2. Data Center Journey over the Past Decade!
2
Consolidation Virtualization Convergence Cloud
New IP
Business Dynamics Act as a Catalyst for Network Change
2000 2010 20142007
Data Center
in a Rack
Today
3. New IP—Transformation of the Network
Enabling a new way of doing business
3
Technology Excellence
Open with a purpose
Innovation centric, software enabled
Ecosystem driven
Your own pace, your own way
Business Excellence
Unleash the Power of Network Today, to Be Future Ready
BUSINESS IT
5. Software Defined Networking (SDN)
A Programmable Network—Design, Build, Manage
5
Data Plane
Control Plane
Basic Network Services:
Topology Mgr, Switch Mgr, Host Tracker, Stats Mgr
Advantages
• Logically centralized view of
the overall network
• Improved interoperability
and manageability
• Enable users to develop and
deploy unique capabilities
for their network needs
REST APIs
Network protocols like OpenFlow
Applications and Orchestration Frameworks
6. Network Functions Virtualization (NFV)
6
Hardware Software
Router
VPN
Firewall
Advantages
• Virtualize the network
devices to create multiple
virtual functions for various
network appliances
• Enable service innovations
and meet service SLAs
• Reduce CAPEX/OPEX
8. Brocade SDN Controller
Leading open source SDN Controller—Part of open, modular portfolio
8
Designed for an open, multivendor world
• Each layer can be selected independently
• No platform or northbound dependencies
Simple on-ramp to SDN
• Low-risk investment protection
• Smooth installation and maintenance
Collaborative innovation
• Joint and custom app development
• Bridge to OpenDaylight community
Rapid Service Delivery
Brocade SDN Controller is an
open-source SDN Controller built
directly from OpenDaylight.
9. Brocade vRouter
Increase networking agility and connectivity with improved ROI
9
100M+
Production
Hours
Proven High Density with
Breakthrough Performance
Brocade vRouter is the first virtual router
capable of providing advanced networking
and security in software with scale, reliability,
and performance.
High ROI and efficiency
• Proven high VNF density of vRouters
in single server
• Low CPU consumption provides
headroom for other VNFs
Delivers breakthrough performance
• 80Gbps line rate on single vRouter
• Advanced enhancements with Intel DPDK
High versatility
• Single product, multiple functions for Cloud & SP
• Cloud network segmentation, Secure gateway services
and Workload and Subscriber firewall
10. Brocade Virtual Application Delivery Controller (vADC)
Fast, secure, available applications
10
Flexible Licensing for Enterprise
Capacity Management
Brocade Virtual Application Delivery Controller
(vADC) solutions help ensure predictable high-
performance for applications whenever and
wherever they are deployed.
Purpose-built for the Cloud
• Deploy in any Hybrid Cloud architectures
• On-demand application delivery—ADCaaS
• Established CSP partnerships—Azure, AWS,
Rackspace, Joyent, etc.
Process automation
• Easy, consistent deployment of Service templates (LBaaS) and
service isolation with centralized mgmt.
• Usage visibility—metering and billing capabilities
for chargeback
• Integration with key orchestration tools—OpenStack,
VMware NSX and Brocade SDN Controller
Hyperscale and Performance on Demand
• Highest Layer 7 throughput for software (50GB/node)
• Unique web application security solution
11. The Brocade vADC Family
A Comprehensive Approach To Application Delivery
11
• Load Balancer / Traffic Manager / ADC
• Provides reliability, availability, offload,
security, scripting, and more
• Traffic Script
• Web Application Firewall
• Defends your web applications against
Layer-7 attacks
• Elastic and adaptive services
director
• Automates licensing, &
metering of ADC services
• Disruptive licensing model
Services Director
VirtualTraffic Manager
VirtualWeb Application Firewall
Web Acceleration
• Web acceleration
• Image and content compression and
caching
12. Brocade Services Director
• Enterprise capacity management
• Unique Capacity Pooling Provides Unmatched Flexibility and Scalability
12
13. Making Capacity and Resource Mgmt Easy
Unique usage-based
licensing model
Dynamic resource and
capacity allocation for
changing workload
Drill down to usage reports
and export billing data for
chargeback
Resource and
Services View
Capacity
Allocation View
Services, Catalogue,
Diagnostic, Active,
and Systems View
14. Brocade Virtual Traffic Manager
• High Performing L7 Based Load Balancing
• Automated/orchestrated ADCaaS solution
14
In the Beginning:
Direct Client/Server
You Need Scale and Availability
Huge increase in users Apps are always up and running
…
…
…
ADC Per App Architecture
15. Unmatched Ability to Cluster
15
Improved performance and reliability
Even better performance and reliability
BROCADE’S ABILITY TO CLUSTER.
