Weitere ähnliche Inhalte Ähnlich wie Presentation network design and security for your v mware view deployment with vmware and f5 (20) Mehr von solarisyourep (20) Presentation network design and security for your v mware view deployment with vmware and f51. Network Design and Security for
Your VMware View Deployment
with VMware and F5
Philippe Bogaerts
Senior Field Systems Engineer - Benelux
2. © F5 Networks, Inc.
F5 & VMware
• F5 & VMware are global partners
• 5+ years of history
• Primary partnership goals
Compatibility / Interoperability testing
New Solution Development & Documentation
• Across all major F5 and VMware products
• Ongoing cooperative solution development
3. © F5 Networks, Inc.
Recent Highlights
• F5 named Technology Innovator Partner of the Year
VMware awards highest honor to F5 at 2011 Partner Exchange
Recognition for deep integration and solution development
• “VMware-Ready” certifications
• F5 BIG-IP, ARX and FP Virtual Edition appliances
• vSphere, vCloud Director, View
• Single Unified Namespace
• iApp rapid solution deployment for View 4.6, 5.0
• vSphere 5.0 Metro-Distance Live Migration
• Netapp FlexCache, EMC VPLEX
4. © F5 Networks, Inc.
Common Desktop Virtualization Challenges
• User Experience
• Performance over the Wide Area Network
• Access methods / complexity
• Login steps / annoyance
• Security
• Encryption of all WAN traffic
• Unified Access (Local vs. Remote, Desktop vs. Smart Phone)
• Integration with existing authentication infrastructure
• Endpoint integrity inspection
• Scalability/Availability
• Ensuring total availability of connection servers, VMs
• Single unified namespace across datacenters
5. © F5 Networks, Inc.
• VMware abstracts all hosts and and storage into “one big
computer”
• F5 connects users to applications running on vSphere
F5 Networks: Application Delivery
Networking
6. © F5 Networks, Inc.
Why Does Application Delivery Networking
Matter for Virtualization Projects?
Servers are more agile
Storage is more agile
Applications are more agile
Clients are more agile
Data centers are more agile
What’s missing?
The network!
7. © F5 Networks, Inc.
Taking A Step Back: What’s The Point?
Application Delivery Networking
F5 Networks
8. © F5 Networks, Inc.
Application Delivery Networking
• Control point for all traffic inbound and outbound
• Separate user connections from server connections
• Dynamically apply appropriate policies
Full Proxy
9. © F5 Networks, Inc.
Application Delivery Networking
• Encrypt application and data in transit
• User and Device authentication & authorization
Security
10. © F5 Networks, Inc.
Application Delivery Networking
• Caching
• Protocol optimization
Acceleration
11. © F5 Networks, Inc.
Application Delivery Networking
• Load balancing
• Persistence
• Connection Multiplexing
High Availability
12. © F5 Networks, Inc.
4 Key Functions of Application Delivery Networking
Scaling Migrating
Protecting Managing
14. © F5 Networks, Inc.
Connection ServersConnection Servers
BIG-IP LTM + APM
Remote Clients
Local LAN Clients
Local Mode Desktop
Primary Site
Centralized Virtual
Desktops
Internet
Encryption (DTLS or SSL)
Unencrypted RDP or Natively Encrypted PCoIP)
Security ServersSecurity Servers
Secondary
BIG-IP GTM
16. © F5 Networks, Inc.
Simplify Sign-On Frustrations
Step 1
Local
Login
Step 2
VPN
Login
Step 3
Desktop
Login
SSO
Login
Once
17. © F5 Networks, Inc.
Traffic QoS
View
Desktops
Rate Shape to ensure client-side View traffic receives priority
over client-outbound outbound traffic
Edge
Client
Edge
Client
Edge
Client
19. © F5 Networks, Inc.
Unify Access to the Data Center
DMZ
Use existing user directories
View Servers
BIG-IP Edge Gateway
• One solution to manage all access policies regardless of access
network
• Capacity and performance to secure all user traffic
• Optimizes application delivery to remote and mobile users
• Improves quality of real-time applications; soft phones and
streaming media
Mobile Users
Wireless Users
Internet
Branch Office Users
Internal LAN
VLAN2
LAN Users
Internal LAN
VLAN1
20. © F5 Networks, Inc.
