kemp technologies load balancing and application … unit + gslb (gtm) $11,000 $42,000 esp/apm...
TRANSCRIPT
VMware
Hyper-V
Xen
KVM
Oracle VM
Virtual Appliances
Bare Metal Load Balancers & ADCs Purpose-built
Hardware Cloud Load Balancers
AGENDA
Kemp Aplication Delivery Controller
Nowości produktowe oraz funkcje OS 7-1.28
ESP Pack następca funkcji Microsoft ISA/TMG
Kemp przegląd funkcji bezpieczeństwa
Kemp Application Firewall Pack
Intrusion Prevention System
Pytania i odpowiedzi
What we do
KEMP builds Load Balancing and Application Delivery Controllers > Enabling our customers to achieve:
High Availability
Application Acceleration
Scalability
Security
KEMP Technologies Load Balancing and Application Delivery Control
2015
ADC H/W Appliances Virtual ADC Appliances Bare Metal ADCs Cloud ADCs
• Fast Growing ADC Vendor, #3 in WW Units Shipped
• 24,000+ WW customer deployments
• Customer Focus: Mid-market organizations and BUs within large ent
• Product Focus: LB & AD functionality
Introduction to KEMP
Leading Load Balancer and ADC ISV Accelerating Growth & Performance
• VC investment in 2012 to fuel growth
• 499.1% revenue and employee growth over past 5 years (Deloitte Fast 500™)
• 35%+ Y-on-Y revenue growth
Global Presence & Team
• Corporate HQ in NYC
• Regional Operation, Development & Support Centers in Long Island, Limerick, Hannover and Singapore
• 190+ employees, with 40%+ in R&D
KEMP Key Differentiation: Price/Performance leader with ubiquitous platform deployments
Copyright © 2015 KEMP Technologies, Inc. All Rights Reserved.
“ The company is well positioned
as SDN and Network Function
Virtualization (NFV) achieving
increased mainstream adoption,
as KEMP has a software-
centric vision, with SDN and
NFV products available”
KEM
P
Riverbed
Radware
Citrix
F5
A10
Barracuda
Array
Sangfo
r Piolin
k
Challengers Leaders
Visionaries Niche Players
Completeness of vision
Copyright © 2015 KEMP Technologies, Inc. All Rights Reserved.
GARTNER REPORT 2014
Copyright © 2015 KEMP Technologies, Inc. All Rights Reserved.
*1,000+ employees
KEMP WW 23,000+ customers, 26,000
deployments
20,000+ units under current support
Now @ 180 employees WW
30% YOY growth
30%+ plan for 2015
$M
illio
ns
Why KEMP – Our Growth
Copyright © 2015 KEMP Technologies, Inc. All Rights Reserved.
DELL’ORO GROUP ADC MARKET ANALYTICS
• Globally Fastest Growing ADC Vendor in 2014 : 32% *
• Globally 2nd in Virtual ADC 2014 : 14.1% share *
• EMEA 3rd in ADC Appliances shipped 14.3% Qtr1 2015 *
* Source Dell’Oro ADC Vendor Table Qtr1 2015 report
Copyright © 2015 KEMP Technologies, Inc. All Rights Reserved.
“MARKET-DISRUPTIVE” SOFTWARE-CENTRIC BUSINESS
• 2012 KEMP began the shift to a software-centric business model
• Only company in the ADC sector that’s successfully transitioning, with almost 40% of billings coming from software appliances in 2014
• Over 50% in unit quantity
• 43% billings YTD 2015
% Software
Copyright © 2015 KEMP Technologies, Inc. All Rights Reserved.