17. TCP
IP
Business
Logic
HTTP
Web App
Firewall
Business
Logic
HTTP
TCP
IP
Network Firewall
Business
Logic
HTTP
TCP
IP
Reverse Proxy
Traditional network firewalls:
• Operate at TCP/IP level
• Opening/closing ports
Reverse proxies, next-gen firewall and DPI
• Allows / blocks users and applications, traffic
patterns
• Limited view of business logic
• Fails PCI DSS requirement
Web application firewalls look beyond
TCP/IP
into application-level security:
• Business logic inspection
• HTTP content
• Dual-mode “Detect & Protect” security
Network firewalling has become commodity, the trend has been to move
to application layer attacks
Source: 10.1.1.42:3231
Destination: 192.168.1.12:80
Sequence Number: 32234
POST /Account/Profile
Host: www.onlinebank.com
Cookie: Sessionid = 172347
Action=transfer_mon
ey&from_account=1
3654&to_account=3
2165&amount=1000
USD
Brocade Web Application Firewall
18. • A scalable, application-aware Layer 7 security solution
• Offers highest protection and performance in web and cloud application security
• Allows customers to mitigate web application security threats in a scalable manner
• Distributed WAF
18
Web Applications
Hacker
User
vWAF
Brocade Web Application Firewall
20. 20
Web applications present unique challenges…
A 1-second delay in page load time
7% loss in conversions
11% fewer page views
16% decrease in
customer satisfactionIf your site earns $200,000 per day, you
could lose up to $5M in annual sales
Source: Aberdeen group
21. Automate Web Performance best Practices
Dynamic
Layout
Compress
• JavaScript & Stylesheet shrinking
• Image resampling
• Metadata removal
• Dynamic Gzip/deflate compression
• JavaScript/Stylesheet re-ordering
• Removal of missing and duplicate content
• Browser aware optimizations (Desktop, Mobile and legacy browsers )
Cache
• On-Proxy resource caching
• Dynamic page caching
• Aggressive Browser caching
• Auto URL versioning
Combine
• Merge Stylesheets
• Image Spriting
• Background image inlining
Automates web performance best practices, so you can focus on
strategic development & content
22. Examples of where to leverage vADCaaS
22
Enterprise
Apps
“It handles all our traffic with no problem, and the fact that I don’t have to do much with it is very
very important. With all the other stuff on my plate, not having to constantly watch over the load
load balancer is huge.”
— Chris Loughlin, Citrix Certified Administrator and Epic Client Systems Manager
Virtual
Datacenter
“With Brocade vTM now in place, everything is virtual. We just click a button and it happens in a
very predictable and easily configurable manner.
- Yoni Kirsh, managing director of Fastrack Technology
E-Retail
“With a faster website, the number of page views increased, which naturally led to higher
conversion rates and an increase in orders.”
— Lionel Touati, online sales technical director at Maisons du Monde
Online
Media &
Games
“The Brocade Virtual Traffic Manager does exactly what it’s supposed to do, and everything that
we need it to do.”
— Greg Birdwell, infrastructure architect at BARBRI
Developer
Teams
“We never know what a customer may want to implement next, but we know with TrafficScript
we are ready for any future implementation.”
