Your F5 VMworld Voter's Pamphlet -- or Help Send me to Vegas
Being sent to Vegas is not something I generally aspire to. But in this case I'll make an exception. #VMworld is being held in Vegas this year August 28th - September 1st. Each year proscpective presenters prepare our session proposals and submit them to be voted upon. Those sessions with the most votes are chosen to be presented at the show. This year I have three different session proposals that I've submitted. And this is where I need your help. I'd appreciate your vote. My first session is titled, "F5 and VMware NSX Combine Forces in the SDDC to Provide Advanced Networking Services via Service Insertion" The Session ID is 7829. I’ll continue where I left off last year showing the advancements made via the Service Insertion model for F5 being able to provide actual high availability and security for your applications running within an NSX enabled environment. My next session(s) have the title: "VDI Dodgeball: The top 5 pitfalls to avoid with your VDI deployment” The session numbers are 7822 (Vegas) and 8672 (Barcelona — yes! Please send us to Barcelona). I’ll be doing these sessions with Sammie Ginger from SimpliVity. She and I will discuss the benefits of running your VDI on the SimpliVity Hyper Converged platform through an F5. Hyper Converged Systems are HOT right now. We will show the how and the why to use both F5 and SimpliVity to deliver rock solid VDI services. There are several other F5r's who have session proposals that are worthy of your votes as well. Justin Venezia F5's very own Mr. EUC has four sessions submitted. They are: "End–to-End Security for End User Computing" [8441] "Tips and Tricks for a Successfult End User Computing Deployment" [8451] "Architecting Highly Available, Scalabe and Resilient Enterprise Mobility & Desktop/Application Solutions" [8784] "Secure, Scalable, and Simple Remote Access Strategies with F5 and VMware End User Computing" [8783] Are you trying to realize all the things. Then this session featuring Matt Quill and Kent Munson will show off just how to do so. This session is chock full o demos so if you like to see it in action this is your session. The title is, "vRealize the Possibilities: Application Agility and Rapid Deployment with vRealize Automation, Orchestrator, Operations and Log Insight” and there are two session numbers one Vegas 8110 and one Barcelona 8148. We have even put together a Panel discussion with several customer CTOs. This will be an exciting real-world use case driven session. The title is, "Running the 4-Minute Mile - Practical Advice for Your Accelerating Network Ops - A CTO Panel Discussion,” and the session ID is 8140. So now that you have the lay of the land and know all about the F5 session proposals I’m going to make it easy for you to vote them all up. Follow along: First, Log into your VMworld account at http://www.vmworld.com/uscatalog.jspa? Then insert the following session numbers into the search box 7822, 8672, 7829, 8784, 8451, 8783, 8441, 8110, 8148, 8140 This will bring up all of the sessions on one page making it easy for you to click the star to the left of each title to vote them up and help send us all to VMworld. I know we are all being asked to vote a lot these days and I appreciate your help. This message was paid for and is approved by the committee of F5r's bound for VMworldF5 Friday: The Low Down on BIG-IP and VMware Stuff
#vmworld #vCloud #PHC6050 #EUC6104 #sddc How-tos and where to learn more about what's new with F5 and VMware As we're all gearing for up VMWorld (you are gearing up for the event, right?) it seems appropriate to highlight some existing resources for implementing VMware solutions with F5 BIG-IP and let you know where you can find out more at the show (hint: there are going to be sessions and a demo of a new joint solution!) So first, let's check out some recently posted how-tos from VMware folks on configuring BIG-IP and VMware solutions: First up is a great post on using F5 BIG-IP with Horizon Workspace 1.5 to load balance gateway-VAs for both internal and external access as well as load balancing Kerberos enabled connector VAs. You can download the document here: https://communities.vmware.com/docs/DOC-24577 If you're attending VMWorld, you can also attend a session on how to make Horizon View More Secure, Available, Scalable and Usable with F5 (EUC6104) presented by F5's own Paul Pindell Monday, Aug 26, 11:30 AM - 12:30 PM in Moscone West, Room 2005. Next up is configuring F5 BIG-IP LTM with VMware vCloud Director. This post appears to be the only one available that details how to setup the vCD Console Proxy via F5 BIG-IP. This is an important step that's often overlooked in other how-tos, so you'll want to check it out. Finally, here's a great post on using F5 BIG-IP LTM with IPv6. The noise around IPv6 has dulled to a quiet roar but it's still an increasingly important protocol to understand and using F5 is an awesome and quick way to enable legacy web applications for IPv6. How's that relate to VMware? Well, once you complete the configuration it