and server resources and present them as one. Combining Dell PowerEdge
M1000e modular blade enclosures with F5® BIG-IP® Local Traffic Manager™.
Blade Servers
Secure, Unified Web Application Delivery with F5 BIG-IP and Dell Blade Servers The Dell™ PowerEdge™ M1000e modular blade enclosure offers the power and flexibility to meet the most demanding workloads. Dell and F5 Networks provide a comprehensive delivery system for Web applications designed for high performance and scalability as well as tight security to help safeguard critical data.
A
By Scott Siragusa Dan Kim
s enterprises continue to Web enable their
e-commerce companies relying on Web applications
core applications, the need for high avail-
for revenue to services organizations relying on
ability, scalability, security, performance
information delivery over the Internet. Traditionally,
optimization, and simplified management has intensi-
these enterprises have implemented simple load-
fied. Blade servers—modular, ultra-dense servers
balancing clusters to help ensure the availability of
using a single chassis with high redundancy—enable
Web servers. However, as usage increased and large
economies of scale in data centers while helping dras-
deployments became common, increased network
tically reduce requirements for power, space, and
traffic, limited health-checking capabilities, and
dedicated hardware management.
increased security concerns left organizations
However, using the advantages of blade servers
searching for a more comprehensive solution than these clusters could provide.
Related Categories:
for Web application delivery also requires an
Blade servers
approach that can unify independent application
F5 BIG-IP LTM systems can detect a variety of
Security
and server resources and present them as one.
device failures to help ensure mission-critical
Combining Dell PowerEdge M1000e modular blade
resources respond appropriately to maintain avail-
enclosures with F5® BIG-IP® Local Traffic Manager
™
ability, while simultaneously accelerating performance
(LTM) and BIG-IP Application Security Manager ™
through features like compression, RAM caching,
(ASM) systems offers a secure, unified way to
Secure Sockets Layer (SSL) offload, and TCP optimi-
deliver Web applications—helping simplify IT by
zations. Advanced content and application checks
allowing comprehensive control with flexible scal-
such as Extended Content Verification (ECV) and
ability for enhanced enterprise agility.
Extended Application Verification (EAV) simulate an
Visit DELL.COM/PowerSolutions for the complete category index.
1
end-user request and monitor the true availability of
Deploying scalable, highly available Web applications
application content. These advanced health-checking
Maintaining consistent availability is generally a key
of availability for their critical applications while help-
concern for enterprises deploying Web servers, from
ing reduce operational complexity and costs. If one
1
capabilities can help organizations achieve high levels
For more information on the PowerEdge M1000e, see “The Next-Generation Dell PowerEdge M1000e Modular Blade Enclosure,” by Chad Fenner, in Dell Power Solutions, February 2008, DELL.COM/Downloads/Global/Power/ps1q08-20080206-Fenner.pdf.
Reprinted from Dell Power Solutions, May 2008. Copyright © 2008 Dell Inc. All rights reserved.
DELL.COM/PowerSolutions
69
Blade Servers
service is nearing the limits of its capac-
lication App
Web and application resources.
Data top
meet growing organizational demands on
rk
Network security attacks
highly available environment to help them
o tw
organizations can create a highly scalable,
Ac
Defending against security threats
Ne
IDS
stem Sy
Dell PowerEdge M1000e blade servers,
Ne t
ork
balancing pool. By combining LTM with
w
a
network and then to the BIG-IP load-
st IDS Ho ecure OS s nd
cess
Fir ewal l
De
nt ivi rus
another instance of the service to the
sk
ity, scaling it can be as simple as adding
A
Web site security is becoming increasingly complex, and increasingly crucial to Web server deployments. Some of the most serious—and most common—net-
Figure 1. Enterprise applications are a key vector for network security attacks
work security threats come from attacks targeting vulnerabilities in Web traffic or
overhead. By offloading SSL and persis-
management capabilities. Centralizing
enterprise applications (see Figure 1).
tence functions, administrators can create
this feature on an LTM system rather
These attacks typically ignore conven-
a comprehensive proxy environment with
than deploying it on each Web server
tional firewalls, intrusion detection sys-
increased application performance.
individually can provide significant sav-
tems (IDSs), and intrusion prevention
Figure 2 illustrates a typical deployment
ings on management costs.
systems (IPSs), and are often difficult and
of BIG-IP LTM systems and Dell PowerEdge
costly to prevent.
M1000e blade servers in a secure, highly
Meeting security standards
scalable, highly available environment.
The Payment Card Industry (PCI) Security
BIG-IP LTM systems enable organiza-
LTM systems are also available with
Standards Council—founded by American
Federal
Processing
Express, Discover Financial Services,
processor-
Standard (FIPS) 140-2 Level 2 certified
JCB, MasterCard Worldwide, and Visa
intensive SSL transactions from front-end
cryptographic/SSL accelerator. FIPS
International—created the PCI Data Security
servers can help significantly increase
products from F5 Networks meet the
Standard (DSS) to manage the ongoing
the performance of Web server clusters,
high levels of security standards required
evolution of security in this industry. This
freeing Web sites to handle additional
by government agencies, financial ser-
standard applies to organizations that pro-
user requests. This solution helps maxi-
vices, and health care organizations by
cess, store, and transmit cardholder and
mize application availability, simplify
integrating a tamper-resistant key pro-
transaction data, and includes 12 basic
maintenance, and reduce administration
tection module and sophisticated key
requirements organized into six core areas.2
tions to encrypt Web traffic by integrating SSL encryption and decryption
a
capabilities.