— Josh Allen, Web Operations Infrastructure Engineer at CoSentry
23. What You Can Achieve with Brocade vADC
23
Capacity Planning
10x Faster Provisioning
Up to 90% Greater ROI
Automated Service Management
Enterprise Licensing
24. Call to Action…Take the First Step Today
Brocade.com Product Pages
– Brocade Virtual Application Delivery Controller (vADC)
– Brocade vRouter
– Brocade SDN Controller
FREE Trial Software Downloads
– Brocade vADC
– Brocade vRouter
– Brocade SDN Controller
Book Demo or POC
– Contact Scott Sims: ssims@brocade.com / 972-567-4756
24
Today I’ll talk about the Brocade Software Networking Solutions that leverage SDN and NFV technologies. These technologies from Brocade deliver an Open and an Agile solution architecture that further improves economics.
In 2000 we started with consolation server farms
Later virtualization was introduced to bring efficientices with the hardware and physical space
Convergence with intergrated systems and improved deployment times
Then Cloud as a service to help control operation and hardware costs and improve agility
What is the new IP?
Brocade New IP focuses on transforming the network to precisely achieve the flexibility and agility that is needed to meet the SLAs.
The 4 key tenets of New IP are to deliver innovative technologies that are Open, .Software-based, Ecosystem driven but at the same time enabling the customers to adapt to these new transformative innovations at their own pace.
This enables a new way of doing business ie. now it is the business that drives IT and not the IT limitations chaining the business growth.
So thereby Unleash the Power of Network Today, in order to be Future Ready!
Let’s talk about SDN and NFV at a very high level. Many of you may already know about it.
So what is SDN – Software Defined Network?
SDN is a programmable network that enables the customer to design, build and manage their own network. It decouples the Data Plane from the Control Plane on a physical network device.
The advantages of doing so are:
Logically centralized view of the overall network
Improved interoperability and manageability
Enable users to develop and deploy unique capabilities for their network needs
What is NFV – Network Functions Virtualization?
In order to make the network more flexible and agile, one of the best software technologies is NFV. It essentially virtualizes the hardware network devices like router, ADC, firewall, VPN.
The advantages of this are:
Virtualize the network devices to create multiple virtual functions for various network appliances ie. Layer 3 to Layer 7
Enable service innovations and meet service SLAs
Reduce CAPEX/OPEX
Brocade SDN Controller is a leading open source solution based on OpenDaylight. We are a commercial version of the opendaylight sdn controller. We bring our experience and support to help customers embrace SDN and limit any switch costs.
It is a vendor-agnostic solution as it is-
Designed for an open, multivendor world
Each layer can be selected independently
No platform or northbound dependencies
Simple on-ramp to SDN
Low-risk investment protection
Smooth installation and maintenance
Collaborative innovation
Joint and custom app development
Bridge to OpenDaylight community
Brocade vRouter is the first virtual router that has the ability to provide advanced networking and security in software. It delivers the following benefits:
High ROI and Efficiency
Proven high VNF density of vRouters in single server
Low CPU consumption provides headroom for other VNFs
Delivers breakthrough performance
80Gbps line rate on single vRouter
Advanced enhancements with Intel DPDK
High Versatility
Single product, multiple functions for Cloud and SP like router, VPN, Firewall
Cloud network segmentation, Secure gateway services and Workload and Subscriber firewall
Brocade vRouter has more than 100M+ production hours deployed at customer sites.
Brocade Virtual Application Delivery Controller (vADC) solutions help ensure predictable high-performance for applications whenever and wherever they are deployed.
