17. They are designed assuming server and bandwidth resources are available and optimalWEB 2.0 SOA Mobile Users Applications & Business Processes Networks & servers are designed for capacity and connectivity Enterprise Network
18. Radware Solutions Multi-WAN Link Application Delivery Application Security Solution Application delivery solution Slide 7 Data Center Router Web & PortalServers Database Servers Internet DefensePro LinkProof Firewall AppDirector CRM Router AppWall Oracle-PeopleSoft
19. ISP2 ISP 3 ISP1 Multi-WAN Link Application Delivery Mission-critical applications (web-based ERP) are redirected via the high SLA & secure line Non-critical applications (web browsing) are redirected via the non-SLA line Easily & cost effectively add bandwidth while increasing site availability & performance Ensure employee and end-user QoE Limit or block non-business critical traffic (e.g. P2P, streaming, downloads) Headquarter Local Network HTTP for Web browsing Router Corporate users No SLA Low cost DSL lines can be aggregated for simple andcost-effective businessscalability LinkProof ERP, CRM, email, Web servers High SLA 99.99% Router HTTP for ERP / CRM Slide 8
20. IMDDOS 2010 Storm (Botnet) 2007 Srizbi (Botnet) 2007 Rustock (Botnet) 2007 Kracken (Botnet) 2008 Hackers’ Change in Motivation Vandalism and publicity “Hacktivism” Attack Risk Financially motivated Nimda (Installed Trojan) 2001 CodeRed (Defacing IIS web servers) 2001 Slammer (Attacking SQL websites) 2003 Agobot (DoS Botnet) Republican website DoS 2004 Estonia’s Web Sites DoS 2007 Georgia Web Sites DoS 2008 July 2009 Mydoom.EA WikiLeaks Revenge Attacks 2010 Blaster (Attacking Microsoft web site) 2003 Time 2011 2001 2005 Slide 9
54. Virtual Application Delivery Infrastructure – Evolution of ADCs Slide 20 Bringing the Business Value of Server Virtualization to the Application Delivery space: Cost savings, IT efficiency and Business Agility
57. Each vADC can run on top of a specialized and general purpose computing resources
58. Each vADC provides a consistent set of basic and advanced application delivery features and services, regardless of the computing resources it utilizes:
67. Alteon ADC-VA – Overall Summary Slide 27 Full ADC feature set Local and Global SLB Application Acceleration SSL offloading, Compression, Caching, Header and Body modifications All functions utilizes Software functions, no Hardware base acceleration is provided Hypervisor Support VMware ESX/ESXi 4.0/4.1 - Released KVM - Target: Q2 2011 Virtual Machine Requirements CPU:: 2 vCPUs Memory : 3.6 GB Logical Disk: 4 GB Network: 3 virtual interfaces (Management, Clients, Servers) Performance (on 4 CPU core PC) Throughput: Up to 1Gbps Layer 4: Up to 40,000 CPS Layer 7: Up to 25,000 CPS
68. VADI: Three Form Factors – Putting It Together Slide 28 Virtual Data Center Radware ADC-VX ADC Soft ADC Application A – Partitioned High SLA Service Application B – Partitioned High SLA Service Application C - Dedicated High SLA Service Application D - Lower SLA Service (Best Effort)
79. vDirect plug-in provides all the building blocks, workflows and management interfaces required to manage Radware’s VADI vADCs: Provision / Decommission / Update vADC Create / Remove server Create / Remove / Update service (Web, etc) Automatic service elasticity vDirect plug-in is free of charge First release of vDirect plug-in is fully integrated with VMware vCenter and VMware vCenter Orchestrator systems. Slide 31 VADI: Orchestration & Automation / vDirect Specifics
82. VADI: Orchestration & Automation / vDirect Plug-in Benefits Eliminates the need for frequent manual vADC configuration updates. Facilitates end-to-end service provisioning. Fully integrating Radware’s vADC into data center’s workflow automation. Full application delivery resource elasticity according to business application requirements The result: Greater IT efficiency Higher business agility Slide 34
102. Strengthen synergy between enterprise DC and Cloud DCFirewall Enterprise Data Center Orchestration system migrates the Web application to the Cloud and creates a Soft ADC in the Cloud IT manager migrates the Web application to the Cloud in order to reduce OPEX - using the Orchestration system Database Servers Firewall Radware ADC-VX
103. OnDemand Self Service ADC – 1/2 Step #1 Customer-A provisions a new high SLA service via the self service portal IaaS Provider Data Center Self Service Portal Step #2 The self Service portal instructs the Orchestration system to provision a new application VMs and vADC instance Step #4 The self service portal instructs the orchestration system to provision a new application VMs and Soft ADC instance Orchestration System Firewall Radware ADC-VX Internet Step #3 Customer-B provisions a new low SLA service via the self service portal Application B Application A Soft ADC vADC-1 Slide 40