will make the web interface of vCD available via IPv6. Finally, if you're attending the show, you'll want to attend a session presented by F5's own Charlie Cano and VMware Senior Product Manager, Dan Mitchell, on Monday, Aug 26, 3:30 PM - 4:30 PM in Moscone West, Room 3008 on the topic of Moving Beyond Infrastructure: Meeting Demands on App Lifecycle Management in the Dynamic Datacenter (PCH6050). This session is going to dig into some of the details behind the latest joint solution from F5 and VMware, taking the next step toward a Software-Defined Data Center. The solution is based on a new offering being launched by VMware at the show Monday and F5 will be providing a demo at its booth at the show of the joint solution. You don't want to miss it. If you aren't attending the show or can't make the sessions, be sure to check back here Monday for details on the new joint solution.F5 Friday on Tuesday: Getting You One Step Closer to a SDDC
#SDN #vmworld F5 Solutions Combine with VMware VXLAN to Support Software Defined Networking As efforts around SDN (Software-Defined Networking) continue to explode faster than the price of gas it has begun to diverge into several different focal points. Each area of focus tends to zero in on a narrowly defined set of problems that are in need of being solved. One of those focal points is on the layer 2 domain, where limitations both physical and logical constrain mobility of virtual machines across the network. In an increasingly network-agnostic approach to resource provisioning the limitations imposed by traditional logical networking standards can be a serious impediment to realizing the benefits of a truly elastic, cloud-computing based architectural model. To address the specific issues related to VLAN limitations and topological constraints on rapid provisioning processes, several competing standards have been proposed. The two most recognizable are certainly VXLAN (primarily driven by VMware) and NVGRE (primarily driven by Microsoft). Organizations are pursuing increasingly dynamic IT deployment models with software defined data centers (SDDC) becoming top of mind as the end-goal. As a strategic point of control in the data center, F5's approach is to seamlessly interoperate with a wide variety of network topologies including traditional VLANs and emerging SDN-related frameworks such as VXLAN and NVGRE. Such standards-efforts are focused on decoupling virtual machines from the underlying network as a way to enable more flexible, scalable and manageable pools of resources across the entire data center. The applications residing in those resource pools, however, must still be delivered. End-users and IT alike expect the same performance, reliability, and security for those applications regardless of where they might be deployed across the data center. That means ADN must be able to seamlessly transition between both traditional and emerging virtual networking technology so as to consistently deliver applications without compromising on performance or security. By supporting emerging standards in the ADC, customers can create isolated broadcast domains across the data center, enabling dynamic logical networks to span physical boundaries. F5 recently announced its support for NVGRE with our Microsoft Network Virtualization Gateway and today we're announcing that we will also support VXLAN by adding VXLAN virtual tunneling endpoint (vTEP) capabilities to BIG-IP. BIG-IP natively supports VXLAN today, but the addition of vTEP capabilities mean BIG-IP can act as a gateway, bridging VXLAN and non-VXLAN networks with equal alacrity. That means the ability to use either physical or virtual BIG-IP form factor to leverage all F5's ADN services such as security, acceleration, and optimization across both VXLAN and traditional networks. New support means organizations can: Simplify the Expansion of Virtual Networks With BIG-IP solutions as the bridge, organizations will be able to extend their existing networks from using VLAN to using VXLAN-based topologies. This enables a transitory approach to migration of resources and systems that avoids the disruption otherwise required by technical requirements of VXLAN. Apply Services across Heterogeneous Networks for Optimized Performance F5’s BIG-IP platform can serve as a networking gateway for all ADN services, making them available to application workloads irrespective of the underlying network topology. Networks comprised of multiple network technologies will find a unified gateway approach to providing services results in more predictable results for application delivery. Improve Application Mobility and Business Continuity Because VXLAN-based networks can provide functional isolation from one another, virtual machines do not need to change IP addresses while migrating between different data centers or clouds. Eliminating this requirement is a boon for enterprise-class IP-dependent applications that were previously restricted in mobility between environments. You can learn more about BIG-IP's support for VXLAN at #VMworld Europe this week at booth G100. Hybrid Architectures Do Not Require Private Cloud F5 Friday: Automating Operations with F5 and VMware F5 ... Wednesday: VMware Business Process Desktop and F5 BIG-IP The Full-Proxy Data Center Architecture F5 Friday: A Single Namespace to Rule Them All F5 Friday: Cookie Cutter vApps Realized F5 SOLUTIONS COMBINE WITH VXLAN TO SUPPORT SDNF5 Friday: Automating Operations with F5 and VMware
