F5 Brings Simplicity to Complex Virtual Application Environments

Organizations both large and small are facing a sea change when it comes to desktop and application provisioning. The traditional static end-point, commonly known as a PC, is rapidly falling out of favor as the primary interface into corporate and line of business applications. This transformation has been driven by the increasing demands of a mobile user base that expects to be connected to corporate resources 24/7. Consequently, both IT teams and end users find themselves in a tenuous situation as device types and data volumes proliferate with no end in sight.

What’s more, organizations are faced with the growing need to seamlessly integrate mobile devices and remote endpoints into the overall IT infrastructure, including consumer tech devices, which has fueled the consumerization of IT. A situation that has brought increased complexity to IT environments, especially since many of those consumer devices bear little resemblance to the traditional PC, each with its own nuances and specialized requirements, yet are still expected to work like PCs for business processes.

For IT management, the challenges are numerous – especially when it comes to the imperative IT tasks of provisioning, deployment, security and user support – all of which require significant operational expenses and extensive man-hours to sustain.

This is the proverbial “fork in the road” that new technologies have sought to help customers overcome. Technologies such as virtualization have evolved from convenient tools that wring out more compute power from servers to one that is capable of more efficiently delivering sets of applications and even entire desktops. In this new paradigm, user friendly experience is preserved and IT control is restored.

Virtualization solutions successfully abstract user facing elements from traditional hardware. This creates flexibility for end users’ device choices and increases productivity by eliminating end user concerns, such as software installation, patching and compatibility. Nevertheless, those virtualization technologies prove to be complex and difficult to manage, especially when scalability enters the equation. While it may be simple to offer virtual applications to a few dozen users, once the user count increases to the many hundreds and beyond, complexity tends to grow exponentially and security and performance concerns get elevated- and that is exactly where F5 enters the picture with its BIG-IP Local Traffic Manager (LTM) with Access Policy Manager (APM) product.

A Closer Look at the F5 BIG-IP LTM with APM product:

F5’s APM installs as a module on the company’s BIG-IP LTM solution, which operates at the network edge to control traffic and deliver applications, as well as provide acceleration, failover and security services.

 

 

 

 

 

 

 

 

 

 

 

 

I tested the F5 BIG-IP LTM 3900 with Access Policy Manager (APM) at F5’s Seattle labs to judge what advantages APM offers to those looking to deploy virtual applications and/or virtual desktops across an enterprise. In theory, APM eliminates much of the native infrastructure used by the leading virtualization application vendors and makes it much easier to provision, deploy, secure and manage virtual solutions.

Out of the box, APM (Version 11) includes proxy support for Citrix XenApp and XenDesktop, and full network access for VMware View as well as native support for Microsoft Remote Desktop Protocol (RDP). Each of those technologies are accelerated, secured and simplified by the capabilities offered by APM.

In essence, APM gives administrators dynamic control of the delivery and security components of the major virtualization solutions, consolidating and unifying elements such as access, security and policy management. For example, in a typical Citrix XenApp/XenDesktop implementation, APM can replace Citrix’s authentication management, Secure Ticket Authority (STA), NetScaler and other components that are required for Citrix sourced enterprise deployment. What’s more, APM brings portal access, SSL VPN tunnels and SSL offloading into the equation, which improves server and application performance and simplifies security management.

Much the same can be said for VDI deployments based upon VMware View, where APM also helps to bring unified management, ease of provisioning and enhanced security to the enterprise. Interestingly, APM can support VMware View and Citrix XenApp/XenDesktop concurrently, as well as adding RDP and other technologies to the mix. That means administrators can build multi-vendor, best of breed VDI solutions and move users across platforms with ease, allowing a smooth, plan-able transition from one technology to another – a real bonus for organizations that go through acquisitions and mergers. It is also worth noting that APM also supports a vast array of business applications, making it easier to deploy line of business applications such as Exchange 2010, SharePoint, Oracle, etc. to new users as part of a migration or virtualization effort.

 

 

 

 

 

 

 

 

 

 

 

 

Beyond the underlying technology, APM offers several unique capabilities that allow it to be extended or customized into new environments. Normally, the biggest challenge associated with deploying a traffic management and policy driven security appliance comes from integrating the device. With cross platform devices that offer consolidation, there are normally hundreds of manual steps, test validations and so on that must take place before the device can be implemented.

F5 eschews much of those concerns by leveraging wizards and the company's proprietary iApp templates introduced in BIG-IP v11. iApp is a collection of features that are designed to provide a new way to architect application delivery in the data center. Simply put, iApp combines all of the setup and validation elements into a single template that speeds configuration by offering a single point interface for building, managing, monitoring and controlling application deployments. iApp also supports customizations, allowing the design of custom templates that meet a particular networks needs.

In practice, I found that iApp literally saved hours of configuration work for standard deployments. I was able to setup Citrix XenApp/XenDesktop, as well as VMware View in a matter of minutes using iApp templates. What's more, an iApp template can be run at any time to make changes to an existing configuration, without having to completely recreate a system configuration. iApp is truly a new paradigm when it comes to configuring complex environments, it contains all of the logic needed to complete a setup and presents all of the information using a single pane of glass interface.

Without iApp, administrators are forced to visit multiple setup and configuration screens that often have little resemblance to each other and can add confusion to the mix and increase the likely hood of errors. It's not that iApp holds your hand during the entire setup process, it's more like it acts as an intelligent guide, that presents the proper questions, allowing you to intelligently answer those questions, which leads to a successful setup.

As far as management itself, I found the web based management console easy to navigate and the associated GUI based tasks easy to locate and execute. It is evident that a great deal of thought has been put into the management console, which features customizable reporting and views into the device and the associated traffic. Some of the reporting elements are quite daunting and do require a modicum of network engineering expertise to understand.

The management console also sports several reports, monitoring screens and logging capabilities, all of which help with troubleshooting and monitoring performance, as well as connectivity. Information that can be indispensable when tuning or sizing the system for improved performance or projected growth.

It is that unified approach to provisioning, securing, monitoring and management that brings ease to the complex process normally associated with deploying virtualized applications, desktops and other remotely accessed elements.

Conclusions:

VDI is an emerging market with evolving solutions. Customers should expect this to be a very competitive space with significant investments from Microsoft, VMware and Citrix. That is why F5's APM proves to be such an important technology – APM allows network administrators to work with various VDI solutions and access technologies, concurrently and seamlessly, giving an administrator the ability to experiment, then deploy, without having to completely recreate the infrastructure. That flexibility gives organizations choices that were not available under a silo-ed, single vendor VDI approach.

What's more, the underlying BIG-IP hardware offers several other features and modules, including VPN, SSL, traffic management, load balancing, application security and several other features that make it an ideal appliance to place at the edge of the network for both remote and internal users.

F5 APM successfully simplifies the arduous chores associated with deploying virtual solutions, the core hardware boosts performance, while the software components bring new capabilities and features into the mix. Simply put, APM just works.

Tags: Application Virtualization, Single Sign On, WAN optimization, Hosted Services, Unified Security, Next Generation Firewalls, Application Acceleration, desktop virtualization, server virtualization, VDI