F5 Networks has a modern platform that unfortunately isn’t widely known; we have talked with Paul Pindell, Senior Solution Architect at VMworld 2015.
Let’s start with the offer of F5 Networks and try to better understand what you do
F5 Networks offer a full proxy architecture that allows to analyze all the traffic that enters and goes out the business walls and its branches. Traffic gets analyzed and decrypted even if chypred standards, like SSL, are used. Out technologies then operate on the whole traffic to perform several functions such as firewall, routing, security management on the application level, acceleration and compression and even a Web content control. The strength of F5 is in the intelligence that allows to manage this architecture.
Is this kind of architecture implemented as an hardware appliance or software?
We are able to operate on both sides, with an hardware platform that can be installed even where needs are minimal and there’s no virtual infrastructure available, up to the version based on a virtual appliance that can save on electricity and enjoys the advantages of a deployment on an already existing infrastructure, without having to renounce to the opportunity of scaling up to a max connectivity equal to 10Gb/s. There’s a version available on Amazon as a direct “rent” for those who has different needs, like protecting servers or infrastructures in the cloud.
Does the virtual platform integrate with VMware NSX?
Yes, and not just with VMware, but also with Cisco ACI and Microsoft HNV by means of plugins and APIs. The deployment and the automation too can be managed in combination with cloud solutions like Openstack configuration management products like Puppet and Chef. Licensing is flexible and it’s based on the bandwidth that the appliance must guard.
Do you offer dedicated services to cloud providers or to those who have an infrastructure in the cloud and looks for a way of protecting it?
Yes, we have for instance some services born by the acquisition of Defense.net, which happened more than a year ago, that can guarantee a complete level of protection against DDoS attacks. We can handle the incoming traffic by blocking all the attacks while maintaining the proper level of service, so that any problem with the application level can be avoided.