This document discusses how F5 networks can provide network design and security solutions to optimize VMware View deployments. It highlights F5 and VMware's partnership, some common challenges with desktop virtualization like user experience and security, and how F5 solutions address these challenges through application delivery networking, simplified authentication, encryption, acceleration, load balancing and high availability. It provides an example architecture showing how F5 integrates with VMware View and concludes that F5 helps improve the user experience, unify security, scale deployments globally, and reduce costs for VMware View.

1. Network Design and Security for
Your VMware View Deployment
with VMware and F5
Philippe Bogaerts
Senior Field Systems Engineer - Benelux

2. © F5 Networks, Inc.
F5 & VMware
• F5 & VMware are global partners
• 5+ years of history
• Primary partnership goals
 Compatibility / Interoperability testing
 New Solution Development & Documentation
• Across all major F5 and VMware products
• Ongoing cooperative solution development

3. © F5 Networks, Inc.
Recent Highlights
• F5 named Technology Innovator Partner of the Year
 VMware awards highest honor to F5 at 2011 Partner Exchange
 Recognition for deep integration and solution development
• “VMware-Ready” certifications
• F5 BIG-IP, ARX and FP Virtual Edition appliances
• vSphere, vCloud Director, View
• Single Unified Namespace
• iApp rapid solution deployment for View 4.6, 5.0
• vSphere 5.0 Metro-Distance Live Migration
• Netapp FlexCache, EMC VPLEX

4. © F5 Networks, Inc.
Common Desktop Virtualization Challenges
• User Experience
• Performance over the Wide Area Network
• Access methods / complexity
• Login steps / annoyance
• Security
• Encryption of all WAN traffic
• Unified Access (Local vs. Remote, Desktop vs. Smart Phone)
• Integration with existing authentication infrastructure
• Endpoint integrity inspection
• Scalability/Availability
• Ensuring total availability of connection servers, VMs
• Single unified namespace across datacenters

5. © F5 Networks, Inc.
• VMware abstracts all hosts and and storage into “one big
computer”
• F5 connects users to applications running on vSphere
F5 Networks: Application Delivery
Networking

6. © F5 Networks, Inc.
Why Does Application Delivery Networking
Matter for Virtualization Projects?
Servers are more agile
Storage is more agile
Applications are more agile
Clients are more agile
Data centers are more agile
What’s missing?
The network!

7. © F5 Networks, Inc.
Taking A Step Back: What’s The Point?
Application Delivery Networking
F5 Networks

8. © F5 Networks, Inc.
Application Delivery Networking
• Control point for all traffic inbound and outbound
• Separate user connections from server connections
• Dynamically apply appropriate policies
Full Proxy

9. © F5 Networks, Inc.
Application Delivery Networking
• Encrypt application and data in transit
• User and Device authentication & authorization
Security

10. © F5 Networks, Inc.
Application Delivery Networking
• Caching
• Protocol optimization
Acceleration

11. © F5 Networks, Inc.
Application Delivery Networking
• Load balancing
• Persistence
• Connection Multiplexing
High Availability

12. © F5 Networks, Inc.
4 Key Functions of Application Delivery Networking
Scaling Migrating
Protecting Managing

13. © F5 Networks, Inc.
Architecture

14. © F5 Networks, Inc.
Connection ServersConnection Servers
BIG-IP LTM + APM
Remote Clients
Local LAN Clients
Local Mode Desktop
Primary Site
Centralized Virtual
Desktops
Internet
Encryption (DTLS or SSL)
Unencrypted RDP or Natively Encrypted PCoIP)
Security ServersSecurity Servers
Secondary
BIG-IP GTM

15. © F5 Networks, Inc.
User Experience

16. © F5 Networks, Inc.
Simplify Sign-On Frustrations
Step 1
Local
Login
Step 2
VPN
Login
Step 3
Desktop
Login
SSO
Login
Once

17. © F5 Networks, Inc.
Traffic QoS
View
Desktops
Rate Shape to ensure client-side View traffic receives priority
over client-outbound outbound traffic
Edge
Client
Edge
Client
Edge
Client

18. © F5 Networks, Inc.
Security

19. © F5 Networks, Inc.
Unify Access to the Data Center
DMZ
Use existing user directories
View Servers
BIG-IP Edge Gateway
• One solution to manage all access policies regardless of access
network
• Capacity and performance to secure all user traffic
• Optimizes application delivery to remote and mobile users
• Improves quality of real-time applications; soft phones and
streaming media
Mobile Users
Wireless Users
Internet
Branch Office Users
Internal LAN
VLAN2
LAN Users
Internal LAN
VLAN1