*Dell’Oro
0%
5%
10%
15%
20%
25%
30%
35%
40%
2011 2012 2013 2014
ADC Sector* KEMP
EXPANDING OUR TAM WITH SDN/NFV INNOVATION
$2.2B
$5B
$35B
$2.2B
$5B
$35B
ADC NFV SDN
2018 TAM
SDN
Controllers
Network
Underlays
Proprietary
SDN-enabled
switches White box
switches
Network
Overlays
SDN
Applications
KEMP 360
• Orchestration
• Provisioning
• Management
KEMP SDN SOLUTION
• L2-7 Intelligent App Delivery
• Improved QoS and User Experience
Copyright © 2015 KEMP Technologies, Inc. All Rights Reserved.
(1) Dell’Oro; (2) Light Reading; (3) SDNCentral
ADC Market1
NFV Market2
SDN Market3
Copyright © 2015 KEMP Technologies, Inc. All Rights Reserved.
STRATEGIC ALLIANCES
Application
Workload
LoadMaster
Platform
SMB
SDN Cloud Virtual Hardware Bare Metal
SMB to Enterprise
Workloads now and in the future
• Expanding the Workload portfolio • Application Templates
• Deployment Guides
• Certification
Distribute user requests to best-performing server
Active/Hot-Standby, with Stateful Failover
Server Hardware and Application Health Checking
Layer 4/7 Persistence
Layer 7 Content Switching
SSL Acceleration
Compression, Cache
Intrusion Prevention Systems (IPS)
Support for Edge Security Pack**
Application Firewall Pack
Global Sever Load Balancing Sizing Configurator https://kemptechnologies.com/load-balancer-sizing-exchange-2010/ https://kemptechnologies.com/load-balancer-sizing-exchange-2013
W h a t c a n b e l o a d b a l a n c e d w i t h K E M P ?
MS Terminal, Citrix Servers
Others, incl ERP, CRM, Legacy Applications
Virtualized Servers
VMware
Hyper-V
Xen
KVM
Oracle VM
Cloud
Web Servers & Intranet Apps, Incl. Sharepoint
Mail & Messaging Servers – incl. Exchange & Lync/OCS
Application Users
Exchange Servers
MS Terminal Services
Exchange Servers
Lync Servers
LM-GEO
OAS Servers
KEMP as part of Microsoft Workloads
MS ADFS Servers
LM-GEO
Certified Microsoft Exchange 2010 & 2013 Certified Microsoft Lync 2010 & 2013 Certified Sharepoint RDS (terminal services) Pre-Authentication ESP, replacement for TMG
LM-3000
• 4 x 1 Gbit Ethernet
• 1.7 Gbps throughput
• 1,000 2K SSL TPS
• 2,500 1K SSL TPS
• 8.6 Million L4 concurrent connections
New LoadMaster Model LoadMaster
LM-2600
€ 5,890
LM-3000
€ 5,990
Application Throughput 1.7Gbps 1.7Gbps
Gigabit Ethernet Ports 4 4
10 Gigabit Fiber Ports (SFP+) N/A N/A
SSL TPS (2K Keys) 1,000 1,000
SSL TPS (1K Keys) 2,000 2,000
Layer 4 Concurrent connections 8,600,00
0
8,600,00
0
Real Servers / Virtual Services 1000/50
0
1000/50
0
Web Application Firewall Pack (AFP)
supported N/A N/A
TMG Replacement (Authentication /
SSO)
GSLB Multi-Site Load Balancing
Supported
Redundant Hot Swap Power Supply N/A N/A
HTTP Compression
Content Caching
RESTful API
New LoadMaster Model
LM-4000
• 2 x 1 Gbit Ethernet
• 2 x 10 Gbit SPF+ Fib
• 6.0 Gbps throughput
• 2,500 2K SSL TPS
• 5,000 1K SSL TPS
• 12.8 Million concurrent L4 connections
LoadMaster LM-3600
€ 8,290
LM-4000
€ 8,990
Application Throughput 3.4Gbps 6 Gbps
Gigabit Ethernet Ports 8 2
10 Gigabit Fiber Ports (SFP+) N/A 2