Internet
Offloading
Information
Firewall Dell/EMC CX series storage F5 BIG-IP Local Traffic Manager systems (redundant configuration)
Virtualized Web and application servers (Dell PowerEdge M1000e blade servers)
Enterprise systems (Dell PowerEdge 6950 servers)
Figure 2. F5 BIG-IP Local Traffic Manager systems with Dell PowerEdge M1000e blade servers help provide a secure, highly scalable, highly available environment 2
For more information, visit www.pcisecuritystandards.org/tech.
70
DELL POWER SOLUTIONS | May 2008
Reprinted from Dell Power Solutions, May 2008. Copyright © 2008 Dell Inc. All rights reserved.
F5 solutions can help organizations in all six DSS core areas and 10 out of 12 requirements. Most notably, requirement 6.6 in the DSS specification explicitly states the need for either an annual code review of applications or a Web application firewall to address security vulnerabilities in Web applications—a key feature available as a stand-alone appliance or product module for F5 BIG-IP.
“Together, F5 Networks and Dell can
provide comprehensive solutions to help make Web applications secure, fast, and highly available for organizations of all sizes to help them maximize return on investment.”
BIG-IP ASM systems are designed to provide comprehensive protection for Web applications and operational infra-
Flash, and active code. In addition, this
application optimization, protect the
structure. These systems use an auto-
adaptive learning and tuning engine can
application and the network, and deliver
adaptive
application
help significantly reduce the administra-
application reliability—all on one univer-
delivery security in which the security
tive overhead for managing policy defini-
sal platform. Together, F5 Networks and
policy is automatically updated based
tions. Organizations can deploy ASM as
Dell can provide comprehensive solutions
on observed traffic patterns. This simpli-
a stand-alone device or as a module on
to help make Web applications secure,
fied approach to configuration helps
an LTM system.
fast, and highly available for organiza-
approach
to
simplify implementation and mainte-
In addition to providing a highly
nance and reduce overall total cost
secure application firewall, ASM is also
of ownership.
designed for high performance. By taking
tions of all sizes to help them maximize return on investment.
ASM also includes features beyond
advantage of the F5 Traffic Management
Scott Siragusa is the senior strategic part-
Web application security. As an underlying
OS (TMOS™) unified architecture, ASM can
ner manager on the Dell/F5 Partner Team
base, it provides Web application firewall
use compression, RAM caching, SSL
specializing in application delivery and
functionality such as protection against
offload, TCP optimizations, and other per-
security solutions. He has more than 9 years
cross-site scripting, buffer overflow, SQL
formance optimizations to help acceler-
of experience in marketing, solution archi-
or OS injection, cookie poisoning, forceful
ate firewall and application performance.
tecture, and business development with
browsing, and manipulation of invalidated
Basing a Web application delivery infra-
Dell and F5 Networks.
input, as well as content scrubbing and
structure on ASM and Dell PowerEdge
resource cloaking. By providing compre-
M1000e blade servers can help organiza-
Dan Kim is a product marketing manager
hensive
security
for
International
tions create a highly scalable, high-
for F5 Networks specializing in application
Organization for Standardization (ISO)
performance
delivery and security solutions. He has been
Open System Interconnection (OSI) model
simultaneously helping ensure security.
environment
while
Layer 2 (data link) through Layer 7 (appli-
the network and IT industry for almost
distributed denial-of-service (DDoS) attack
Creating a unified Web application delivery framework
protection, Layer 4 (transport) filtering,
F5 Networks is the global leader in appli-
and Layer 7 DoS attack protection to
cation delivery networking, and the
Layer 7 application security, ASM offers a
Dell PowerEdge M1000e modular blade
comprehensive approach to application
enclosure provides a highly redundant,
delivery security.
highly energy-efficient server chassis
cation), ASM offers a holistic approach to application delivery security. From robust
with F5 Networks for over 7 years and in
The latest ASM version introduces a
while enabling maximum flexibility and
host of advanced security features such
modularity. By adding intelligence and
as XML firewall, FTP security, evasion
manageability into the network to offload
attack protection, and active code pro-
applications, F5 BIG-IP systems help opti-
tection. The new Real Traffic Policy
mize applications and allow them to work
Builder™ engine provides security heuris-
faster and consume fewer resources than
tics to not only inspect bidirectional traf-
they would otherwise. The F5 extensible
fic in real time, but also parse JavaScript,
architecture helps intelligently integrate
Reprinted from Dell Power Solutions, May 2008. Copyright © 2008 Dell Inc. All rights reserved.
10 years.
QUICK LINKS F5 Networks: www.f5.com Dell PowerEdge M1000e: DELL.COM/Blades
DELL.COM/PowerSolutions
71
