University of Paderborn Provides Flexible Access to Critical Services with F5 Solution When the German University of Paderborn learned its load balancer vendor would soon end support, it made the most of the situation. The university upgraded to a high-performance solution based on F5 BIG-IP Local Traffic Manager (LTM). The F5 solution supports up to 70 servers and thousands of users on campus and beyond. Business Challenges Founded in 1972, the University of Paderborn in Paderborn, Germany, is a medium-size facility with 18,500 students. The Center for Information and Media Technologies (IMT) at the university manages and operates a complex Microsoft SharePoint installation that extends throughout the campus and four additional locations. It is used by scientific working groups to collaborate on documents, work on projects, and plan events; by other departments and staff at the university for team sites and project groups; and by external partners. Until recently, the load balancing function was managed by Cisco CSS solutions, until the day Cisco informed the university that the products would soon reach end-of-life (EOL) status and would no longer be supported. While this was the main impetus for IMT to look for a new solution, the timing was fortuitous. “We’d been thinking about upgrading anyway in order to align our services to the likely growth in bandwidth and performance requirements in the future,” says Alexander Schubert, Network Engineer at the University of Paderborn. He adds that his team was also looking to replace Forefront Protection for SharePoint. In addition to ensuring high performance of the SharePoint installation, the university needed to improve the management of multiple other services. These services included email, LDAP, and new web services for specific workgroups. The university also required multi-tenancy capabilities. And, with an eye to the future, IMT wanted to start implementing Microsoft Exchange, database, and cloud-based applications. Along with a solution that would continue to be supported in the years to come, Schubert and his team also wanted to be able to share the administration tasks with the application administrators. He believed this would be of benefit to everybody—it would relieve his own team’s workload, while enabling application owners to configure their own services on the load balancer whenever needed and without any waiting period. “This flexibility was a key factor for us—even more important than performance,” notes Schubert. “There are only three of us on the team, but we have thousands of users and countless administrators who access the services from multiple devices and different locations, so we needed to spread the workload as efficiently as possible.” “With F5’s multi-tenancy capability, application administrators can manage their parts of the Application Delivery Controller themselves. That saves everyone time.” Alexander Schubert, Network Engineer, University of Paderborn, Germany Solution After reviewing solutions available on the market, IMT selected F5 BIG-IP Local Traffic Management (LTM) Application Deliver Controllers (ADCs), the F5 Application Visibility and Reporting (AVR) module, BIG-IP Access Policy Manager (APM), and the VIPRION 2400 hardware platform. “We chose the F5 solution as we found it to be the most future-proof—its modular structure makes it very scalable,” says Schubert. Thanks to the F5 solution’s multi-tenancy capability, Schubert and his team have been able to share ADC administration across several departments, although the team still undertakes the initial installation and configuration. The services (including web servers, LDAP, mail servers, and SharePoint) are administered by each department in its own administrative partition. The university operates its two BIG-IP LTM solutions in its data centers, which are distributed across two locations. Both BIG-IP LTM devices are shared over the two facilities and run in an active/standby configuration. They publish the IP addresses of the virtual servers and the nodes’ IP networks using Open Shortest Path First (OSPF). The ADCs also function as routers to these networks. The university operates most of the nodes “behind” the ADCs. In addition, Schubert and his team are able to support load balancing on nodes that various user groups run on their own networks (with secure network address translation). As the migration from the Cisco solution continues, more and more user groups will be able to administer their own services on the ADCs. In a second phase, the Forefront servers will be replaced by F5 BIG-IP Access Policy Manager (APM) due to the upcoming implementation of a single sign-on (SSO) point for all of the university’s services. The solution is likely to include multi-domain SSO functionality as well as a variety of authentication processes (such as Kerberos, form-based, basic authentication, and NTLM) that will be selected automatically, depending on the web application. “Our services are critical to us, so we were very glad for the F5 Deployment Guides during implementation and the initial stages of deployment for each of the services,” comments Schubert. “We also found the online AskF5 information service and the developer community DevCentral very useful.” “We chose the F5 solution as we found it to be future-proof—its modular structure makes it very scalable.” Alexander Schubert, Network Engineer, University of Paderborn, Germany Benefits Although the University of Paderborn is still in the process of migrating from Cisco CSS load balancers to the F5 BIG-IP solution, the benefits are already making themselves felt. The F5 solution gives the university a stable and reliable load balancing and SSO solution that is scalable enough to keep pace with the university’s future needs, while saving time for the network department and users now. The IMT’s future plans include the implementation of additional applications like Microsoft Exchange, databases, and cloud services that will also be supported by the F5 solution. Simplified management With a large and heterogeneous user base along with a complex range of services used by the whole university, Alexander Schubert’s team of three network specialists put multi-tenancy capability and simplified management at the top of their wish list while looking at the solutions on the market. They found what they were looking for in F5 BIG-IP Local Traffic Manager. “With F5’s multi-tenancy capability, application administrators can manage their parts of the Application Delivery Controllers themselves. That saves everyone time,” Schubert says. Flexible access to web services The scalable F5 solution gives the University of Paderborn confidence it can handle future demands. With the imminent end-of-life status of the Cisco CSS appliances, the IMT needed a new generation of ADCs. The F5 solution with its multi-tenancy capabilities enables the University of Paderborn to implement a future-proof data center and security solution that makes user access to web services simpler and more agile.