have dropped from 14 hours to just one and one half hours,” reports Allerton. “This creates a saving in time as well as in the cost of tapes.”
As part of the total solution, RHWL purchased one new lower-cost storage array for tier 2 storage. However, most of the additional capacity the company has acquired has come from making better use of its existing server capacity. The ARX solution maximises utilization and organises files, so that RHWL doesn’t have to constantly migrate files to archives. “There’s no more crisis management of storage space,” says Allerton. “Users don’t run out of disk space anymore.”
While the F5 solution has made a big difference in the IT department, it is business as usual for the architectural teams. “The solution is very transparent from a user point of view,” adds Allerton. “Users still see their files where they are accustomed to seeing them, regardless of their physical location on our network. Performance at the user level is as good as or better than before, and we are no longer interrupting their work to archive files.”
RHWL estimates that its use of ARX will increase employee productivity by more than 5,000 man-hours per year, while also enabling the business to put off purchasing costly tier 1 storage in favour of cheaper options. “The total cost of the ARX alternative was miniscule compared to the likely cost of expanding our SAN,” Allerton says. “We expect to achieve a rapid return on our investment and are confident that
we made the right decision in selecting F5.”
rhwl-architects-cs.pdf 280.93 kB
Suzuki Manufacturing Builds a Storage Environment for Agility and Growth with F5 ARX
Business Challenge
With file data growing at 50 percent annually, American Suzuki Motor Corporation was finding it difficult to manage data effectively. Its Windows environment supported more than 1,000 users for file sharing, many of whom complained about performance when accessing their shares. Data migrations could take at least a week, eating up IT resources and creating downtime for users. Backups had become problematic as well.
“We have 12 hour backup windows, but backups were taking 18 hours to complete. I was always chasing those hours,” recalls Charles Chen, Lead Analyst at American Suzuki Motor Corporation.
To address these issues and create a more agile infrastructure that would adapt to ongoing storage growth, the IT team consulted with Trace3, its trusted technology partner.
“We know we cannot stop data growth, so we had to come up with a plan to deal with it,” Chen says. “We decide to move to NetApp NAS and incorporate ILM technology so we could separate the data that we really cared about from the data that was less critical to us.”
Solution
Trace3 recommended F5’s ARX solution to facilitate the transition. By introducing intelligent file virtualization into the file storage infrastructure, ARX eliminates the disruption associated with storage administration and automates many storage management tasks. The result is a dramatic improvement in cost, agility, and efficiency. “When I heard what ARX could do for us, I was amazed. I can’t think of a better word for it,” Chen says.
Chen was impressed with how well ARX complements the NetApp device, highlighting NetApp deduplication and ARX virtual snapshots in particular. “We dedupe everything and perform a virtual snapshot of all file shares as well. The ARX device works hand-inhand with NetApp technology. ARX schedules the physical snapshots on the NetApp device, and file restore is a snap—real quick!”
Chen credits the smooth implementation to ARX’s solid architecture, and the expertise of the F5 storage expert who managed the process. “I have never seen anybody, from any company or professional services organization, like the F5 field systems engineer we worked with,” he says. “He arrived here and got right to the point. He didn’t waste time. He was very efficient, and we really liked that. The configuration help we got from him was tremendous. As a result, it took just a few hours to install, and then another day or so to configure the rest of the environment.”
Benefit
ARX has enabled American Suzuki Motor Company to meet its users’ expectations for performance while also streamlining data migrations, reducing overall storage costs, improving backup procedures, and enhancing data management.
Seamless migration from Windows to NAS
A key part of American Suzuki Motor Company’s plan to boost agility was to transition from its Windows environment to NetApp NAS. Using ARX’s automated data migration policies, the company was able to execute the migration without downtime. “We did the migration one share at a time, in the middle of the business day. No one even noticed,” Chen explains. “It saved us at least a week of work.”
Strategic storage tiering
The day the data migration was complete, the IT organization implemented the age-based storage tiering strategy it had developed with Trace3. All files six months old or less stay on Tier 1 Fibre Channel storage. Older data is automatically moved to more cost-effective Serial ATA (SATA) devices. Data movement is transparent to users, who continue accessing files as they always have.
