All White Papers

白皮书

The BIG-IP Platform and Microsoft Azure: Application Services in the Cloud

已更新 2015年7月24日

Introduction

The move toward cloud computing is changing the face of networking and application delivery. Enterprises are often choosing to employ public clouds such as Microsoft Azure and Amazon AWS to host their applications. While these environments offer many advantages, moving applications to the cloud presents challenges as well, including compliance with security policies, management of diverse technologies, and offering acceptable levels of performance.

F5 BIG-IP® virtual editions (VEs) for Microsoft Azure helps enterprises take advantage of the benefits of the cloud without sacrificing the security and performance of on-premises data centers. This paper examines the advantages of moving Tier 1 applications to Microsoft Azure and shows ways that F5 BIG-IP technology can be utilized to meet the challenges of computing in the cloud.

The Changing Face of Networking

Enterprises of all sizes are increasingly using public cloud services. Gartner predicts that by 2017, cloud spending will reach $240 billion1. As enterprises shift some of their workloads into public clouds like Microsoft Azure, they can reduce overall operational costs, enjoy flexibility of deployment, and increase scalability. And with the introduction of F5 BIG-IP virtual editions (VEs) for Microsoft Azure, enterprises can now realize the same level of network control and customized application services in Azure that they have in their corporate data centers.

By moving some applications to Azure, enterprises can solve several pressing business challenges. Traditional data center architectures simply cannot provide the level of on-demand services required by forward-thinking organizations. When enterprises move mission-critical applications to the public cloud, they can boost data center agility and efficiency. In addition, the native elasticity of the cloud makes it quick and easy for enterprises to scale up during periods of heavy usage, while not requiring large upfront investments in infrastructure and application resources. Finally, Azure provides a robust disaster recovery option and ensures failover in case of local or regional outages.

BIG-IP VEs for Microsoft Azure enable enterprises to maintain continuity across their evolving hybrid cloud architectures. Enterprises can move applications and data seamlessly between traditional networks, public clouds, and private clouds while taking advantage of the BIG-IP platform’s proven capabilities in traffic management, performance optimization, and application security.

BIG-IP VEs for Microsoft Azure include the full complement of BIG-IP modules, boasts a familiar user interface, and also supports all the same F5 iRules®, F5 iApps®, APIs, and other programming options that allow enterprises to customize the delivery of application services.

When considering moving Tier 1 applications to the public cloud, enterprises must maintain a consistent level of application services, network performance, and management. By deploying BIG-IP VEs for Microsoft Azure, enterprises can ensure a seamless transition, while realizing cost savings and additional benefits in security, scalability, and flexibility.

Reasons for Moving to the Cloud

Enterprises are under pressure to simplify management and enhance application performance and scalability. Cloud platforms such as Microsoft’s Azure provide opportunities for enterprises to reduce costs, increase flexibility, and scale up or down depending on demand—without making a large, initial investment in network infrastructure.

Cost benefits

Hosting applications in a public cloud like Azure enables organizations to avoid the cost of building an on-premises infrastructure and application resources. For example, in many enterprise environments, pre-deployment testing and validation require large, parallel test and development labs—requiring considerable and expenses in infrastructure, software licenses, and staffing. Moving these workloads to Azure often makes compelling business sense. In the cloud, applications can be rapidly spun up for testing and development, and then spun down when no longer needed, reducing operational overhead.

Flexible deployment

Hybrid cloud computing is an architecture that combines on-premises, private cloud, and public cloud services. By freeing workloads to move between these platforms as business requirements change, a hybrid cloud architecture gives businesses greater agility and flexibility.

BIG-IP VEs supports a wide range of public and private cloud technologies including public clouds such as Microsoft Azure and Amazon AWS, helping enterprises to avoid vendor lock-in. This increases operational flexibility and makes it easy to build a hybrid cloud or multi-cloud deployment without changing underlying network architecture.

On-demand resources for scalability

Public cloud services enable enterprises to quickly and easily scale network resources to respond to spikes in usage. On-demand provisioning enables organizations to keep critical web applications highly available, and provides flexibility in responding to changes in application demand—without requiring a large reserve pool or resources.

The Application Services You Need—Now in Azure

With all the benefits of moving applications to the cloud—or to a hybrid cloud environment—some enterprises are still wary of taking this big step. They’re concerned about security, availability, and their ability to provide application services that have become essential to their business. With BIG-IP VEs for Microsoft Azure, you can realize the cost efficiencies and improvements in scalability of cloud computing while continuing to manage and secure your critical applications.

BIG-IP and Azure—Better Together

F5 built BIG-IP VEs for Microsoft Azure to enable enterprises to take advantage of the elasticity of the public cloud without sacrificing security or performance. Whether you want to move your applications entirely to the Azure cloud, use a hybrid private-public cloud network, or even deploy a hybrid network across geographical regions, BIG-IP VEs for Microsoft Azure can help increase efficiency, optimize performance, and bolster security.

Enjoy enterprise-class security and performance

According to a recent survey by Algosec, 70 percent of respondents anticipate that they will deploy 10 to 60 percent of their business applications on public IaaS platforms within the next three years2. However, enterprises have been wary of migrating their Tier 1 applications to public clouds, because they are concerned that those applications won’t enjoy the same level of security as applications hosted on premises.