SSL TPS (2K Keys) 2,500 2,500
SSL TPS (1K Keys) 5,000 5,000
Layer 4 Concurrent connections 12,800,0
00
12,800,0
00
Real Servers / Virtual Services 1000/100
0
1000/100
0
Web Application Firewall Pack (AFP)
supported
TMG Replacement (Authentication
/ SSO)
GSLB Multi-Site Load Balancing
Supported
Redundant Hot Swap Power Supply N/A N/A
HTTP Compression
Content Caching
RESTful API
Product/Specs* KEMP LM-4000
F5 BIG-IP LTM 2000s
Max Balancer L7 Throughput 6 Gbps 5 Gbps
Max SSL TPS (2K keys) 2,500 2,000
Max Concurrent Connections 8.6M 5M
Pricing (MSRP)
Base Unit $8,000 $18,000
Base Unit + GSLB (GTM) $11,000 $42,000
ESP/APM Add-on (Auth/Pre-Auth, SSO, Logging)
Included $10,000
3 Year Premium Service (7x24) $4,800 $13,500
Total (Including GSLB + ESP/APM)
$15,800 $65,500
Total for HA – Redundant Configuration
$31,600 $131,000
Difference ($99,400) *F5 Spec Source: http://www.f5.com/pdf/products/big-ip-platforms-datasheet.pdf
NEW HARDWARE…NEW TARGETS
New LoadMaster Model
LM-5000 • 4 X 1Gb Ports • 2 x 10Gb SFP+ Direct Attach Ports • 11 Gbps L7 balancer throughput • SSL TPS (2K Keys): 5,000 • SSL TPS (1K Keys): 10,000 • L4 Concurrent Connections: 26,500,000
LoadMaster
LM-5400
€ 14,575
LM-5000
€ 14,000
LM-5600
€ 20,000
Application Throughput 10.2Gbps 11 Gbps 11Gbps
Gigabit Ethernet Ports 8 4 4
10 Gigabit Fiber Ports (SFP+) 2 2 2
SSL TPS (2K Keys) 7,000 5,000 10,000
SSL TPS (1K Keys) 9,300 10,000 17,000
Layer 4 Concurrent connections 25,600,000 26,500,000 26,500,000
Real Servers / Virtual Services 1000/1000 1000/1000 1000/1000
Web Application Firewall Pack
(AFP) supported
TMG Replacement (Authentication
/ SSO)
GSLB Multi-Site Load Balancing
Supported
Redundant Hot Swap Power Supply
HTTP Compression
Content Caching
RESTful API
Product/Specs* KEMP LM-5400
F5 BIG-IP LTM 6900
Max Balancer L7 Throughput 10 Gbps 6 Gbps
Max SSL TPS (2K keys) 7,000 5,000
Max Concurrent Connections 25.6M 6M
Pricing (MSRP)
Base Unit $18,000 $55,000
Base Unit + GSLB (GTM) $18,000 $91,000
ESP/APM Add-on (Auth/Pre-Auth, SSO, Logging)
Included $18,000
3 Year Premium Service (7x24) $8,500 $40,000
Total (Including GSLB + ESP/APM) $26,500 $149,000
Total for HA – Redundant Configuration
$53,000 $298,000
Difference ($245,000) *F5 Spec Source: http://www.f5.com/pdf/products/big-ip-platforms-datasheet.pdf
NEW HARDWARE…NEW TARGETS
New LoadMaster Model
LM-8000 • 20.0 Gbps throughput • 16,500 2K SSL TPS • 25,000 1K SSL TPS • 6 x 10 Gbit SPF+ Fiber • 75.8 Million concurrent L4 connections • Redundant (1+1) PSU
LoadMaster
LM-8000
€ 29,710
Application Throughput 20Gbps
Gigabit Ethernet Ports 0
10 Gigabit Fiber Ports (SFP+) 6
SSL TPS (2K Keys) 16,000
SSL TPS (1K Keys) 25,500
Layer 4 Concurrent connections 75,800,000
Real Servers / Virtual Services 1000/1000
Web Application Firewall Pack (AFP)
supported
TMG Replacement (Authentication /
SSO)
GSLB Multi-Site Load Balancing
Supported
Redundant Hot Swap Power
Supply
HTTP Compression
Content Caching
RESTful API
New LoadMaster Model
