Application delivery controllers provide the availability, scalability, performance, security and control essential to keeping applications and servers running in their power band.
Integrated application security, local and global server load balancing ensure the highest levels of resiliency for your applications, while connection multiplexing, SSL offload, caching and compression work together to deliver the fastest end-user experience possible.
This five day course gives network professionals a functional understanding of load balancers, global load balancers, application security and policy manager. Incorporating lecture, extensive hands-on labs with Troika iLabs, and classroom discussion, the course helps students build the well-rounded skill set needed to manage various load balancers including F5 BIGIP LTM systems as part of a flexible and high performance application delivery network
Candidates must have basic understanding on ip addressing, routing and switching technologies.
Upon completion of this course, students will be able to:
- Explain the features and advantages of the server load balancer, global server load balancer, application policy manager & security manager (ASM)
- Perform advance configuration of the application delivery controller including:
- Load balancing and persistence concepts
- Monitors, including scripted monitors and managing multiple monitors
- Modifying traffic behavior with profiles, including SSL offload
- Implementing SNATs
- Highly Availability, including Sync-Failover and Sync-Only device groups
- Configuring iRules
- Understanding SDNS (GTM) concepts
- Overview of application policy manager
- Overview of OWASP top10 vulnerabilities & application security
- Application delivery controller Design considerations – design and best practices in modern datacenter
Module 0 – overview of Application delivery controller’s
- Introducing server load balancer concepts
- Content networking
- Deployment scenarios
- reverse proxy ,
- transparent proxy,
- triangle proxy/nPath
- Syn load balancing, delayed binding, HTTP header load balancing , TCP proxy , full proxy TCP connections vs HTTP Transaction
- Platform architecture
- SMP vs CMP
- HTTP and other protocol overview
- Packet flow & design practices
- Initial configuration to set up load balancer appliance
- Identifying load balancer traffic processing objects
- Understanding on network packet flow
Module 1 – Load Balancing
- Load balancing concepts
- Static vs Dynamic load balancing
- Least connections
- Fastest
- Dynamic Ratio
- Priority group activation
- Fallback host
- Load Balancing: Member vs. Node
- Understanding design requirement for optimal load balancing
Module2 – Monitoring application health
- Introducing Monitors
- Types of Monitors
- Layer 3 monitors
- Layer 4 monitors
- Layer 7 monitors
- Monitor Interval and Timeout Settings
- Scripted Monitors
- Configuring Monitors
- Assigning Monitors to Resources
Module3 – Modifying Traffic Behavior with Persistence & SNAT
- Understanding the Need for Persistence
- Introducing Source Address Affinity Persistence
- Introducing Cookie Persistence
- Managing Object State
- Address Translation on server load balancer System
- NAT requirements
- Solving Routing Issues with NAT
- Configuring SNAT Auto Map on a Virtual Server
- Additional SNAT Options
- Understanding design requirements to implement persistence profiles
- Network design with SNAT
Module 4 – Modifying Traffic Behavior with Profiles & iRules
- Introducing profiles
- Common Protocol Profile Types and Settings
- Understanding Profile Types and Dependencies
- Client and server side profiles
- HTTP profile
- SSL Offloading
- Stream profiles
- Configuring and Assigning Profiles
- Failover Conditions
Module 5– High Availability
- Understanding on high availability
- Sync-Failover Group Concepts
- Synchronization, State and Failover
- Traffic Group Concepts
- Failover Triggers and Detection
- Stateful Failover, Connection Mirroring
- Persistence Mirroring
- Overview of redundant design with HA groups
- Overview of iRules
- iRules Concepts
- iRule Events
- understanding Irules use case scenario’s
Module 6 – administration & Troubleshooting
- Traffic Management Shell (tmsh)
- Server load balancer Configuration State and Files
- Configuring files & Logging
- UCS & SFC changes
- Using tcpdump and Wireshark on the LB system
- Working with F5 Technical Support
Module 7 – Global server load balancer
- DNS overview and concepts
- Accelerated DNS resolution
- Datacenter load balancing and high availability
- Understanding Wide IP’s , DNS cache, GTM listener , links, Wide IP pools
- LDNS probe configuration
- Monitors in GTM environment
- Introduction to advance topics such as DNSSEC
Module 8 – Overview of Access policy manager
- Understanding application access using APM
- APM Access Policies, Access Profiles
- Visual Policy Editor, Branches and Endings
- APM Network Access and BIG-IP Edge Client
- Layer 4 and Layer 7 Access Control Lists
- APM Application Access and Webtop Types
- Remote Desktop, Optimized Tunnels and Webtop Links
- LTM Concepts including Virtual Servers, Pools, Monitors and SNAT’ing
- APM + LTM Use Case for Web Applications
- AAA Servers and Authentication and Authorization with Active Directory and RADIUS
- Endpoint Security with Windows Process Checking, Protected Workspace and Firewalls
Module9 – Application security
- Overview of top 10 web application vulnerabilities
- Cross site scripting
- SQL injection
- Parameter tempering
- Securing web based application using application security manager
- Deployment scenarios with positive and negative security model
- Understanding packet flow with ASM