#cloud #virtualization #vmworld #devops Integrating F5 and VMware with the vCloud Ecosystem Framework to achieve automated operations A third of IT professionals, when asked about the status of their IT cross-collaboration efforts 1 (you know, networking and server virtualization groups working together) indicate that sure, it's a high priority, but a lack of tools makes it difficult to share information and collaborate proactively. Whether we're talking private cloud or dynamic data center efforts, that collaboration is essential to realizing the efficiency promised by these modern models in part by the ability to automate scalability, i.e. elasticity. While virtualization vendors have invested a lot of effort in developing APIs that provide extensibility and control, automating those infrastructures is simply not a part of the core virtualization feature set. And yet, controlling a virtualized infrastructure is going to be a key point of any automation strategy, because virtualization is where your resource pools and elasticity live. -- Information Week reports, "Automating the Private Cloud", Jake McTigue Consider that in a recent sampling of more than 2003 BIG-IPs the majority of resource pools comprised either 10 to 50 members or anywhere from 100 to 999 members, with the average across all BIG-IPs being about 102 members. The member of a pool, in the load balancing vernacular by the way, is an application service: the combination of an IP address and a port, such as defines a web or e-mail or other application service. Such services might be traditional (physical) or hosted in a virtual machine. That's a lot of individual services that need to be managed and, more importantly, at some point deployed. And as we know, deploying an application isn't just launching a VM – it's managing the network components that may go along with it, as well. While leveraging an application delivery controller as a strategic point of control insulates organizations from the impact of such voluminous change on delivery services such as security, access control, and capacity, it doesn't mean it is immune from the impact of such change itself. After all, for elasticity to occur the load balancing service must be aware of changes in its pool of resources. Members must be added or removed, and the appropriate health monitoring enabled or disabled to ensure real-time visibility into status. A lack of tools to automate the infrastructure collaboration necessary to deploy and subsequently manage changes to applications is a part of the perception that IT is sluggish to respond, and why many cite lengthy application deployment times as problematic for their organization. THE TOOLS to COLLABORATE and ENABLE AUTOMATION VMware and F5 both seek to provide technologies that make software defined data centers a reality. A key component is the ability to integrate application services into data center operations and thus enable the automation of the application deployment lifecycle. One way we're enabling that is through the VMware vCloud Ecosystem Framework (vCEF). Designed to allow third-parties to integrate with VMware vShield Manager which can then integrate with VMware vCloud Director, enabling private or public cloud or dynamic data center deployments. The integrated solution takes advantage of F5's northbound API as well as vShield Manager's REST-based API to enable bi-directional collaboration between vShield Manager and F5 management solutions. Through this collaboration, a VMware vApp as well as an F5 iApp can be deployed. Together, these two packages describe an application – from end-to-end. Deployment of required application delivery services occurs when F5's management solution uses its southbound API to instruct appropriate F5 BIG-IP devices to execute the appropriate iApp. The iApp is automatically executed again upon any change in resource pool make-up, i.e. a virtual machine is launched or de-provisioned. This enables the automatic elasticity desired to manage volatility automatically, without requiring lengthy manual processes to add or remove resources from a pool. It also enables newly deployed application to be delivered with the appropriate set of application delivery settings, such as those encapsulated in F5 developed iApps that define the optimal TCP, HTTP, and network parameters for specific applications. The business and operational benefits are fairly straightforward – you're automating a process that spans IT groups and infrastructure, and gaining the ability to create repeatable, successful application deployments that can be provisioned in minutes rather than days. This is just one of the many joint solutions F5 and VMware have developed over the past few years. Whether it's VDI or server virtualization, intra or inter-data center, we've got a solution for VMware technology that will enhance the security, performance, and reliability of not just the delivery of applications, but their deployment. 