LM-8020 • 30.0 Gbps throughput • 30,000 2K SSL TPS • 46,000 1K SSL TPS • 6 x 10 Gbit SPF+ Fiber • 75.8 Million concurrent L4 connections • Redundant (1+1) PSU
LoadMaster
LM-8020
€ 42,450
Application Throughput 30Gbps
Gigabit Ethernet Ports 0
10 Gigabit Fiber Ports (SFP+) 6
SSL TPS (2K Keys) 30,000
SSL TPS (1K Keys) 46,000
Layer 4 Concurrent connections 75,800,00
0
Real Servers / Virtual Services 1000/100
0
Web Application Firewall Pack (AFP)
supported
TMG Replacement (Authentication
/ SSO)
GSLB Multi-Site Load Balancing
Supported
Redundant Hot Swap
Power Supply
HTTP Compression
Content Caching
RESTful API
KEMP LoadMaster™ Hardware Load Balancers
LoadMaster LM-2400 LM-3000 LM-4000 LM-5000 LM-5600 LM-8000 LM-8020
Max Balancer Throughput 1,2 Gbps 1,7 Gbps 6,0 Gbps 11,2 Gbps 11 Gbps 20 Gbps 30 Gbps
SSL Transactions Per/Second (TPS) 1000 2 000 5 000 5 000 10 000 16 000 30 000
Requests per second (HTTP) 45 000 69 000 165 000 198 000 198 000 380 000 450 000
Layer 4 concurrent connections 1000000 860000 12800000 26500000 26500000 75800000 75800000
Max Servers Supported / Virtual
Clusters
1000/500 1000/500 1000/1000 1000/1000 1 000/1000 1 000/1000 1 000/1000
Network ports 4 xGbE 4 x GbE 2 x 10G (SPF+) ports 2 x 10G (SPF+) ports 4 x GbE и 2 x 10Gb (SFP+)
6 x GbE и 2 x 10Gb (SFP+)
6 x 10Gb (SFP+)
Rack-mountable 1U 1U 1U 1U 1U 1U 1U
Storage Disk ✓ ✓ ✓ ✓ ✓ ✓ ✓
Power Supply (Watts) 200 350 250W ATX 500W (1+1) Power Supply
2x550 hot swap 2x495 hot swap 2x495 hot swap
Layer 4/7 Load Balancing ✓ ✓ ✓ ✓ ✓ ✓ ✓
Content Switching ✓ ✓ ✓ ✓ ✓ ✓ ✓
Caching, Compression ✓ ✓ ✓ ✓ ✓ ✓ ✓
IPS (SNORT-Rules ) ✓ ✓ ✓ ✓ ✓ ✓ ✓
MS Exchange 2010/2013
Optimized
✓ ✓ ✓ ✓ ✓ ✓ ✓
Active/Hot-standby Redundant ✓ ✓ ✓ ✓ ✓ ✓ ✓
Support for Edge Security
Pack**
✓ ✓ ✓ ✓ ✓ ✓ ✓
Bonding/Teaming Ports ✓ ✓ ✓ ✓ ✓ ✓ ✓
VLAN Trunking (802.1Q) ✓ ✓ ✓ ✓ ✓ ✓ ✓
GSLB ✓ ✓ ✓ ✓ ✓ ✓ ✓
Web Application Firewall Pack ✓ ✓ ✓
✓
✓
KEMP Virtual LoadMaster™ Virtual Load Balancers & Application Delivery Controllers
Model Number VLM-200 LM-2000 VLM -5000 VLM-10G
Max Balancer Throughput (Mbps) 200 (Mbps) 2000 (Mbps) 5000 (Mbps) 10 000 (Mbps)
SSL Transactions Per/Second (TPS) 200 1000 5000 12000
Max Servers Supported / Virtual
Clusters
1 000/1000 1 000/1 000 1 000/1 000 1 000/1 000
Layer 4/7 Load Balancing ✓ ✓ ✓ ✓
Content Switching ✓ ✓ ✓ ✓
Application Health Checking ✓ ✓ ✓ ✓
Caching, Compression Engine ✓ ✓ ✓ ✓
IPS (SNORT-Rules compatible) ✓ ✓ ✓ ✓
L7 Persistence Options ✓ ✓ ✓ ✓
MS Exchange 2010 / 2013 Optimized ✓ ✓ ✓ ✓
Bonding/Teaming Ports (802.3ad/LACP) ✓ ✓ ✓ ✓
VLAN Trunking (802.1Q) ✓ ✓ ✓ ✓
Support for Edge Security Pack ✓ ✓ ✓ ✓
GSLB (Multi-site) ✓ ✓ ✓ ✓
Web Application Firewall Pack (AFP) §
✓ ✓ ✓ ✓
Technical Support (1st year support is included with purchase of new KEMP Loadmaster)
Basic Support includes: 5 X 10 Live Telephone Support Unlimited e-mail support Hardware replacement policy Software fixes and updates Premium Support: 7 X 24 Telephone Support Coverage 24 hr Hardware replacement KEMP Technologies Tri - Dundancy program Tri-Dundancy Bundle of KEMP Loadmaster (incl a Cold Spare Unit at 50%) including with total 3 Years Premium Support (24x7) and 1x Cold Standby Unit