Purpose-built for the Cloud
Deploy in any Hybrid Cloud architectures
On-demand application delivery - ADCaaS
Established CSP partnerships – Azure, AWS, Rackspace, Joyent etc
Intel DPDK – Explain the benefits
Process automation
Easy, consistent deployment of Service templates (LBaaS) and service isolation with centralized management
Usage visibility – metering and billing capabilities for chargeback
Integration with key orchestration tools – OpenStack, VMware NSX and Brocade SDN Controller
Hyperscale and Performance on Demand
Highest Layer 7 throughput for software (50GB/node)
Unique web application security solution
There are four parts to the vADC story, which together provide a comprehensive on-demand solution, and build up to the concept we call “Application Delivery as a Service” or “ADC-as-a-Service”
First, the core ADC platform is known as Brocade Traffic Manager: this provides core Layer 4 to 7 services, including load balancing, caching and SSL offload, and a powerful scripting tool, called TrafficScript. And we will see in a moment, Traffic Manager also acts as the platform on which we build higher-level services for security and content optimization.
Second, Brocade Web Application Firewall is a Layer-7 web application firewall, which is designed to protect applications from external application-level attacks. While a network firewall ensures that only certain types of traffic are permitted or denied, a web application firewall works with the business logic to decide whether to allow the request to be processed, checking for targeted attacks such as SQL Injection and Cross-Site scripting, and preventing data leakage.
Third, to accerate your web application convent we have the Web Accelerator which compress and caches web app content to improve bandwidth used, load times, lowers requests, best CDN Enterprise services on load times and number of requests
Finally, Brocade Services Controller gives a framework to manage on-demand provisioning, by automating the deployment, licensing and metering of ADC services across a virtual or cloud framework. When linked to a service orchestration framework, we call this ability to create and manage on-demand application delivery services “ADC-as-a-Service” and it transforms the way ADC services are consumed by enterprises and service providers to a much more fluid capacity-based model.
See Slide 27 for detailed explanation to help you talk through this slide with a customer.
Financial and time benefits of going with us
In traditional models each ADC has specific capacity allocated to it that cannot be shared with other ADCs
With Brocade customers purchase capacity to fill their ‘bucket’, that capacity can then be distributed and redistributed between ADCs as needed in unlimited numbers.
Whether for services providers or enterprises, we provide a complete set of tools to manage the inventory of ADC instances, so you know how resource pools are being used, and to plan ahead for how to re-allocate resources between different applications and groups. Usage reports can be created for business units and individual clients, making it easy to implement charge-back and billing for cost allocation across the business.
Each app has its own vTM = address scale and availability – need to make sure it looks virtual – animation
There are FOUR parts to the vADC story, which together provide a comprehensive on-demand solution, and build up to the concept we call “Application Delivery as a Service” or “ADC-as-a-Service”
First, the core ADC platform is known as Brocade Traffic Manager: this provides core Layer 4 to 7 services, including load balancing, caching and SSL offload, and a powerful scripting tool, called TrafficScript. And we will see in a moment, Traffic Manager also acts as the platform on which we build higher-level services for security and content optimization.
Second, Brocade Web Accelerator provides automatic HTML optimization, to reduce page load times. Traffic Manager includes a number of powerful tools to accelerate applications and services, but Web Accelerator gives an extra boost for some types of applications.
Third, Brocade Web Application Firewall is a Layer-7 web application firewall, which is designed to protect applications from external application-level attacks. While a network firewall ensures that only certain types of traffic are permitted or denied, a web application firewall works with the business logic to decide whether to allow the request to be processed, checking for targeted attacks such as SQL Injection and Cross-Site scripting, and preventing data leakage.
Finally, Brocade Services Controller gives a framework to manage on-demand provisioning, by automating the deployment, licensing and metering of ADC services across a virtual or cloud framework. When linked to a service orchestration framework, we call this ability to create and manage on-demand application delivery services “ADC-as-a-Service” and it transforms the way ADC services are consumed by enterprises and service providers to a much more fluid capacity-based model.
A Web Application Firewall is a security add on module to the Traffic manager, which focuses on fixing the vulnerabilities found in Web Applications. It is designed to secure known and unknown vulnerabilities and block attacks by implementing a rich set of security features.
The Web Application Firewall can meet the most demanding application-level security requirements, helping compliance with regulations such as PCI DSS and HIPAA.
