SoftLayer Fundamentals

Connecting to the Cloud – SoftLayer Networking, Part 2

© 2014 IBM Corporation

Your cloud strategy is your business strategy

Pacesetters use cloud to surface insights from data. They reimagine business
models, make better decisions and serve customers in new ways to create winning
business outcomes.

Almost Nearly

2x
the revenue growth
2.5x
higher gross profit
growth than peers

With so much at stake, you don't want just any cloud…

Source: IBM Center for Applied Insights Under cloud cover: How leaders are accelerating competitive differentiation that surveyed
802 cloud decision makers and users, spanning 13 countries and 24 industries.

3 © 2014 IBM Corporation

Connecting to the cloud – SoftLayer Networking Part 2
Upon completion of this webinar, you should be able to:
• Understand load balancing
• Know the difference between global and local
balancing
• Order a local and a global load balancer
• Configure services in a local load balancer
• Understand the different SoftLayer firewalls
• Understand IP addresses in SoftLayer
• Using SoftLayer’s Domain Name Service
• Interfacing with SoftLayer VLANs

66 © 2014 IBM Corporation

Balancing data with SoftLayer local load balancer
In this topic, you will learn about
• VIP options for load balancing
• Various balancing methods

7 © 2014 IBM Corporation

Balancing data with SoftLayer local load balancer
The SoftLayer local load balancing is based on Array Networks and utilizes industry-
standard techniques. These techniques include round-robin, lowest latency, least
connections, shortest response, and IP persistence to balance traffic among two or more
servers. Local load balancing can be activated and configured in real-time, with servers
added to or removed from the balancing pool on-demand with little or no downtime.

Be aware of the following regarding local load balancing:

• Public network VLAN load balancing only.
• Local load balancing is limited to Layer 4.
• No console access; managed through the Customer Portal.

8 © 2014 IBM Corporation

Selecting VIP options
• Common (shared) load balancing
deployment
• Only one virtual IP address provided:
 250 VIP connections per second
(with SSL option)
 500 VIP connections per second
(with SSL option)
 1,000 VIP connections per second
(with SSL option)
VIP
 2,500 VIP connections per second
connections
per second
• Dedicated load balancing deployment
• Up to eight virtual IP addresses:
 15,000 VIP connections per second
with SSL only
 100,000 VIP connections per
second with SSL only

9 © 2014 IBM Corporation

 Balancing methods
The local load balancer utilizes round robin, shortest response, least connections,
and consistent hash IP as methods to balance traffic among two or more servers in a
data center.

SoftLayer data center

Round
robin

Shortest Local
VIP response
load
connections Least balancer
per second connections

Consistent
hash IP

10 © 2014 IBM Corporation

 Routing to servers

SoftLayer data center

Round
robin

Shortest Local
VIP response
load
connections Least balancer
per second connections

Consistent
hash IP

11 © 2014 IBM Corporation

 Balancing data with SoftLayer global load balancer
In this topic, you will learn about
• Examples of global load balancing
configurations
• VIP options for global load balancing
• Various balancing methods
• Citrix NetScaler load balancer

12 © 2014 IBM Corporation

 SoftLayer global load balancer
The SoftLayer global load balancer is based on F5 Networks and allows you to load
balance your websites between servers in different physical data center locations. By
using an Anycast DNS system, the global load balancer is capable of providing highly
redundant DNS resolution to clients as well as direct clients to the optimal data center site
relative to location.

Be aware of the following regarding global load balancing:

• No console access; managed through the Customer Portal.
• Anycast DNS system is capable of providing redundant DNS resolution to clients and
directing clients to data center sites relative to location.
• Global load balancing is limited to Layer 4.
• Servers are added to or removed from the balancing pool on demand.

13 © 2014 IBM Corporation

 Configuring examples
Below are two examples of how the configure the global load balancer – simple and
complex.

Example
Simple configuration A simple configuration of the global load balancer consists of two
servers in two different locations. With geography-based load
balancing, users are directed to the data center location to which
they are closest. In the event of a failure of either server, traffic is
directed to the remaining server.
Complex A complex configuration of the global load balancer consists of
configuration the global load balancer connecting to multiple local load
balancers at each physical location, with an additional fallback
location available in the event all sites fail.

14 © 2014 IBM Corporation

 Selecting VIP options

Deployment options:
• 50 VIP connections per second
• 100 VIP connections per second
• 200 VIP connections per second
VIP • 500 VIP connections per second
connections • 1,000 VIP connections per second
per second

15 © 2014 IBM Corporation

 Balancing methods
The global load balancer utilizes weight round robin, geography, round robin, and
failover as methods to balance traffic among two or more servers in one or more data
centers.

Resides in
all SoftLayer
data centers
and PoPs

Weighted
round robin

Geography Global
VIP
load
connections Round
balancer
per second robin

Failover

16 © 2014 IBM Corporation

 Routing to servers

Resides in
all SoftLayer
data centers
and PoPs

Weighted
round robin

SoftLayer data center 1

Geography Global
VIP
Load
connections Round
balancer
per second robin
SoftLayer data center 2
Failover

17 © 2014 IBM Corporation

 Using the SoftLayer Citrix NetScaler load balancer
The SoftLayer Citrix NetScaler load balancer is a web application delivery appliance. It is
designed to accelerate application performance, and ensure application availability and
protection while substantially lowering costs.

