F5 White Papers

Getting your applications to work properly over a Wide Area Network (WAN) is a complex task, and it is not likely to get easier any time soon. Trends such as data center consolidation, the advent of Web 2.0 applications, and the move to web-based application delivery have only served to increase complexity and slow user response times.

This paper is the second in a series. The frst, Acceleration 101, describes acceleration features and terms. This paper focuses on topology options for deploying acceleration features in an Application Delivery Network (ADN).

In today’s business world, disaster recovery (DR) plans are key parts of a company’s overall IT planning process. A major component of these plans involves protecting business-critical data through backups and data replication. Such replication and backup processes may occur between data centers, branch and home offces, or primary and backup sites.

In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity theft and other misuse. Visa outlined key security requirements, along with a program for validation and auditing.
 
In December of 2004, Visa and MasterCard joined forces to simplify compliance for merchants and payment processors with the jointly-developed, 12-point PCI standard. The scope of these requirements is quite broad, incorporating best practices for perimeter security, data privacy, and layered security.

Nearly all WAN optimization appliances leverage advanced compression routines to improve application performance.  At a high level, they all store and leverage previously transferred network data to achieve high compression ratios.  When examined further though, how they achieve these gains, and their resulting limitations, varies widely.

A successful SOA implementation relies as much on the flexibility of your network as it does the services which will be delivered on it. Just as brittle, inflexible application integration technologies have been deemed unsuitable and unable to meet today’s volatile business needs, so too have the static, inflexible network technologies of the past become a hindrance to the delivery of dynamic, flexible service-oriented applications.

Most enterprises and organizations are familiar with application security and Web Application Firewalls (WAFs), realizing that secure application access and delivery of web-based applications are necessities. There are many factors that are driving this push, most notably led by the “webification” of the older client/server architecture-model applications.

As businesses place more applications on the web, they expose more of their sensitive customer data to hackers. Browser-based applications tunnel through the entire security perimeter of an organization, giving users unprecedented access to internal systems. It's little wonder that the majority of attacks today target the application directly.

Web-enabled applications have become commonplace in today’s enterprise organizations. It is not unusual for a single company to have hundreds of different web-based applications on the network. As deploying these applications becomes easier, the focus is shifting from the applications to security and access concerns.

After many years of purely negative security provided by anti-virus scanners, IDS/IPS, and anti-spam engines, it’s refreshing to hear that the positive security model—the basis for tried and true security devices like network firewalls and ACLs—is coming back in vogue. Most recently, this positive policy re-emergence has revolved around the Web Application Firewall (WAF) and application security market.

Many service oriented architecture (SOA) implementations include a messaging backbone known as the enterprise service bus (ESB). This messaging backbone not only integrates services, but also orchestrates, enriches, and secures them as part of an application or business process.

This paper discusses an alternative architecture that supports data center automation and dynamic provisioning without operating system virtualization.

With the increasing proliferation of broadband, more and more users are using Peer-to-Peer (P2P) protocols to share very large files, including software, multi-media files, and applications. This trend has exponentially increased traffic flows across a very wide area network. 

This document provides a general reference for a proof of concept for Microsoft® Hyper-V in a dynamic data center scenario utilizing HP BladeSystem c-Class technology. Contained in this reference is an overview of what components HP recommends for implementing a Microsoft Hyper-V dynamic data center scenario on its BladeSystem c-Class technology, including where components should be installed within the BladeSystem enclosure and when such information can be helpful to the construction of the solution.

While the “buzz” on the street seems to be all about the next generation network (NGN) and the IP Multimedia Subsystem (IMS), it is perhaps more important to talk about how today’s existing service provider (SP) networks can start making the slow migration toward the NGN. Very few SPs will simply be able to build a whole new network, and even those that can still need to support legacy devices and services for the foreseeable future.

Many applications are developed today in the hopes that they will one day become “superstars” like Twitter, Facebook, and MySpace. But they aren’t necessarily developed with the capacity and performance expectations that are required of superstars. Twitter, for example, is in the midst of a nearly complete architectural renovation due to its inability to scale. In the meantime, users are frustrated by the constant outages and instability of the popular Web 2.0 site.

When a user visits a web page, the contents of that page can be stored in the browser’s cache so it doesn’t need to be re-requested and re-downloaded. Efficiently using the browser cache can improve end user response times and reduce bandwidth utilization.

Because improvements in practical computer power lag far behind these exponential hardware improvements, the key to maintaining processor performance has become multiprocessor or multicore design. This white paper details how the Clustered Multiprocessor (CMP) from F5, in combination with TMOS, provides customers with scalability, extensibility, adaptability, and manageability.

In April 2008, PCI Security Standards Council (SSC) publically released a clarifcation on PCI DSS Requirement 6.6 and provided two possible options to use for business compliance. The compliance deadline for Requirement 6.6 remains on June 30th, 2008, and with released clarifcations, companies now have enough information and options to develop a sound compliance strategy. This paper will examine the clarifcations provided by PCI SSC and suggest the most effective and reliable ways to comply.

Businesses are still struggling to deliver continuous application high availability to their customers. In fact, a report from Infonetics states that service provider outage contributes to 30% of the downtime businesses experience. Small and medium businesses must also provide high availability for their applications, but often don’t have the IT budget to fund a second data center.

Organizations of all types are feeling increasing pressure to migrate from the well-known and universal Internet Protocol version 4 (IPv4) standard to the newer IPv6 standard.

Enabling you to virtualize your resources is the greatest value of F5’s product strategy. Regardless of where you’re starting out or your constraints, F5 has the solutions that function as architectural building blocks to virtualize your resources. With F5, you can leverage the benefi  ts of virtualization and keep your applications secure, fast, and available in the most operationally effi  cient manner.