KEMP LoadMaster Remote Configuration Service 1. Get Up and Running in Four Hours! 2. Requirements Review 3. Environment Review 4. Network Configuration and Validation 5. HA Configuration and Validation 6. System Administration Configuration Setup 7. Virtual Service Deployment 8. Training 9. Deployment Validation
Benefits: • High-speed load balancing • Easy to deploy and manage • High Availability and Scalability for
multiple workloads • Layer 7 Application Health Check • Content switching with application
acceleration • Multiple persistence options
• Data compression and caching • SSL offload and traffic inspection • Service/Application Aware • Prevents Port flooding • Reverse Proxy • Web Application Firewall • User Pre-Authentication/Single Sign-On • Combines the simplicity of Layer 4 with
the Layer 7 functionality (Exchange 2013)
Microsoft Lync Server 2010/2013 Load Balancer 1. High-speed load balancing 2. Easy to deploy and manage 3. High Availability and Scalability for multiple
workloads 4. Layer 7 Application Health Check 5. Content switching with application
acceleration 6. Multiple persistence options 7. SSL offload/acceleration, network traffic
optimization 8. Web Application Firewall 9. Front End pools, Director pools, and or Edge
Server pools 10. Load balancing for the internal and external
web services (DNS) 11. Reverse proxy services 12. Support for integration with external
services
1. Maximize the efficiency and effectiveness of your networks 2. Maintain persistence/perform resource monitoring for Window servers running multiple services 3. LoadMaster resource monitoring feature offers useful data on both memory and CPU 4. Integrate seamlessly with MS Session Directory 5. RDP-based Layer 7 Persistence 6. Incorporates client session reconnect without the need for the Session Directory service 7. Health checking for servers running Microsoft WTS
Load Balancing for Windows Terminal Services (WTS)
The KEMP ESP – Edge Security Pack
• Microsoft Forefront Threat Management Gateway (TMG) END-OF-LIFE September 2012
….before
…after
Pre-Authentication
Single sign-on across Virtual Services
Host and directory-level security
Customizable forms-based authentication
Security group membership validation
Multiple authentication providers
Persistent Logging and Reporting for User Logging
Cloud load balancers
L4/L7 Server Load Balancing Complete Restful API for Orchestration PowerShell API for Orchestration Content Switching SSL Acceleration Cookie (L7) Persistence Server Health Monitoring Service “Aware” Header Re-write L7 Transparency Caching, Compression Application-specific Templates Edge Security Pack Pre-Auth Single Sign-on
• Cisco UCS B/C-Series • Dell PowerEdge R Series • HP ProLiant DL • Oracle x86 • Fujitsu Server PRIMERGY
Web & Application
Operation & Management
Exchange, Lync & SharePoint
VDI & Virtual App Delivery
