F5, Inc.: Difference between revisions

F5 Networks, Inc.

Company type	Public (NASDAQ)
Industry	Technology
Founded	1996
Headquarters	Seattle, Washington
Key people	CEO: John McAdam
Products	Networking
Revenue	$650.2 million USD (2008)
Total assets	$939.2 million USD (2008)
Number of employees	1709 (as of 2009-2-20)
Website	www.f5.com

F5 Networks, Inc. (Nasdaq: FFIV) is a networking appliances company. It is headquartered in Seattle, Washington and has development and marketing offices worldwide. It originally manufactured and sold some of the first load balancing products.

F5 Networks' flagship product, the BIG-IP network appliance, was originally a network load balancer but today also offers other functionality such as access control and application security. Add-on modules to F5's BIG-IP family of products offer email filtering and intelligent compression to allow for lower bandwidth and faster downloads in addition to load balancing and local traffic management capabilities.

F5 also offers other products in various segments of the Application Delivery Controller market. According to Gartner, F5 has a majority of the market share in this industry. According to Gartner, the most significant competitors (in terms of market share) are Cisco Systems and Citrix Systems. Other competitors include Barracuda Networks, Nortel, Foundry Networks, Ecessa, Radware, Coyote Point Systems, Cresendo Systems, A10 Networks, KEMP Technologies, Ipanema technologies, jetNEXUS and Zeus Technology.

Corporate history

F5 Networks, originally named F5 Labs, was founded in 1996. F5's first product was a load balancer called BIG-IP. If a server went down or became overloaded, BIG-IP directed traffic away from that server to other servers that could handle the load. In 1999 the company went public and was listed on the NASDAQ stock exchange (NASDAQ: FFIV). Corporate focus is on network intelligence. In 2004, 80% of the F5 business was with Fortune 500 companies. ^{[citation needed]}

Using internal development and acquisitions the company extended its reach beyond load balancing, producing a range of products for Application Delivery Networking. These products seek to improve the delivery of the applications by attempting to make them run faster and more securely.

F5 Networks has acquired a number of companies during its existence:^{[citation needed]}

• uRoam (Remote access SSL VPN) for USD 25M on June 23, 2003 (product now called FirePass)
• Magnifire (web application firewall) for USD 29M on May 31, 2004 (product now called Application Security Manager)
• Swan Labs (WAN acceleration and web acceleration) for USD 43M on November 15, 2005 (products now called WebAccelerator and WANJet)
• Acopia Networks (file virtualization) for USD 210M on September 13, 2007 (product extends F5 Application Delivery Networking system)

Products

F5 Networks sells a variety of products in the Application Delivery Controller space:

• BIG-IP Local Traffic Manager (LTM): Provides Load balancing
• BIG-IP Global Traffic Manager (GTM): Provides Global Server Load Balancing
• BIG-IP Link Controller (LC)
• BIG-IP Application Security Manager (ASM)
• BIG-IP WebAccelerator (WA)
• BIG-IP WAN Optimization Module (WOM)
• VIPRION Hardware 7U, 36 Gbit/s (chassis system with four Performance Blades to achieve this speed)
• FirePass SSL VPN
• ARX Series - F5 ARX intelligent file virtualization
• WANJet
• BIG-IP Enterprise Manager

There are also several optional modules available for the Local Traffic Manager.

BIG-IP

BIG-IP is a network appliance on which most of F5's products are run. The core network functionality is implemented in Traffic Management Operating System (TMOS), which is developed by F5. The appliance also runs a Linux operating system, which is used for management tasks. Most of the product offerings can be run in any combination on the same hardware and same operating system and it is controlled by licensing.

Limited FirePass and WANJet functionality run under TMOS as modules. This functionality has been supported since 9.4.x. The FirePass module is known as Secure Access Manager and is intended to offer secure network access to large numbers of users.

BIG-IP v9

On September 7, 2004 F5 Networks released version 9.0 of the BIG-IP software in addition to a new collection of BIG-IP appliances on which customers could run said software. Version 9.0 is a significant leap forward in technology and is significantly different than the previous versions of BIG-IP. The significant changes include:

• Moved from BSD to Linux to handle sys management functions (disks, logging, bootup, console access, etc)
• Creation of a Traffic Management Microkernel (TMM) to directly talk to the networking hardware and handle all network activities
• Creation of the standard full-proxy mode which fully terminates network connections at the BIG-IP and establishes new connections between the BIG-IP and the real servers. This allows for optimum TCP stacks on both sides as well as the complete ability to modify traffic in either direction.

The current version, as of May 2009, is 9.4.7.

BIG-IP V10

On April 3, 2009, F5 Networks released version 10.0 of the BIG-IP software. BIG-IP v10 is a milestone release supporting F5's vision of Unified Application and Data Delivery Services, which redefines how application, server, storage, and network resources are aligned and managed to deliver services that fluidly adapt to changing business requirements.

With the new v10 of BIG-IP, F5 Networks introduces their infrastructure context awareness. This concept contains the deployment environment of applications – access media, datacenter, branch location or transport type. It also includes users, their location and their access devices – everything from smartphones to desktop computers. The new version also includes network conditions such as latency, congestion or other impediments. With context awareness, it's easy^{[peacock prose]} to apply policies that optimize application delivery.

Application delivery can also be enhanced by two new features. Symmetric adaptive compression operates between any two BIG-IP appliances, providing the data reduction, optimization and acceleration found in WAN traffic optimization products. The iSessions capability operates between Local Traffic Manager modules, optimizing, encrypting and optionally tunneling traffic. It improves transfer rates, reduces bandwidth consumption and offloads applications to better utilize WAN capacity.