This paper describes how businesses can use F5 Networks® BIG‑IP® Global Traffc Manager™ to leverage all the benefts of their secondary site in an active‑active confguration to holistically manage their applications across multiple sites. This paper also describes how you can use BIG‑IP® Link Controller™ to maintain ISP link connectivity and WANJet™ to accelerate site‑to‑site data replication across the WAN.

Deploying dynamic web applications in the enterprise offers significant benefits, but users may well experience unpredictable application performance. One cause of poor performance is server overload, which results from greater application usage and content complexity. 

This paper addresses the increased performance needs of a disaster recovery plan, and the common barriers to achieving success. It also addresses the performance gains that can be achieved by combining a F5 WANJet application acceleration solution with Double-Take® replication solutions from Double-Take® Software.

The volume and sophistication of attacks that threaten business email networks and systems are growing at exponential rates. This growth curve poses significant problems for IT and security groups trying to manage these threats.

Historically, organizations have used IPSec VPN solutions to provide employees with remote access to network resources; an expensive, complicated deployment for a handful of users. Originally designed for securing site-to-site communications, IPSec has shown it is unable to keep up with the growing demands of remote access required by today's enterprise organizations.

As applications have become increasingly dependent on the network and its infrastructure for scalability, reliability, and performance it has become necessary to ensure that the infrastructure is capable of reacting dynamically to the ever-changing conditions inside the data center that can adversely affect the delivery and performance of applications.

Fee or subscription-based CDNs (Content Delivery Networks) are often the best solution to the problem of delivering web-based information to end users in geographically disperse locations. The CDN is a clear alternative to the often costly solution of establishing multiple points of presence to address the performance problems that are inherent in delivering web-based content on a global scale. In addition, the CDN offers a solution for end users to whom broadband access may not be available or viable.

Applications don’t always perform as expected, especially when running across large or complex networks. Bandwidth is often underutilized, and sluggish response times frustrate users. Poor performance leads to lost productivity, ineffcient manual workarounds, abandoned applications, and reduced business agility.

F5 pioneered the concept of breaking up data center virtualization technologies into eight unique categories within the data center. Any virtualization products or technologies implemented in the data center will fall into one of these eight categories. With this paper, F5 discusses how it has implemented these same technologies within its own product line, helping enterprises get closer to achieving their goal of a implementing a complete Virtual Data Center with F5’s Application Delivery Networking products. 

As SSL VPN technology becomes more mainstream and organizations extend their internal infrastructures to users who are not necessarily employees, Endpoint security has become an increasing concern.  It is no longer enough to protect your assets from an unknown malicious intruder.  Organizations need to protect against trusted employees connecting from their un-patched home computers or protect against that same trusted employee entering their sensitive user credentials on a public terminal at a conference. 

With F5 solutions, organizations can provide employees with reliable and secure access to email, from wherever they are, no matter what type of device they're using. Employees can rely on email that is efficiently delivered, with minimal latency times and a dramatic improvement in performance.  Organizations can also reduce their bandwidth expenditures, use fewer server resources, and lower their overall infrastructure costs.

Understanding HTTP and how these headers control behavior of web-based applications can lead to better end-user performance, as well as making it easier to choose an application acceleration solution that addresses the shortcomings of HTTP and browser-based solutions.

This paper covers the F5® FirePass® integration with FullArmor’s GPAnywhere. FullArmor is a leading provider of enterprise policy management on the Microsoft® Windows® platform. Also, in this paper, we’ll get to know Group Policy Objects.

There’s been a lot of hype over the past year about “green” computing and the drive to lower the impact of IT and data centers on the environment. While just about everyone can get behind the concept of green computing and reducing the impact of computing on our environment, we should also be aware that every IT organization also has to worry about the other kind of green: its bottom line.

In general, efforts to “go green” have focused solely on reducing the impact of hardware on the environment through a reduction in power consumption and heat generation. The former consumes less resources and the latter requires less cooling, which decreases the power consumed by those devices. These efforts have dual green benefts.

As more medical information, including patient records, is converted into electronic format and Internet usage continues to grow, healthcare organizations are finding themselves increasingly vulnerable to attacks. The complex challenge of securing information and maintaining strict levels of patient confidentiality is increasingly difficult since web-based systems are widely used in order to provide easy and ubiquitous access to authorized users. 

In the beginning there was HTML, and it was good. Users filled out a form and hit the “submit” button, then waited for the server to respond. As applications increasingly became webified, this form-based submission model served us well and the request-reply model remained the de facto standard for building web-based applications.

For years, enterprises have struggled to find reliable, cost-effective ways to integrate and automate critical processes between different application packages. Web services technology has the potential to answer an enterprise's needs, providing the ability to integrate different systems and application types regardless of their platform, operating system, programming language, or location.

IMS architecture promises to bring a completely new world of voice, video, and data. Even the voice part of it will be something wildly different from today as vendors start talking about quad-play networks (land-line, cellular, video, and data) instead of triple-play. In fact, the Service Provider’s (SP’s) need to highlight the combined offerings of multiple voice technologies underpins the amazing transformations that we can expect to see—a world of seamless communication regardless of the access network.

Microsoft® SharePoint®, Oracle® Portal, Microsoft Outlook Web Access, and Siebel® CRM 7.7 are just a few of the dynamic web applications critical to today’s organizations. But while users working near the corporate office’s data center have virtually instant access, remote or mobile users get painfully long delays, or even worse, find the application doesn’t work at all.