The policies resulted in nearly 80 percent of the data immediately moving from Tier 1 to Tier 2, freeing up Tier 1 capacity and eliminating user complaints. It also gave the company greater freedom of choice for new disk investments. "It doesn’t matter what kind of storage is on the back end. We are going to have to purchase more storage to accommodate the capacity demands, but with this strategy in place we’ll be purchasing lower-cost storage,” Chen says.
Reduced backup windows and costs
Storage tiering enabled American Suzuki Motor Company to tackle its backup problems. Instead of doing weekly backups of all data, the company now performs weekly backups of Tier 1 data only, and backs up Tier 2 less frequently. This reduced backup times from 18 hours to 1.5 hours, and resulted in considerable savings in tape costs. “We back up less, use less, spend less,” Chen says.
Greater visibility
American Suzuki Motor Company uses F5’s Data Manager storage management software to see which file types are being created, who’s creating them, how quickly they age, and which resources they consume. This information is invaluable for identifying trends, creating effective file management policies, and making better decisions. “Data Manager tells you everything you need to know about the file environment,” Chen says. “To fully utilize what ARX can do in terms of ILM, you have to know what youhave inside your file share environment. With this visibility we can classify file formats in avery granular way, based on utilization.”
Simplified data management and reliable support
Senior Network Analyst Tim Lee credits ARX with lightening the storage management burden and improving user access to data. “After implementing ARX, our users are happy. They never complain about file shares being slow anymore because it’s so easy for us to create shares when we need them. We just set it up and forget about it,” Lee says. Lee is also pleased with the reliability and flexibility of the ARX solution.
“We haven’t had to call support very often, but when we have had an issue it has been resolved very quickly,” he notes. “The ARX technology is stable and reliable, and the phone support is top-notch.”
suzuki-cs.pdf 259.64 kB
Joyent - “Without BIG-IP LTM, we wouldn’t have had a business, to be honest.”
One of Web 2.0’s ultimate web services is cloud computing—super-scalable Infrastructure as a Service (IaaS). Joyent, Inc. has developed a fast-growing business and is especially known for its secure, enterprise-grade IaaS cloud that is application-aware and built on open source code and standards.
Business Challenge
Joyent’s compelling value proposition has led to its explosive growth. For as little as $45 per month, any one of Joyent’s more than 25,000+ customers can, on demand,
tap into as many as eight CPU cores at once, 32 GB of RAM, and 10 Gbps throughput.
For little cost, customers get a virtual slice of a multimillion-dollar IT infrastructure, most of which is available to them if their applications need to scale quickly. So, without large capital outlays and any long-term vendor contracts, Joyent customers can host and scale their applications easily and cost-effectively, all with tremendous flexibility and business agility.
The customer that best illustrates Joyent’s scalability is LinkedIn, which hosts its wildly successful Facebook application Bumpersticker on Joyent’s IaaS. The largest Ruby on Rails application ever, Bumpersticker grew to more than one billion page views a month within two months after launch.
Behind this kind of dynamic scale and capability are “Joyent Accelerators,” a range of virtualized servers and virtual data center architectures. According to Joyent CTO and founder Jason Hoffman, his company needed much more than load balancing to manage these servers and all the various traffic generated by its many customers. Because customers use Joyent’s open cloud to deliver applications, Joyent’s architecture needed to be application-aware.
Solution
“BIG-IP LTM is the only Application Delivery Controller capable of scaling to handle the thousands of back-end systems Joyent needs to thrive,” he added, noting that Joyent load-balances thousands of instances of web and application servers. “Without BIG-IP LTM, we wouldn’t have had a business, to be honest.”
Joyent deployed active/passive pairs of F5 BIG-IP LTM devices in front of its Joyent Accelerators, which are built on a custom distribution of OpenSolaris. These operate within a network environment based on Force 10’s super-fast and highly reliable core switches and routers.
Joyent also uses iRules’ powerful yet simple scripting capabilities for quickly and easily developing traffic regulations and security policies. “For security, it’s better than any hardware-based firewall I can put in front of a customer’s accelerator,” he said.
“Application connection inspection like what BIG-IP LTM provides is simply not available anywhere else,” said Hoffman. “With a simple iRule that might be just five lines long, we can scrub out data like Social Security or credit card numbers with virtually no impact on performance.”
