Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Slides:



Advertisements
Similar presentations
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Advertisements

Chapter 1: Introduction to Scaling Networks
© 2003, Cisco Systems, Inc. All rights reserved..
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
Business Solutions Network Security Solutions Gateway Security
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
IUT– Network Security Course 1 Network Security Firewalls.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Firewall Configuration Strategies
Module 8: Concepts of a Network Load Balancing Cluster
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Lesson 1: Configuring Network Load Balancing
SIP Bridging for Hoot n Holler Hydra-Link TM Florida Reliability Coordinating Council Solutions for:
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
M2M Gateway Features Jari Lahti, CTO
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Designing Network Topology Week 4. Network Topology Cisco has developed several models to help network designers conceptualize Some of the models we will.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
CPE5021 Advanced Network Security ---Network Security and Performance--- Lecture 9 CPE5021 Advanced Network Security ---Network Security and Performance---
Secure remote access to applications through any web browser Internet Headquarters SSL Customers Suppliers Partners Mobile Workforce Applications .
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Sepehr Firewalls Sepehr Sadra Tehran Co. Ltd. Ali Shayan December 2008.
Additional SugarCRM details for complete, functional, and portable deployment.
Data Center Network Redesign using SDN
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Virtual Company Group 8 Presentation Date: June /04/2017
Module 3: Planning and Troubleshooting Routing and Switching.
Barracuda Load Balancer Server Availability and Scalability.
Module 13: Network Load Balancing Fundamentals. Server Availability and Scalability Overview Windows Network Load Balancing Configuring Windows Network.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Common Devices Used In Computer Networks
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
PfSense Garrison Vaughan, Kyle Nester, Anthony Taliercio.
DHCP Security DHCP Snooping and Security David Mitchell 03/19/2008.
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 12: Planning and Implementing Server Availability and Scalability.
Setup and Management for the CacheRaQ. Confidential, Page 2 Cache Installation Outline – Setup & Wizard – Cache Configurations –ICP.
Security fundamentals Topic 10 Securing the network perimeter.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
+ Routing Concepts 1 st semester Objectives  Describe the primary functions and features of a router.  Explain how routers use information.
HUAWEI L2800 Load Balancer Main Slides Confidentiality: Customer.
Network Security Solution. 2 Security Gateway Switch Network Security Products  Multi-Homing  VPN/Firewall  SPI Firewall  Anti-Virus  Anti-Spam 
Configuring Network Devices
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 12: Planning and Implementing Server Availability and Scalability.
Instructor Materials Chapter 1: LAN Design
Lab A: Planning an Installation
Barracuda Link Balancer
Network Security Solution
Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.
CONNECTING TO THE INTERNET
ETHANE: TAKING CONTROL OF THE ENTERPRISE
Planning and Troubleshooting Routing and Switching
Securing the Network Perimeter with ISA 2004
Module 8: Concepts of a Network Load Balancing Cluster
Network Load Balancing Topology
* Essential Network Security Book Slides.
Chapter 10: Advanced Cisco Adaptive Security Appliance
Presentation transcript:

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT

@ HEPiX AmsterdamHighly Available Central Services / Th. Finnern2 Overview  Why  How  Features  Modes  What  Where to  Conclusions

@ HEPiX AmsterdamHighly Available Central Services / Th. Finnern3 Why  Get Rid Of Old Clusters  AIX Highly Available Load Environment HALE  Minimize Efforts for Clustering  Commercial „All-In-One“ Box  Possible Replacement For Traditional Clusters  Getting Better  Customer Invisible Service Switching  Enhanced Load Distribution  Only One Virtual Hostname Per Service  Enhancing Fault Tolerance and Security

@ HEPiX AmsterdamHighly Available Central Services / Th. Finnern4 How  Using/Testing F5 Switch  Common Effort of the IT Systems and Network Groups  Switch is BSD Unix Cluster  Redundant Network Connections  and ssh:CLI Configuration Interface  Starting with Layer 2/3 Routing Layer 7 Routing planned for WEB  Checking Implementation Aspects of Different Services