Bare Metal Load Balancers & ADCs
Virtual LoadMaster for vCloud Air
VMware Horizon Workspace
vCenter Log Insight Manager vCenter Operations Management Pack
VMware Application Delivery with KEMP Loadmaster covers the following:
Multi tenancy based on a hardware platform
No upfront costs for expensive hardware - multi-tenancy is installed bare metal on HP, Cisco, Dell or Oracle servers without lock-in to expensive proprietary hardware (e.g. Citrix SDX)
Real tenant isolation - multi-tenancy allows for full tenant isolation by providing it’s own internal virtualization layer, therefore preventing impacts from one tenant spilling over to others
Real Servers
CLUSTER
clients
Direct Server Return (DSR)
KEMP LoadMaster Clustering
KEMP SDN Adaptive, powered by the HP VAN SDN Controller
*Download KEMP SDN Adaptive for HP VAN from the HP SDN App Store.*
LoadMaster for EMC Oracle Applications – Load Balance/Reverse Proxy
SAP Solutions – Load Balancing/Reverse Proxy
• Sharepoint • 2010
• 2013
• Skype for Business
• Fujitsu Synapse • PACS – Medical Imaging
Sizing Configurator
https://kemptechnologies.com/load-balancer-sizing-exchange-2010/
https://kemptechnologies.com/load-balancer-sizing-exchange-2013/
Simply configuration – Application Templates
KEMP Application Firewall Pack
KEY Features: Daily Rule Updates SQL injection protection Cross-site scripting mitigation CSRF prevention Cookie tampering prevention IP reputation checking Data leakage protection
Using the KEMP LoadMaster as a Reverse Proxy
SSL Key management functionality out of the box Effective Layer 4-7 load balancing Data compression capabilities Optimized failover High Availability options Content caching Traffic re-encryption A full range of scheduling and persistence methods
Application Delivery
• Layer 4/7 Load Balancing
• Intrusion Prevention
Services
• SNORT Rule Compatible
• TLS (SSL)
Acceleration/Offload
• Caching, compression
Engine
Custom App Rules Rule Chaining Application Profiling
Access Control
• LDAP / RADIUS / Multi-
Factor Authentication
• Granular access control
• Logging / Reporting
• Event logging
• Redundancy and
Availability
• Active/Standby
Configuration
Traffic Inspection
• OWASP Top 10
• HTTP/HTTPS Filtering
• Active or Passive Mode of
operation
• Cross-site scripting
protection
• SQL Injection Protection
• IP Reputation Protection
• Cookie tampering
protection
Logging & Monitoring
Logging & Monitoring
Application Servers
LoadMaster with AFP Security Services
L7
Parser
Caching &
Compressi
on
ESP AFP IPS
KEMP AFP Workflow
Active (block and log) Mode
Operation Support Built-In Logging
Cookie and Form Tampering Prevention
Cross-Site Scripting (XSS)
Mitigation
Cross-Site Request Forgery (CSRF)
Blocking
Daily Rule Updates Data Leak Prevention
Encryption Stream Interception
IP Reputation Checking
Full ADC Integration
OWASP Top Ten Protection
Passive (log only) Mode Operation
Support
Packaged and Custom
Application Support
Support for PCI-DSS Compliance
Trojan Protection
KEMP AFP Feature Summary