Benefits
Hoffman noted that BIG-IP LTM and iRules have been the foundation to Joyent’s business of providing cost-effective, highly scalable cloud computing to its customers. “There’s nothing like BIG-IP LTM,” he said.
•Up to 80% traffic reduction
iRules’ programming flexibility and precise application delivery control have enabled Joyent to provide a computing cloud that is application-aware. Hoffman noted, “iRules ended up becoming a critical component for scaling the LinkedIn app to the billions of page views it invokes each month…we fired those up and pretty much 80 percent of the traffic diminished immediately.”
He explained that the BIG-IP LTM devices processed five short iRules one billion times for each page request that came in and the devices’ CPU graph stayed flat. In effect, by sitting on the edge of the Joyent open cloud, BIG-IP LTM takes the load off the application and servers, enabling them to focus on serving non-repetitive requests. This makes it possible to keep applications up and running while giving application developers breathing room to work on enhancing the scalability of their applications.
•On-demand scalability
Hoffman said that Joyent’s cost-effectiveness is not as much a value to its customers as is
the flexibility Joyent’s open computing cloud provides, thanks in great part to BIG-IP LTM. “Value emerges in how Joyent can give customers the ability to scale up and down based on business needs,” he explained. “You can go from a 2 Mbps application to a 10 Gbps Top 50 website pretty much on-demand, but without a long-term contract or having to rewrite your application for our open cloud.” With BIG-IP LTM operating at the edge of its open cloud, Joyent can offer its customers virtually limitless scale.
•Rapid payback in as little as 3 months
Determining a specific return on the investment is difficult, according to Hoffman, because the Joyent open cloud has so many components. But he estimated that inside a two-year timeframe, Joyent generates revenues equal to 200 to 300 percent of its BIG-IP LTM investment. “Typically,” he said, “in a three-to-six-month period, BIG-IP LTM devices have paid for themselves.”
joyent-cs.pdf 224.40 kB
BlueLock Launches Unique Virtual Cloud Computing Platform Using VMware Virtualization and F5 BIG-IP LTM
Business Challenges
In establishing its unique virtual cloud computing platform in 2007, BlueLock’s vision was to provide hosting and recovery services that would enable clients to take a modular and scalable approach to their IT infrastructure and its related costs. In typical IT environments, companies generally assess the highest potential load they might reach at any time, purchase the entire infrastructure required to handle thatdemand, and then pay ongoing operating costs to maintain the full infrastructure regardless of the level of utilization.
“We wanted to remove the capital expense and procurement headaches of the IT infrastructure for our clients,” says John Qualls, President and CEO of BlueLock. He gives the example of an e-commerce site that may use four times more of its infrastructure during the holiday season than during the rest of the year. “We wanted to be able to turn that on for them on demand and then turn it back down along with their costs.”
To achieve this, BlueLock focused on creating an almost entirely virtualized architecture that would be capable of very rapid provisioning while maintaining performance and business continuity for its clients.
Solution
BlueLock built its architecture around a “virtual cloud” running from two data centers in Indianapolis and Salt Lake City. Virtual servers are created using the VMware ESX hypervisor, and F5 BIG-IP LTM provides load balancing and SSL offload for the
virtual servers.
VMware enables BlueLock to provision as many virtual servers as needed for a client’s reserve capacity. Configured virtual servers are added to the BIG-IP LTM pool and are automatically activated when the load on the primary pool of servers reaches a specified level. As new virtual servers use up the hardware they’re on, the servers are automatically moved onto additional dedicated hardware.
“We can just keep expanding the environment horizontally on demand to handle whatever level of traffic the client is experiencing,” says Pat O’Day, Chief Technology Officer at BlueLock.
Having worked with F5 for about eight years, BlueLock’s founders chose BIG-IP LTM for its long-term reliability, scalability, and performance. “Very simply, we knew it would work. When you start a new business, you need to build it on a solid foundation,” says Qualls. “From a cloud computing standpoint, we knew our F5 investment would last and that we’d be able to put a lot of clients on the same architecture.”
BIG-IP LTM maintains high performance and availability as it seamlessly delivers traffic
to virtual servers and users—all vital factors in the success of BlueLock’s platform. BIG-IP LTM also provides essential network-based data that gives BlueLock clients current, detailed information about their utilization and capacity.