1 Enterprise Management Associates' 2012 Network Automation Survey Results Additional Resources for F5 and VMware Solutions Related blogs and articles Enabling IT Agility with the BIG-IP System and VMware vCloud Operationalizing Elastic Applications F5 and vCloud Solutions Username Persistence for VMware View Deployments Enable Single Namespace for VMware View Deployments F5 BIG-IP Enhances VMware View 5.0 on FlexPod How to Have Your (VDI) Cake and Deliver it Too F5 Solutions for VMware View Mobile Secure Desktop The Cloud’s Hidden Costs Hype Cycles, VDI, and BYOD Devops Proverb: Process Practice Makes Perfect F5 Friday: Programmability and Infrastructure as Code Lori MacVittie is a Senior Technical Marketing Manager, responsible for education and evangelism across F5’s entire product suite. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University. She is the author of XAML in a Nutshell and a co-author of The Cloud Security RulesF5 ... Wednesday: VMware Business Process Desktop and F5 BIG-IP
#vmworld #vdi #byod #infosec #F5 supports VMware’s latest VDI initiative: BPD When remote office connectivity first became a reality there began to emerge a variety of requirements specific to needs of the business and remote users. Over top of point-to-point VPN connectivity we layered WAN optimization and application acceleration technology, and later more dynamic security policies. Similar to that evolution has been the deployment and use of virtual desktop infrastructure (VDI). As the business use for VDI continues to evolve and expand, so specific requirements begin to emerge that must be met with new solutions. Supporting outsourcing has become a critical activity in the quest for operational and financial efficiency. Whether outsourcing non-core activities or combining internal and outsourced teams for collaboration, outsourcing promises organizations significant cost savings and greater business flexibility. To realize these benefits, however, requires careful consideration of a variety of factors both technical and non-technical. Compliance, performance, security, and business continuity are all inter-related concerns that must be addressed to successfully execute on an outsourcing initiative. Many of these concerns – particularly those regarding the security of data and control of sensitive data – can be addressed through careful implementation of what VMware is calling Business Process Desktop (BPD). VMware defines BPD as “the ability to provide virtual desktops in outsourced environments.” VMware correctly calls this out as a separate desktop initiative precisely because of the myriad legal and security challenges involved with sharing sensitive and regulated data (such as ITAR and EAR data) require more careful attention than is often given to such concerns in a non-outsourced remote environment. More challenging, however, is supporting both BPD and other remote deployment scenarios (such as BYOD) simultaneously. Distinguishing between employee BYOD and outsourced BYOD, for example, is paramount to being able to apply the appropriate level of security and access lest one run afoul of regulations. A strategic point of control which enables IT to enforce policies appropriate to the user, device, and status is critical to a successful BPD implementation. Performance and reliability, too, are factors in successful implementation as a failure of either can impede not only outsourced but internal teams as both rely upon the ability to collaborate in real-time. That strategic point of control is logically the application delivery tier, where F5 BIG-IP provides logical and strategic control over performance, reliability, and access of virtual desktops being delivered to remote and local teams, whether internal or outsourced. F5 BIG-IP systems comprise a variety of integrated infrastructure services supporting distributed environments such as BPD and provide myriad application delivery services designed to address the challenges of managing BYOD, VDI, and combinations thereof. F5 and VMware have a long history of working together to create complete solutions supporting VMware initiatives from AlwaysOn to Mobile Secure to Business Process Desktop. As has become the norm, F5 is at VMworld, and you can visit us in Booth # 1101 to see a live multi-site deployment demonstrating our unique virtualization solutions including Single Namespace and Username Persistence support. And if you aren't attending VMworld, you can follow along and hear what folks have to say all week via Twitter and Facebook. F5 Solutions for VMware View Mobile Secure Desktop Enable Single Namespace for VMware View Deployments F5 Friday: A Single Namespace to Rule Them All F5 Friday: Secure, Scalable and Fast VMware View Deployment WILS: The Importance of DTLS to Successful VDI Simplify VMware View Deployments Simplify VMware View Deployments with BIG-IP APM for LTM VE F5 and VMware Solution GuideThe Venerable Vulnerable Cloud