Lets take a look at our layers of security and understand that there is no one stop shop solution for total IT security
*Click*
Traditional firewalls focus on and network-level security, I ensuring that only the right kind of traffic and destinations are permitted access to the application. A "regular" firewall typically looks at layers 3 and 4 of the OSI model. For instance, to allow TCP port 80, allow UDP port 53 from only specific IP addresses, or deny TCP port 25.
*Click*
Next, the more sophisticated next-generation firewalls look at patterns in traffic and may be able to identify users and application signatures in the traffic – but they still do not meet the requirements of PCI DSS, which requires full content inspection and parameter validation.
Reverse proxies, IDSs and IPSs:
Link packets into streams
Limited view of business logic
Fail PCI DSS requirement
Next Gen Firewalls:
• Designed to be a primary firewall, identifying and controlling applications users and content traversing the network.
• App-ID: Identifies and controls more than 900 applications of all types, irrespective of port, protocol, SSL encryption or evasive tactic.
• User-ID: Leverages user data in Active Directory (as opposed to IP addresses) for policy creation, logging and reporting.
• Content-ID: Blocks a wide range of malware, controls web activity and detects data patterns (SSN, CC#) traversing the network.
*Click*
Lastly, Web Application Firewall looks above these levels, and works closely with the application itself, WAFs exists because organizations have lots of custom written (web) applications, that won't be included in the "well known applications and protocols” protected by Next Gen Firewalls. A WAF and can provide proactive security tools such as form virtualisation, cookie and URL encryption, and complete control over parameter validation to detect SQL injection, cross-site scripting attacks directory traversal, or brute-force authentication attempts. .
WAF is designed to compensate for insecure coding and “virtually patch” vulnerabilities
• Business logic inspection
• Proactive application security (log/alert suspicious requests and suggest protection measures)
• Looks specifically for flaws in the application itself
• Highly customized for each security environment – looking at how the web application is supposed to act and acting on any odd behavior.
• Does not address the performance requirements of a primary firewall.
While these different security device may have slight functional overlaps, none can claim to be a complete security solution for any enterprise. The Web Application Firewall focuses on Application security and defends in conjunction of other complementing security solutions in the layered security model
Attacks can be carried out against any of these layers. As network firewalling has become commodity, the trend has been to move to application layer attacks.
Example attacks:
IP layer: ping of death (DoS)
TCP layer: SYN flood (dDoS)
HTTP layer: forceful browsing (accessing hidden but unprotected assets)
Business Logic layer: logic flaws (e.g. logging in as one user, but then doing some action in the name of another)
A scalable, application-aware Layer 7 security solution
Offers highest protection and performance in web and cloud application security. The vWAF identifies and stops attacks that would typically be missed by a network firewall protecting valuable data. Web Application Firewalls allow customers to mitigate web application security threats in a scalable manner.
Shown here is a list of optimizations dynamically applied by the Web Accelerator.
Most of these optimizations are well documented and most web applications developers are aware of them and their benefit
In fact, Google PageSpeed and Yahoo ySlow are two well known grading tools that score your web performance based on how many optimizations best practices are applied your webpages.
Having a high score in any of these benchmarks will not only ensure you have a light and fast loading webpage but also a highly SEO score as all the main search engines (Google, yahoo, Bing, etc.) all take into account the speed of your website in consideration when returning search engine results
Although well documented, applying these best practices in a consistent manner is a different story. As you can imagine every time you push out new iterations of web designs and code you need to ensure all these best practices are followed, this takes time to test and implement, often taking time out of development to dedicate time to fix and optimize design and code and not all organizations have resources to do so.
Think of Web Accelerator as a tool for your development team not a replacement – Web Accelerator automates these best practices at runtime and each time new content is pushed
A website’s Google PageSpeed and Yahoo ySlow score instantly is improved
Google PageSpeed: https://developers.google.com/speed/docs/insights/about
YSlow: http://yslow.org/faq/