@ HEPiX AmsterdamHighly Available Central Services / Th. Finnern5 Key Features and Benefits  Architecture:  (24) 10/100 BASE-TX Ports  (4) 1000 BASE-SX Ports  Switch Fabric Capacity: 8 Gb/s one direction 16 Gb/s aggregate  100 SSL TPS included at no additional charge; upgradeable to 800 TPS  Provides significant cost savings and flexibility for SSL acceleration and capacity  Flexibility and speed to directly connect servers, caches, firewalls, databases, SIP, and VPN endpoints  Eliminates the need to buy additional switches; supports fully meshed network deployments  2 GHz of centralized processing power; provides more power to intercept, inspect, transform, and direct Layer 7 (application traffic) than web or content switches  1 GB of RAM in base configuration; additional 1 GB can be added as an option - provides the greatest amount of concurrent connections for unparalleled traffic capacity  Traffic Management:  All the advanced features and functions of award-winning BIG-IP software  Static and Dynamic load balancing for diverse server platforms and applications  Active/Active Controller feature for added performance, scalability, reliability  Full stateful session failover from active to backup or active IP Application Switch  Multiple modes of persistence  Simple and advanced business rules to ensure QoS  Smart content and application determination to route requests for content to appropriate devices  Unique One Connect™ Content switching reduces bandwidth costs and server overhead by up to 20%  iControl enabled- allows applications to directly control network traffic by preemptively avoiding application failures  Award-winning 3-DNS wide-area load balancing available as an option  Real-time performance monitoring and statistics  Easy to install and manage via secure CLI & GUI Additional Information “Not For Screen Usage”

@ HEPiX AmsterdamHighly Available Central Services / Th. Finnern6 Mode 1: Dump Service  F5 Secure Network Address Translation SNAT = on  Server sees F5 Switch as Client  No Client Change  All Traffic handled by F5 Switch Standard Router Server System(s) Client System

@ HEPiX AmsterdamHighly Available Central Services / Th. Finnern7 Mode 2: Single Service  No F5 Network Address Translation NAT = off  Client Changes:  Set Local Host Interface lo0 to Virtual Host IP (“NAT”)  Limitations  One Service  Server on same L2 net  Default Route unchanged Standard Router Server System Client System

@ HEPiX AmsterdamHighly Available Central Services / Th. Finnern8 Mode 3: Multi Service  F5 Network Address Translation NAT = on  Client Changes:  Default Route to F5 Switch  F5 IP Forwarding needed  Multiple Services Possible  All Traffic handled by F5 Switch Standard Router Server System Client System

@ HEPiX AmsterdamHighly Available Central Services / Th. Finnern9 What  Font Server fontsrv.desy.de  Multi Service Mode  Each Port Is One Service  2 Port Protocol: Persistency  Network Install Management Server nims.desy.de  Single Service Mode  Common Install Server  Testing UDP Persistency (NFS)  Public Login Service plus.desy.de (under Evaluation)  Single or Multi Service ?  Key Handling  ISS Replacement  dCache Web and Control Connection dcap.desy.de  Stateful failover  One Virtual Host  2 Ports  …

@ HEPiX AmsterdamHighly Available Central Services / Th. Finnern10 Where to  WEB Service  Starting with standby server if AFS fails ?  Layer 7 Routing ?  MAIL Service  Different SMTP Server for Internal and External (Rules Setup)  …  Security  Use F5 Switch as Network Filter to Protected Server Subnet  Overcome Routing Problems  Cisco Software Upgrade Workaround: Moving MAC  Test Client Functionality From Server Network  SSL Possible  But seems not compliant to.htaccess-Configuration  First Production Tests  Planned for June 2003

@ HEPiX AmsterdamHighly Available Central Services / Th. Finnern11 Conclusions  Rather Simple To Use  Nice Operating Model  Minimal Changes on Server Machines  Platform Independent  Could Be A Standard Feature  If tests results will be reliable  If people will trust virtual hosts

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.