111. Dynamic Application and Resource Alignment – 1/2 Slide 42 Internet Orchestration System Step #2 Orchestration System Periodically monitors ADC-VX’s performance metrics Notices a traffic overload in the Web application Step #3 Orchestration system adds computing resources to application and updates ADC-VX Virtual Data Center Radware ADC-VX Firewall Step #1 User accesses hosted application at Cloud data center Step #4 Redirect traffic to new resource Database Servers
112. Dynamic Application and Resource Alignment – 2/2 Slide 43 Internet IaaS Provider Data Center Orchestration System Orchestration System Firewall Step #2 Orchestration System Periodically monitors ADC-VX’s performance metrics Notices a traffic overload in the Web application Senses local data center resources are maxed out Enterprise Data Center Orchestration system initiates a Cloud Burst of the Web application and provisions a Soft ADC Database Servers Radware ADC-VX Firewall
Here are a few facts about us:Radware was founded in 97 and is publicly traded on Nasdaq since 1999.We have 662 employees with a global presence in more the 40 countries worldwideWe cultivated a wide and valued community of customers – included are a few examples from various industries including finance, eCommerce, telecom, and retail.We can boast a long track record of innovation including more than 10 different patents in the field of application delivery and security, which protect our unique technologies. Included is a sample of the technology awards we received during 2008-9 aloneIn addition, we have certified our solution with all the top application vendors such as MS, Oracle and IBM, with additional technology partnerships and OEMs.
The first set of challenges, Ensure applications availability and business continuity, means making sure that business-critical applications are highly available to users, partners and employees, everywhere, in order to insure that all business processes operate properly and healthfully. That includes:Successfully meeting Service Level Agreements (SLA)Providing Quality of Service (QoS) based on business requirements – delivering “six 9’s” availability as well as QoS based on users and/or business processes prioritizationBe able to easily, quickly deploy new services and applications - without imposing any performance degradation to existing applications
The second set of challenges, Improve applications response times, mainly refer to:Improve the Quality of Experience (QoE) - providing the best response time with minimal latency resulting in the highest end-user satisfaction and the best user experienceRemove network bottle necks originating in network congestion points due to SSL encryption/decryption operations, TCP overhead, large-objects traffic and moreOptimize usage of IT resources – redirect traffic to the most appropriate network devices in order to optimize network traffic and align the network with the business processes
So far we talked about Radware as a company; now let’s discuss the main problem we solve.In enterprise DC we have the applications, users and business processes on one side.On the other, we have the DC network and infrastructure such as servers and storage.Click – for first call out:Business applications are typically dynamic and user specific. They are designed assuming that sever and bandwidth resources are available and optimal. Application design usually does not take into account any issues that may happen with these resources.Click for second call out:On the other hand the network and servers are designed for capacity and connectivity, without addressing these issues.Click for third call out:Therefore, there is an inherent gap between application design assumptions and the services offered by the network.Click for forth call out:The result of not addressing this gap is:Application downtimeReduced productivity due to performance issuesSecurity risksOperational overheadHigher costs
So.. let’s look into what an ADC provides.First, and foremost, load balancing. Server load balancing that is both application and session aware. Sessions, as you may know from online shopping, is very critical. The ADC will keep you on a server for the whole transaction. Global Server Load Balancing provides data center operators the ability to share traffic between data centers (hot-hot) or, more commonly, provide service with a primary data center and a backup data center (hot-warm), or as a worst case scenario, Disaster Recovery and Business Continuity through either hot-warm or hot-cold environments.