Benefits
BlueLock’s virtualized environment enables the company to provide cost-effective IT infrastructure services while ensuring that clients’ infrastructures always meet their business needs. BIG-IP LTM helps BlueLock take full advantage of the efficiencies and opportunities its virtualized environment offers.
Optimizing the virtualized environment
Using VMware to create virtual machines that use hardware re-sources very efficiently is an important step in BlueLock’s virtual cloud computing platform. BIG-IP LTM provides: intelligent traffic management that efficiently distributes traffic across virtual machines to optimize server utilization. By offloading SSL processing from the virtual servers, BIG-IP LTM also frees up server capacity to handle other processes.
“BIG-IP LTM helps us maximize the efficiency of our virtual environment so we can pass those efficiencies along to our clients, all while ensuring the high performance and availability that our clients require,”
says O’Day.
Very rapid provisioning
Another essential feature of BlueLock’s business is the ability to scale capacity very quickly as clients’ business needs change. “To meet our clients’ business requirements, we need to be able to scale up and scale down very quickly with no disruptions. The only way we can do that is with the architecture we’ve built using VMware and F5 BIG-IP LTM,” says O’Day.
Network awareness
BIG-IP LTM offers detailed network data that gives BlueLock a clear look at the health of the virtualized environment. By applying this data and data from VMware VirtualCenter to its provisioning algorithms, BlueLock has a unique and highly accurate means to ensure the high performance and continuity of its clients’ services.
This data is also incorporated into each client’s Vital Signs GUI. “At any time, a client can log into their portal and see exactly what their load is and really the Nth degree of detail about what’s going on in their environment,” says Qualls.
Selling and upselling
Qualls points out that BIG-IP LTM and the F5 name are important selling points for BlueLock. “We do have to sell our service to every new client, and having the best of breed in the marketplace certainly helps,” he explains. In addition, load balancing and SSL offloading present BlueLock with the opportunity to increase monthly recurring revenue by up to 15 percent. O’Day adds, “It not only helps us win opportunities, but it increases the size of those opportunities because we’re able to offer services our competitors don’t have.”
bluelock-cs.pdf 228.92 kB
PensionsFirst Delivers Secure and Scalable Web Application Access with F5 BIG-IP Solutions
Business Challenges
To better meet the needs of the company’s
rapidly growing customer base, the IT team
at PensionsFirst made a strategic decision
to move from a traditional client-server
architecture to a web-based application.
Their most immediate need was to find
a load balancing solution to ensure high
performance and reliability for users
accessing the web application, which
processes an extremely large volume of
financial data.
At the same time, the team was also
exploring new methods of handling the
two-factor authentication they had in
place to provide secure access to the
application. While the SSL VPN appliance
they were using was solid and reliable, it
was not scalable. “It met our needs, but it
wasn’t something we could upgrade,” said
Dean Newman, Director of Information
Technology at PensionsFirst. “We would
have reached a cap and then had to redesign
the environment.”
With this view to scaling with anticipated
growth, the team also wanted to minimize
the complexity of the environment and find
solutions that would not increase the overall
management burden.
Solution
On the recommendation of its technology
partner Dell, PensionsFirst initially looked
at F5 BIG‑IP® Local Traffic Manager™ (LTM)
to load balance the web application traffic.
As discussions with Dell and F5 progressed,
it became clear that the F5 BIG‑IP® Access
Policy Manager™ (APM) product was an
excellent fit to provide a more scalable
and manageable means to support the
company’s security authentication needs.
PensionsFirst purchased BIG‑IP LTM with
the BIG‑IP APM module.
BIG‑IP LTM manages web application traffic
to ensure that the PFaroe application always
delivers the fast, secure, and reliable online
experience pension managers need to access
their critical risk management information.
Users access the application through a log-in
portal that secures customer data by requiring
two-factor authentication, which BIG‑IP APM
supports as a result of its ability to integrate
with a wide range of user directory and
authentication servers and services.
With authentication, authorization, and
accounting control on the BIG‑IP system,
PensionsFirst is able to separate access
security from the processing environment
and manage it at the network level.
“We’ve built an iron fence around our web
application with BIG‑IP APM,” Newman
said. “It not only secures the application;
it helps us manage the traffic and the user
experience.”