20. © F5 Networks, Inc.
Unified AAA Services for View
• Pre-Logon Checks:
• OS, AV, firewall, process, file, registry, extended windows info,
client and machine certs, etc.
• Remediation:
• Group Policy enforcement (Corp & Non-Corp Assets)
• Protected Workspace
• Intuitive, Visual Policy Editor

21. © F5 Networks, Inc.
Optimize Authentication & Authorization
• Integration with existing authentication mechanisms
• AD, LDAP, RADIUS, 2-Factor, Client Certs, Etc.
• Support for PKI infrastructures
• Extensible and scriptable
• Comprehensive auditing/accounting
• Check the device prior to logon
• OS, AV, firewall, process, file, registry, 2-factor auth,
client/machine certs, etc.
• Remediate if necessary, automatically
• Use protected workspaces for untrustworthy devices
• Enforce Group Policies on all assets (even non-corporate assets)
• Meets FIPS compliance requirements

22. © F5 Networks, Inc.
DMZ
Stringent Corporate Security Policies
View Security Server
Running on
Windows Server
2008 R2
BIG-IP APM
FIPS Compliant
Appliance
Connection Server
Connection Servers
BIG-IP provides a high capacity, FIPS compliant alternative to the View Security Server
Up to 2,000
concurrent
users per
server, 10,000
per pod.
Up to 40,000
concurrent
users on a
single device

23. © F5 Networks, Inc.
Maintain Native PCoIP Performance
Connection
Brokers
Mobile Users
Remote Users
Branch Office Users
LAN Users
DTLS Encryption
View
Servers
DTLS Encryption
SSL Encryption
PCoIP
PCoIP
RDP
DTLSEncryptionPCoIP
Support for DTLS (UDP) encryption
Support for SSL (TCP) encryption
Avoids the alternative method of
encapsulating UDP into TCP for SSL
encryption (thus degrading UDP).

24. © F5 Networks, Inc.
Availability & Scalability
in the Data Center

25. © F5 Networks, Inc.
Enable Scalability by Offloading Processes
from View Connection Servers
1. Improve efficiency by offloading SSL
2. HA & load balancing for View Connection Servers
Connection
Servers

26. © F5 Networks, Inc.
Local Mode Acceleration
BIG-IP Edge Gateway
View pod
BIG-IP Edge Gateway
WAN
Optimized
Link
Branch Office
Datacenter
Local Mode
Check-out
Check-in
Synch

27. © F5 Networks, Inc.
DMZ
Ubiquitous View Client Support for Large Deployments
View Security Server
BIG-IP LTM
FIPS Compliant
Appliance
Connection Servers
BIG-IP allows thick, thin, and zero clients access to View deployments, which are > 2000 users

28. © F5 Networks, Inc.
DMZ
Maximum Scalability for View
BIG-IP APM
BIG-IP Global
Traffic Manager
BIG-IP Local
Traffic Manager
Pod 2
Pod 1
DMZ
BIG-IP APM
BIG-IP Local
Traffic Manager
Pod 3
Max 10,000 users
Per Cluster
Global Load
Balancing Among
Multiple Sites
Local Load
Balancing >70,000
concurrent users
@ 1Mbps each on
a single device
BIG-IP enables you to make multiple sites and multiple clusters, look like one big cohesive unit

29. © F5 Networks, Inc.
• iApps: Rapid, tested, streamlined, best practice deployment
 iApp for VMware View 5.0
 Deploy F5 LTM and APM in a matter of
minutes
 Provide best practice configuration
 Avoid human error
F5 iApps: Rapid Deployment for Enterprise
Applications

30. © F5 Networks, Inc.
• Rapid, tested, streamlined, best practice deployment of F5
functionality for VMware View environments
F5 iApp for VMware View

31. © F5 Networks, Inc.
Summary – VMware View & F5
• Improve and streamline User Experience
• Integrate, simplify, and unify Security
• Scale and provide global High Availability
• Reduce OPEX and CAPEX
Flexible deployment architectures and product
Platforms to support any size enterprise View deployment

32. © F5 Networks, Inc.
Thank You
F5 Networks
www.f5.com/vmware