With BIG-IP VEs for Microsoft Azure, you can maintain the same security policies whether your applications are hosted on-premises or in Azure. In addition, BIG-IP VEs for Microsoft Azure ease your management burden by offering a consistent technology for securing and managing network traffic, both on and off premises.

Tested Architectures

While use of BIG-IP virtual editions is limited only by your imagination, it helps to know what deployments have been tested. Following are three tested use cases for BIG-IP VEs for Microsoft Azure.

Use Case 1: Cloud Deployment with Single Sign-On and Firewall

This use case provides a strong security footprint for applications hosted entirely in Azure. Here we see BIG-IP Access Policy Manager® (APM) positioned between the applications and the users, creating a strategic control point in the network. BIG-IP APM protects your public-facing applications by providing policy-based, context-aware access to external users while consolidating your access infrastructure. Application security and network security are provided by BIG-IP Application Security Manager™ (ASM) and BIG-IP Advanced Firewall Manager™ (AFM).

This use case includes:

  • Secure, policy-driven single sign-on (SSO) with BIG-IP APM
  • Web application security and DDoS protection with BIG-IP ASM
  • SSL offloading and stateful layer 4-7 load balancing with BIG-IP Local Traffic Manager™ (LTM)
  • Combined network firewall, traffic management, and application security with F5 BIG-IP AFM
Figure 1: Azure deployment with SSO and web application firewall

Use Case 2: Hybrid Cloud Deployment

Few enterprises operate in a 100 percent cloud-based model and, in fact, the rate of hybrid cloud adoption is skyrocketing. IDC predicts that more than 65 percent of enterprise IT organizations will commit to hybrid cloud technologies before 20163. The business reasons for this seismic shift are many. For example, per corporate policy, an enterprise might deploy a private, on-premises cloud to host sensitive customer data and rely on a public cloud, such as Azure, to host the application front end. Enterprises might also use public cloud resources to supplement on-premises computing during peak traffic periods such as holidays or during streaming events.

In the following use case, an enterprise has deployed multiple instances of BIG-IP VEs for Microsoft Azure to provide load balancing of web servers, a web application firewall, and authentication services. At the same time, an on-premises physical BIG-IP device delivers a secure IPsec VPN tunnel as well as load balancing of Active Directory and SQL backend queries. The advantages of this approach include:

  • Customer-facing web servers and authentication services are in the cloud—where capacity can be dynamically changed
  • Critical data is kept on premises, per corporate security policy
  • Web application firewall and authentication services are near the web servers for better performance
Figure 2: Hybrid cloud architecture with site-to-site VPN

Use Case 3: Hybrid Cloud across Regions with Global Load Balancing and Federation

One of the advantages of public cloud computing is the potential to deliver applications from multiple locations across different geographic regions. This type of deployment improves performance by reducing the distance between the user and the application, or by distributing traffic among regions based on performance metrics. It also increases availability by ensuring failover in the event that an application in one region goes down.

In the use case outlined here, BIG-IP VEs for Microsoft Azure balance traffic between three environments: an on-premises data center at the corporate location, an Azure cloud in the U.S., and an Azure cloud in Europe. BIG-IP APM utilizes Security Assertion Markup Language (SAML) to provide single sign-on to applications across data centers while BIG-IP AFM and BIG-IP ASM provide network and application security respectively.

The benefits of this scenario include:

  • High availability and better performance for applications hosted in the cloud and on premises
  • SSO across applications in all regions and environments
  • Ability to continue using legacy applications that cannot be migrated to the cloud
  • Isolation of subnets and application-centric policy enforcement in the hybrid environment using BIG-IP AFM
Figure 3: Global traffic management and SAML federation across regions

Conclusion

Migrating Tier 1 applications to the cloud offers many benefits to enterprises interested in increasing flexibility and scalability while cutting infrastructure and operational costs. For enterprises moving toward a hybrid cloud architecture, Microsoft Azure provides a reliable cloud environment with a robust set of hosting tools. F5’s BIG-IP virtual editions enhances cloud deployments by providing the high level of network security and management enterprises are accustomed to in their on-premises deployments. BIG-IP VEs for Microsoft Azure deliver the flexibility, security, and application control that today’s enterprises require—while providing the consistency and scalability necessary for future growth.

For information on availability and to learn more about how the F5 and Microsoft partnership can help your business, visit f5.com/Microsoft or see F5 Azure site or How to Buy at f5.com.

1 “The Cheap, Convenient Cloud,” The Economist (April 18, 2015), http://www.economist.com/news/business/21648685-cloud-computing-prices-keep-falling-whole-it-business-will-change-cheap-convenient.

2 “Five Predictions for Hybrid Cloud Environments in 2015,” IT Business Edge, http://www.itbusinessedge.com/slideshows/five-predictions-for-hybrid-cloud-environments-in-2015-02.html

3 “IDC Reveals Cloud Predictions for 2014,” International Data Corporation (December 18, 2014), https://www.idc.com/getdoc.jsp?containerId=prUS25350114.

400 089 8921