Ever since cloud computing burst onto the technology scene a few short years ago, Security has always been a top concern. It was cited as the biggest hurdle in many surveys over the years and in 2010, I covered a lot of those in my CloudFucius blog series. A recent InformationWeek 2012 Cloud Security and Risk Survey says that 27% of respondents have no plans to use public cloud services while 48% of those respondents say their primary reason for not doing so is related to security - fears of leaks of customer and proprietary data. Certainly, a lot has been done to bolster cloud security, reduce the perceived risks associated with cloud deployments and even with security concerns, organizations are moving to the cloud for business reasons. A new survey from Everest Group and Cloud Connect, finds cloud adoption is widespread. The majority of the 346 executive respondents, 57%, say they are already using Software as a Service (SaaS) applications, with another 38% adopting Platform as a Service (PaaS) solutions. The most common applications already in the cloud or in the process of being migrated to the cloud include application development/test environments (54%), disaster recovery and storage (45%), email/collaboration (41%), and business intelligence/analytics (35%). Also, the survey found that cloud buyers say the two top benefits they anticipate the most is a more flexible infrastructure capacity and reduced time for provisioning and 61% say they are already meeting their goals for achieving more flexibility in their infrastructures. There’s an interesting article by Dino Londis on InformationWeek.com called How Consumerization is Lowering Security Standards where he talks about how Mob Rule or the a democratization of technology where employees can pick the best products and services from the market is potentially downgrading security in favor of convenience. We all may forgo privacy and security in the name of convenience – just look at loyalty rewards cards. You’d never give up so much personal info to a stranger yet when a store offers 5% discount and targeted coupons, we just might spill our info. He also includes a list of some of the larger cloud breaches so far in 2012. Also this week, the Cloud Security Alliance (CSA) announced more details of its Open Certification Framework, and its partnership with BSI (British Standards Institution). The BSI partnership ensures the Open Certification Framework is in line with international standards. The CSA Open Certification Framework is an industry push that offers cloud providers a trusted global certification scheme. This flexible three-stage scheme will be created in line with the CSA's security guidance and control objectives. The Open Certification Framework is composed of three levels, each one providing an incremental level of trust and transparency to the operations of cloud service providers and a higher level of assurance to the cloud consumer. Additional details can be found at: http://cloudsecurityalliance.org/research/ocf/ The levels are: CSA STAR Self Assessment: The first level of certification allows cloud providers to submit reports to the CSA STAR Registry to indicate their compliance with CSA best practices. This is available now. CSA STAR Certification: At the second level, cloud providers require a third-party independent assessment. The certification leverages the requirements of the ISO/IEC 27001:2005 management systems standard together with the CSA Cloud Controls Matrix (CCM). These assessments will be conducted by approved certification bodies only. This will be available sometime in the first half of 2013. The STAR Certification will be enhanced in the future by a continuous monitoring-based certification. This level is still in development. Clearly the cloud has come a long way since we were all trying to define it a couple years ago yet, also clearly, there is still much to be accomplished. It is imperative that organizations take the time to understand their provider’s security controls and make sure that they protect your data as good or better as you do. Also, stop by Booth 1101 at VMworld next week to learn how F5 can help with Cloud deployments. psF5 Friday: Elastic Applications are Enabled by Dynamic Infrastructure