Unified AAA Services for View
• Pre-Logon Checks:
• OS, AV, firewall, process, file, registry, extended windows info,
client and machine certs, etc.
• Remediation:
• Group Policy enforcement (Corp & Non-Corp Assets)
• Protected Workspace
• Intuitive, Visual Policy Editor
21. © F5 Networks, Inc.
Optimize Authentication & Authorization
• Integration with existing authentication mechanisms
• AD, LDAP, RADIUS, 2-Factor, Client Certs, Etc.
• Support for PKI infrastructures
• Extensible and scriptable
• Comprehensive auditing/accounting
• Check the device prior to logon
• OS, AV, firewall, process, file, registry, 2-factor auth,
client/machine certs, etc.
• Remediate if necessary, automatically
• Use protected workspaces for untrustworthy devices
• Enforce Group Policies on all assets (even non-corporate assets)
• Meets FIPS compliance requirements
22. © F5 Networks, Inc.
DMZ
Stringent Corporate Security Policies
View Security Server
Running on
Windows Server
2008 R2
BIG-IP APM
FIPS Compliant
Appliance
Connection Server
Connection Servers
BIG-IP provides a high capacity, FIPS compliant alternative to the View Security Server
Up to 2,000
concurrent
users per
server, 10,000
per pod.
Up to 40,000
concurrent
users on a
single device
23. © F5 Networks, Inc.
Maintain Native PCoIP Performance
Connection
Brokers
Mobile Users
Remote Users
Branch Office Users
LAN Users
DTLS Encryption
View
Servers
DTLS Encryption
SSL Encryption
PCoIP
PCoIP
RDP
DTLSEncryptionPCoIP
Support for DTLS (UDP) encryption
Support for SSL (TCP) encryption
Avoids the alternative method of
encapsulating UDP into TCP for SSL
encryption (thus degrading UDP).
25. © F5 Networks, Inc.
Enable Scalability by Offloading Processes
from View Connection Servers
1. Improve efficiency by offloading SSL
2. HA & load balancing for View Connection Servers
Connection
Servers
26. © F5 Networks, Inc.
Local Mode Acceleration
BIG-IP Edge Gateway
View pod
BIG-IP Edge Gateway
WAN
Optimized
Link
Branch Office
Datacenter
Local Mode
Check-out
Check-in
Synch
27. © F5 Networks, Inc.
DMZ
Ubiquitous View Client Support for Large Deployments
View Security Server
BIG-IP LTM
FIPS Compliant
Appliance
Connection Servers
BIG-IP allows thick, thin, and zero clients access to View deployments, which are > 2000 users
28. © F5 Networks, Inc.
DMZ
Maximum Scalability for View
BIG-IP APM
BIG-IP Global
Traffic Manager
BIG-IP Local
Traffic Manager
Pod 2
Pod 1
DMZ
BIG-IP APM
BIG-IP Local
Traffic Manager
Pod 3
Max 10,000 users
Per Cluster
Global Load
Balancing Among
Multiple Sites
Local Load
Balancing >70,000
concurrent users
@ 1Mbps each on
a single device
BIG-IP enables you to make multiple sites and multiple clusters, look like one big cohesive unit
29. © F5 Networks, Inc.
• iApps: Rapid, tested, streamlined, best practice deployment
iApp for VMware View 5.0
Deploy F5 LTM and APM in a matter of
minutes
Provide best practice configuration
Avoid human error
F5 iApps: Rapid Deployment for Enterprise
Applications
30. © F5 Networks, Inc.
• Rapid, tested, streamlined, best practice deployment of F5
functionality for VMware View environments
F5 iApp for VMware View
31. © F5 Networks, Inc.
Summary – VMware View & F5
• Improve and streamline User Experience
• Integrate, simplify, and unify Security
• Scale and provide global High Availability
• Reduce OPEX and CAPEX
Flexible deployment architectures and product
Platforms to support any size enterprise View deployment