PensionsFirst also takes advantage of F5’s
iRules® custom scripting language to modify
traffic to further protect its application
through resource cloaking. By selectively
filtering and blocking server headers and
codes that could reveal information about
PensionsFirst’s infrastructure, iRules prevents
malicious users from being able to find
vulnerabilities.
Benefits
By implementing the BIG‑IP solution with
the BIG‑IP APM module, PensionsFirst is
providing its customers with the top-level
security and performance they demand, and
has positioned its IT infrastructure to meet
rapid growth efficiently and cost-effectively.
Tier 1 security and compliance
The F5 solution has helped PensionsFirst
deliver the cutting-edge service that its
customers are seeking. Many of its users are
in Tier 1 organizations with very stringent
security and performance requirements.
“Our customers expect us to treat their data
in the same way they have to, with the same
level of security and compliance,” Newman
explained. “In choosing F5, we knew we had
selected a partner that would help us provide
the most secure, reliable, and performancebased
system that we could.”
Simple and efficient manageability
Newman finds that one of the most
compelling features of BIG-APM is the
Visual Policy Editor, an intuitive interface
for creating and managing access policies.
“We like its visual simplicity. You can see a
rule and know exactly what each step does,”
Newman said. “We have big aspirations as an
organization, so anything that can streamline
the efficiency of the IT operations team and
help us scale is very valuable to us.”
Scalability and a roadmap for the future
BIG‑IP APM offers multi-gigabit SSL
encrypted throughput that will enable
PensionsFirst to continue securing sensitive
customer data through an enormous amount
of growth. But scalability is about much
more than just security for PensionsFirst.
Newman says the company is also planning
to benefit from the ability to add modules to
gain more services from the BIG‑IP system as
it continues to expand.
“F5 offerings have provided us with a
roadmap to meet our strategic goals in terms
of business growth,” Newman explains. “Our
initial investment is protected because we
can continue adding services on the BIG‑IP
system as we require them without having
to reengineer our security environment.”
With the company’s second data centre
completed, Newman expects that BIG‑IP®
Global Traffic Manager™, which optimizes
the user experience by routing traffic to
the best-performing data centre, will be
an essential component in maintaining
business continuity. And in addition
to the performance-boosting BIG‑IP®
WebAccelerator™ product, PensionsFirst is
considering the BIG‑IP® WAN Optimization
Module™ to help manage data replication
and mirroring for its huge volumes of data.
“We’re going to create tens if not hundreds
of terabytes of data,” Newman said. “F5
is helping us with our ultimate goal of
protecting the infrastructure of the systems
and the data that reside on them, 24 hours
a day, seven days a week.”
Long-term ROI
While the IT team could have made the
previous security solution work to meet
its immediate needs with a lower budget,
they chose F5 solutions in anticipation of
future benefits that will continue to pay off
at every stage of the company’s growth.
Newman explained, “Long-term, we expect
the BIG‑IP system will save us time, money,
and resources in not having to redesign the
environment as we grow.”
pensionsfirst-analytics-cs.pdf 647.49 kB
Whitepapers
The ROI of Application Delivery Controllers in Traditional and Virtualized Environments
Solutions that provide a quick ROI along with significant technological benefits do exist. The trick is finding these solutions and proving that the ROI model is valid for almost every case.
"Server offload” moves computationally intensive (CPU and memory) processing that would normally be handled by servers to an external platform. This report explains how modern offload technologies in Application Delivery Controllers can drastically reduce expenses in traditional and virtualized architectures, with a fast ROI.
Whether you are looking to consolidate physical resources and create a virtualized data center, or you’re sticking with a tried-and-true traditional architecture, the ability to forestall additional capital expenditures through the implementation of server offload techniques can only improve your financial efficiency—while maintaining or even improving availability, capacity, and performance.
Assume 100 servers, each costing an average of US $2,500, consume 150 watts of power at an average cost of 10.6 cents per KwH1 , and cost the organization $2882 a year in administrative costs. As this paper will show, reducing the number of servers from 1,000 to 600, while servicing the same number of users at the same performance levels, results in a full return on a $200,000 investment in about 10 months. The savings that achieve this ROI come from the reduction in power and management costs those 400 servers would have required. Future savings can be calculated by reducing the projected growth in server count and applying the same cost savings to those servers as well.