V10 also has features for increasing efficiency. A new dashboard displays performance details on key components at definable time scales. Resource Provisioning supports flexible assignment of CPU and memory. Remote Authentication supports directory and other authentication systems for rapid deployment and fast failover.

Application Templates simplify the creation of profiles and policies for SharePoint 2007 and Exchange Web Access 2007, VMware VDI, Oracle Application Server 10g and SAP ERT. F5 claims setup time can be cut from multiple hours to a few minutes.^{[citation needed]} Route Domains can create routing hierarchies to enable multi-tenanting, which is a key feature for managed service providers that must keep customer accounts separate without losing the ability to aggregate account information.

BIG-IP Hardware

The current line of BIG-IP hardware was released in 2008 and 2009, and internally uses a single custom-fabricated board. The previous platforms had two internal boards - a PC/server-type motherboard connected to a switchplane. All current models have hardware SSL support for handshakes and bulk encryption/decryption as well as a front LCD panel for configuration and monitoring and a separate service processor for out-of-band management. The Viprion is new chassis/module based hardware. It is a chassis which can hold up to 4 blades, each of which are approximately equivalent to an 8800 standalone unit.

The full model line-up is as follows, with approximate best-case throughput indicated:

• BIG-IP 1600: 1U, 750 Mbit/s
• BIG-IP 3600: 1U, 1.5 Gbit/s
• BIG-IP 6900: 2U, 6 Gbit/s (Replaces 6400, 6800. Increases SSL to 4Gbit/s from 2 on 6400, 6800. Adds twin hard drives, RAID 1 support planned in BIG-IP v10.1)
• BIG-IP 8900: 2U, 12 Gbps (Adds 10Gbit/s Fibre and replaces the 8400 and 8800)
• Viprion: 7U, 36 Gbit/s (chassis system with four Performance Blades to achieve this speed)

BIG-IP Software Features

• SSL Acceleration: all current models of the BIG-IP appliance have specialized hardware for SSL handshakes as well as bulk encryption/decryption. This hardware can perform SSL encryption/decryption more efficiently than the general-purpose CPUs found on web servers. The BIG-IP 8800 can handle 6 Gbit/s of SSL encryption/decryption (With appropriate licenses).
• Intelligent Compression: reduces amount of data to be transferred for HTTP objects by utilizing gzip compression available in all modern web browers (optional hardware compression is available for the BIG-IP 6400 or higher).
• Rate Shaping: allows some applications to receive a greater portion of the bandwidth and/or a higher priority than others.
• Advanced Client Authentication: the BIG-IP can authenticate users against a variety of authentication sources (including Active Directory, LDAP, Radius, etc) before allowing them access to a website.
• Advanced Routing: including BGP, OSPF, and RIP routing protocols.
• IPv6/IPv4 Gateway
• Caching: Caches static HTTP content in RAM to take load off of the web servers.
• Global traffic management: GTM, formerly known as 3DNS, uses DNS to provide global high-availability for applications. At least two GTM servers in at least two locations will answer DNS requests for an entire domain or a subdomain. The GTM servers also monitor the availability of applications in more than one datacenter. When clients request IPs for hostnames managed by GTM, it returns the "best" server for that user based on application availability, location of the user, round-trip-time, etc.
• Application security: application security manager is a Web Application Firewall and utilizes a positive (default-deny) application layer security policy to secure HTTP and HTTPS websites.
• Link/Internet Service Provider (ISP) Load balancing
• Web Acceleration: above and beyond caching and compression, the web accelerator modifies the actual content of websites in real time to provide a better end-user experience.
• SPAM Filtering: the message security module utilizes Secure Computing's TrustedSource IP reputation database to refuse mail from known spammers even before sending the messages to other SPAM filters.
• iControl Application Programming Interface (API): an open API for management of the BIG-IP
• iRules: a TCL-based scripting language allowing arbitrary manipulation of traffic flowing through the BIG-IP, including real-time modification of said data.

FirePass SSL VPN

The FirePass is an SSL VPN appliance and comes in a few models:

• FirePass 1200: 100 recommended simultaneous users
• FirePass 4100: 500 recommended simultaneous users
• FirePass 4300: 2000 recommended simultaneous users

There are several benefits of the FirePass over the more traditional IPsec solutions, including:

• Granular access control: grant users different sets of privileges based on who they are, what client they are on, and where they are coming from. When combined with an authentication server such as Active Directory or LDAP, the group memberships for the user can determine which resources they can access with fine-grained control.
• Access through firewalls: IPsec may be blocked by firewalls while port 443/tcp is almost always allowed unmolested.
• Endpoint security: the client can be checked for an active virus scanner, registry entries, personal firewall, etc, before being allowed access to the network.
• In addition to providing full network access like IPsec, the FirePass can provide access to only one server and port, and provide portal access to web sites and file shares, thus eliminating the need for any network access.

WANJet

The WANJet provides a point-to-point optimization solution over the WAN. A central location can have a WANJet and then multiple remote locations can also have WANJets which can provide significant performance improvements over the WAN links, especially when doing bulk data transfers (files, database replication, etc) or when high latency is involved (i.e. satellite or international links). It accomplishes this by using TCP optimizations between the devices to minimize the effects of latency, Transmitted Data Reduction Level 1 (TDR1) to selectively compress traffic, and TDR2 to eliminate the transmission of unnecessary data.

References