You really can’t have the one without the other. VMware enables the former, F5 provides the latter. The use of public cloud computing as a means to expand compute capacity on-demand, a la during a seasonal or unexpected spike in traffic, is often called cloud bursting and we’ve been talking about it (at least in the hypothetical sense) for some time now. When we first started talking about it the big question was, of course, but how do you get the application in the cloud in the first place? Everyone kind of glossed over that because there was no real way to do it on-demand. OVERCOMING the OBSTACLES BIT by BIT and BYTE by BYTE The challenges associated with dynamically moving a live, virtually deployed application from one location to another were not trivial but neither were they insurmountable. Early on these challenges have been directly associated with the difference in networking and issues with the distances over which a virtual image could be successfully transferred. As the industry began to address those challenges others came to the fore. It’s not enough, after all, to just transfer a virtual machine from one location to another – especially if you’re trying to do so on-demand, in response to some event. You want to migrate that application while it’s live and in use, and you don’t want to disrupt service to do it because no matter what optimizations and acceleration techniques are used to mitigate the transfer time between locations, it’s still going to take some time. The whole point of cloud bursting is to remain available and if the process to achieve that dynamic growth defeats the purpose, well, it seems like a silly thing to do, doesn’t it? As we’ve gotten past that problem now another one rears its head: the down side. Not the negatives, no, the other down side – the scaling down side of cloud bursting. Remember the purpose of performing this technological feat in the first place is dynamic scalability, to enable an elastic application that scales up and down on-demand. We want to be able to leverage the public cloud when we need it but not when we don’t, to keep really realize the benefits of cloud and its lower cost of compute capacity. FORGING AHEAD F5 has previously proven that a live migration of an application is not only possible, but feasible. This week at VMworld we took the next step: elastic applications. Yes, we not only proved you can burst an application into the cloud and scale up while live and maintaining availability, but that you can also scale back down when demand decreases. The ability to also include a BIG-IP LTM Virtual Edition with the cloud-deployed application instance means you can also consistently apply any application delivery policies necessary to maintain security, consistent application access policies, and performance. The complete solution relies on products from F5 and VMware to monitor application response times and expand into the cloud when they exceed predetermined thresholds. Once in the cloud, the solution can further expand capacity as needed based on application demand. The solution comprises the use of: VMware vCloud Director A manageable, scalable platform for cloud services, along with the necessary APIs to provision capacity on demand. F5 BIG-IP® Local Traffic Manager™ (LTM) One in each data center and/or cloud providing management and monitoring to ensure application availability. Application conditions are reported to the orchestration tool of choice, which then triggers actions (scale up or down) via the VMware vCloud API. Encryption and WAN optimization for SQLFabric communications between the data center and the cloud are also leveraged for security and performance. F5 BIG-IP® Global Traffic Manager™ (GTM) Determines when and how to direct requests to the application instances in different sites or cloud environments based on pre-configured policies that dynamically respond to application load patterns. Global application delivery (load balancing) is critical for enabling cloud bursting when public cloud-deployed applications are not integrated via a virtual private cloud architecture. VMware GemStone SQLFabric Provides the distributed caching and replication of database objects between sites (cloud and/or data center) necessary to keep application content localized and thereby minimize the performance impact of latency between the application and its data. I could talk and talk about this solution but if a picture is worth a thousand words then this video ought to be worth at least that much in demonstrating the capabilities of this joint solution. If you’re like me and not into video (I know, heresy, right?) then I invite you to take a gander at some more traditional content describing this and other VMware-related solutions: A Hybrid Cloud Architecture for Elastic Applications with F5 and VMware – Overview Hybrid Cloud Application Architecture for Elastic Java-Based Web Applications – Deployment Guide F5 and VMware Solution Guide If you do like video, however, enjoy this one explaining cloud bursting for elastic applications in a hybrid cloud architecture. Related blogs and articles: Bursting the Cloud vMotion Layer 2 Adjacency Requirements Cloud-bursting and the Database Cloud Balancing, Cloud Bursting, and Intercloud Cloud Balancing, Reverse Cloud Bursting, and Staying PCI-Compliant Virtual Private Cloud (VPC) Makes Internal Cloud bursting Reality How Microsoft is bursting into the cloud with BizTalk So You Put an Application in the Cloud. Now what? Migrate a live application across clouds with no downtime? Sure ... Just in Case. Bring Alternate Plans to the Cloud Party CloudFucius Asks: Will Open Source Open Doors for Cloud Computing? The Three Reasons Hybrid Clouds Will Dominate Pursuit of Intercloud is Practical not Premature