VMware HA, How it works:VMware HA restarts a virtual machine on a different host should the initial host failVMware HA restarts a virtual machine on a the same host should the VM operation system failVMware FT:Only protects from physical host failures The VM FT pairs are consuming the same resources on 2 different hosts (CPU,Memory,I/O,Network) A dedicated gigabit NIC is requiredUsed for sending all the very intensive information between 2 VMsSupport only new CPUs models from Intel and AMDFT has stringent requirements – see: http://www.delltechcenter.com/page/VMware+vSphere+Fault+Tolerance FT can be wasteful because it runs on two hypervisors for one resourceFT bullet #2: in FT there are 2 VM running on 2 different hosts doing the SAME thing - this is a waste of resources. With ADC you need more than 1 VM but each is serving customersFT bullet #3: FT can work only with new hardware (PC hardware)
Radware’s VADI multiple delivery methods consists of three form factors: The single use dedicated ADCA Hypervisor based ADC called the ADC-VXA virtual appliance The dedicated physical ADC device running a single vADC“Siloed” data center architectureHybrid (virtualized and physical) data centerApplications requiring high performance predictabilityRadware ADC-VXTMADC hypervisor running multiplevADCs on a specialized ADC hardwareADC consolidation projectsVirtualized data center requiring high ADC agilityApplications requiring high performance predictabilityRadware ADC-VAvADC on a general server virtualization infrastructureCloud providers & Virtualized data center requiring high ADC agilityDevelopment, testing and QA environmentsWhy are 3 form factors required:Application SLA requirementsNumber of required vADC instancesThroughput capacity each vADC requiresCost savings objectivesData center footprint limitationsApplication deployment model
Radware’s VADI multiple delivery methods consists of three form factors: The single use dedicated ADCA Hypervisor based ADC called the ADC-VXA virtual appliance The dedicated physical ADC device running a single vADC“Siloed” data center architectureHybrid (virtualized and physical) data centerApplications requiring high performance predictabilityRadware ADC-VXTMADC hypervisor running multiplevADCs on a specialized ADC hardwareADC consolidation projectsVirtualized data center requiring high ADC agilityApplications requiring high performance predictabilityRadware ADC-VAvADC on a general server virtualization infrastructureCloud providers & Virtualized data center requiring high ADC agilityDevelopment, testing and QA environmentsWhy are 3 form factors required:Application SLA requirementsNumber of required vADC instancesThroughput capacity each vADC requiresCost savings objectivesData center footprint limitationsApplication deployment model
vADC on a general server virtualization infrastructureCloud providers & Virtualized data center requiring high ADC agilityDevelopment, testing and QA environmentsApplications requiring only best-effort performanceSoft ADC provided as VMware OVFSupports tiered throughput licenses – 200Mbps, 500Mbps, and 1GbpsSoft ADCs provide the same ADC functionality as traditional physical ADC devices
All 3 form factors provide the same ADC functionalityThe form factors differs in:SLA levelPerformanceRack space requirementSolution agilityNumber of virtual ADC instances
In order to integrate Radware’s VADI architecture with the virtual data center eco-system, Radware developed vDirectTM Plug-in.
vDirect Plug-in eliminates the need for:Frequent manual ADC configuration updatesScripting and manual configuration within the virtual environmentFit any data center and virtual infrastructure size - Radware’s vDirect plug-in is fully integrated with VMware vCenter and vCenter Orchestratorprovides automation and management benefits for any customer using VMware virtualization infrastructure, from SMBs using basic automatic work flows such as on demand VM resources allocation through large enterprises and up to Cloud services providers implementing fully automated service provisioning from VMs and storage to ADCs.Full business agility and resource elasticity - Radware’s vDirect plug-in allows instant provisioning and decommissioning of Radware vADC instances as part of end-to-end service creation.Radware’s vDirect plug-in facilitates virtual infrastructure elasticity by enabling automatic adding/removing computing resources to hosted applications while aligning the ADC configuration with the changes.Drives IT efficiency via workflow automation - Radware’s vDirect plug-in integrates Radware’s ADC into the virtual data center workflow automation, driving greater levels of IT efficiency in the virtualized data center and extracting more value from Radware’s ADC solution.Facilitates the creation of a cross data center service delivery control plane - Radware’s vDirect plug-in allows sharing availability and performance based KPIs with the Cloud orchestration. Allowing creating a service delivery control plane that continuously determines the most adequate data center to serve each end-user.
Best-of-breed self-serving ADCA customer can easily add a new VIP to the ADC representing his hosted applicationThe ADC automatically measures the traffic and number of users for billing purposesFull support for network requirementsFacilitate the generation of new revenue from existing ADC infrastructureApplication delivery as a serviceApplication acceleration capabilities as add-on servicesOn demand throughput and service scalability Cost-effectively accommodate future growth in the number of users, applications, and traffic served by the ADC.Full investment protection, increased asset ROI,and CAPEX savings - no forklift upgrade requiredPay-as-you-grow approach- pay for the exact capacity required, and flexibly scale up when more is needed
Align business application requirements with the infrastructureEnsure business applications get the resources they needGuaranteebest response time for the end-userReduce virtual infrastructure OPEX by freeing IT resourcesReal-time alignment of resources with the networkBenefit from Radware’s Global Traffic Redirection Solution between enterprise and Cloud DC
Radware ADC adds value to VMware users:Ensure application availability and business continuityEnhance application performance and response timeIntegrate the ADC services into the data center workflow automationEnable higher VM densityEnable greater service agilityIncrease staff efficiency and reduce CAPEX & OPEX