ROI of Application Delivery Controllers in Traditional and Virtualized Environments.pdf 299.50 kB
Create a Smarter Storage Strategy
How building a smarter storage infrastructure based on the business value of data can enable you to address your data storage requirements efficiently and at the lowest cost.
Once you understand your data, the next step is to execute on that understanding and map business value to different types of storage. This requires flexibility to not only place files on specific storage tiers as they are created, but also to move them as their value changes.
Data Manager is a powerful software tool that gives you the ability to look deep inside your storage environment. It monitors your file data and discovers information you need to proactively manage your storage. Rich data profiling capabilities and powerful reporting tools help you identify trends in your file data so you can improve capacity planning and forecasting, create effective file management policies and uncover optimization opportunities.
As an intelligent file virtualization device, ARX gives you the ability to move file data without disrupting user access to that data. This gives you the flexibility to make changes in your storage environment to respond to changing business needs. ARX devices include “set and forget” data management policies that automate the movement of data between tiers without downtime, and without ever impacting user access to data. ARX is available in four hardware platforms, each with the same virtualization and automation capabilities, for performance and scalability for any storage environment.
To learn more about Data Manager and ARX, please visit www.f5.com/products.
Smarter-Storage-Strategy-wp.pdf 234.48 kB
The Optimized and Accelerated Cloud
As more organizations begin moving applications into the cloud, congestion will become an increasingly critical issue. F5 offers solutions for optimizing and accelerating applications in the cloud, making them fast and available wherever they reside.
optimized-accelerated-cloud-wp.pdf 823.53 kB
iControl - automated, integrated, and flexible platforms
With the advent of cloud computing concepts, whether deployed “in the cloud” or “in the data center,” it has become even more important to tightly integrate the network infrastructure into the workflow processes that enable, disable, create, remove and migrate applications in a variety of containers both virtual and non-virtual. For F5’s application delivery platform, that integration is realized through the use of iControl.
iControl is a Web services-enabled open API providing granular control over the configuration and management of F5’s application delivery platform, BIG-IP®. iControl, like other SOA and Web services-enabled solutions, can be used by virtually any platform capable of integrating via SOAP (Simple Object Access Protocol). It can be used to build custom management and monitoring applications, to integrate with business process management (BPM) and other workflow applications, and can be integrated directly into applications to provide better control over the delivery of the application. It also integrates with virtual computing platform management tools like VMware vCenter and Microsoft System Center Virtual Machine Manager (SCVMM) to help orchestrate the automated provisioning and de-provisioning of applications that can be used to build private and public cloud computing environments.
Using iControl you can control the way your application is delivered based on factors you define. You can modify the F5 BIG-IP device’s configuration in myriad ways, including:
• Adding servers dynamically to an application pool
• Stopping requests from going to an application server
• Changing the way requests are routed to servers
• Influencing the choice of servers based on current application or server load
iControl-wp.pdf 944.17 kB
Products
F5 ARX Series
F5 ARX® Series Virtualization enable businesses to manage the rapid growth and complexity of unstructured file-based information by automating data migration, storage tiering, replication, and storage load balancing tasks. Leading global companies have expperienced dramatic improvements in cost, agility,and business efficiency.
Reducing Storage Costs with F5 ARX.pdf 652.01 kB
BIG-IP Edge Gateway
F5 BIG-IP® Edge Gateway™ is an access solution that brings together SSL VPN remote access, security, application acceleration, and availability services for remote users. BIG-IP Edge Gateway drives identity into the network to provide context-aware, policy-controlled, secure remote access to applications at LAN speed.
As the industry’s most secure and accelerated access solution, BIG-IP Edge Gateway can help your organization deliver peak performance levels to
users accessing the applications and networks that are critical to your business.
Features include
· Secure accelerated remote access
· Network, application, and content rewrite access
· Acceleration and optimization services
· Endpoint security and customization
· Comprehensive remote access authentication
· Authorization – dynamic L4 and L7 ACL policy enforcement
PO_big-ip-edge-gateway-overview.pdf 508.04 kB
BIG-IP Local Traffic Manager
BIG-IP® Local Traffic Manager™ is an Application Delivery Networking (ADN) system that provides the most intelligent and adaptable solution to secure, optimize, and deliver applications to help you effectively and competitively run your business.