Citrix NetScaler load balancer is

• Available for deployment in both public and private networks in SoftLayer.
• Only option to load balance non-public network-facing servers and virtual instances.
• Allowed up to, and including, Layer 7.
• Includes 5 TB of public outbound bandwidth and unlimited private network bandwidth per
device.

The deployment options for Citrix NetScaler Standard and Platinum Editions are
• 10 Mbps, 200 Mbps, and 1 Gbps.
• One, two, four, eight, or 16 public IP addresses.

18 © 2014 IBM Corporation

 Using the SoftLayer Citrix NetScaler load balancer (cont.)
Standard Edition
• TCP buffering
• TCP multiplexing
• SSL offload and
acceleration
• Client and server TCP
optimizations
• L4 DoS defenses
• Layer 7 content filtering
• HTTP rewrite
• URL rewrite
• Citrix Access Gateway
• Layer 4 load balancing
• Layer 7 content
switching
• AppExpert rate controls
• IPv6
19
Platinum Edition
• TCP buffering
• TCP multiplexing
• SSL offload and
acceleration
• Cache redirection
• Client and server TCP
optimizations
• Citrix AppCompress for
HTTP
• Citrix AppCache
• L4 DoS defenses
• Layer 7 content filtering
• HTTP rewrite
• URL rewrite
• Citrix Access Gateway
• Layer 7 DoS defenses
• NetScaler Application
Firewall
• Layer 4 load balancing
• Layer 7 content
switching
• AppExpert rate controls
• IPv6
• Global server load
balancing
• Surge protection
• Priority queuing
© 2014 IBM Corporation
 Setting up firewalls in SoftLayer
In this topic, you will learn about
• Managed firewalls
• FortiGate security appliance
• Vyatta gateway appliance

20 © 2014 IBM Corporation

 Working with SoftLayer’s managed firewall
SoftLayer’s hardware firewalls utilize the Fortinet FortiGate 300 Series firewalls. You
select from a dedicated hardware firewall or a standard hardware firewall based on your
need.
• Dedicated firewalls protect one, multiple, or all servers that share the same VLAN for
the highest assurance of uptime.
• Standard firewalls provide individual servers an additional layer of server security.
The firewalls are provisioned on demand without service interruptions.

21 © 2014 IBM Corporation

 Working with SoftLayer’s managed firewall (cont.)

Dedicated hardware firewalls Standard (shared) hardware firewall

Deployment options: Deployment options:
• 1 Gbps dedicated • 10 Mbps
• 1 Gbps dedicated with high availability • 100 Mbps
• 1 Gbps
• Protect an entire defined VLAN. • Applied to individual servers (dedicated
• Designed rules to be applied to entire server or CCI)
VLAN or to single servers in defined • Designed rules for all IPs assigned to
VLAN. designated server or for a single IP
• Managed through customer portal and address on the server
API. • Managed through Customer Portal and
• Provides firewall, anti-virus, and API
intrusion prevention. • Provides firewall and anti-virus based
security.

22 © 2014 IBM Corporation

 Using the FortiGate security appliance
The deployment options for the FortiGate security application are single deployment or
high availability.

The hardware is the same as the SoftLayer managed hardware firewall offering
(FortiGate 300 series).

There is direct access to the FortiGate's console and native management tools. The
console and tools provide complete, granular control over advanced firewall and security
features. These security features include anti-virus, intrusion detection, intrusion
prevention, and VPN capabilities (IPSec, PPTP, and L2TP).

23 © 2014 IBM Corporation

 Using the Vyatta gateway appliance
The Vyatta gateway appliance is designed to allow for advanced network routing and
configuration of a portion of or the entire account for a customer in SoftLayer.

Deployment options
CPU RAM Disk configuration Disk options
Xeon Quad Core 1230 3.2 4 GB JBOD SATA
Ghz 8 GB RAID 0 SATA 10K
Xeon Quad Core 1270 3.4 12 GB RAID 1 SCSI 10K
Ghz 16 GB RAID 5 SCSI 15K
32 GB RAID 10 SSD

24 © 2014 IBM Corporation

 Using the Vyatta gateway appliance (cont.)
Capabilities:
• IPSec VPN tunnels
• NAT
• Firewall services
• Router services

All Vyatta capabilities can be managed through either the SSH shell CLI or by connecting
to the Vyatta Network OS GUI via the SoftLayer VPN and private IP address.

Note: A customer may not have a

SoftLayer shared or dedicated firewall
service and a Vyatta network gateway
device assigned to the same VLAN.

25 © 2014 IBM Corporation

 Establishing additional IP address blocks
In this topic, you will learn about SoftLayer IP
addresses.

26 © 2014 IBM Corporation

 Understanding IP addresses in SoftLayer
Each SoftLayer server (virtual or bare metal) comes with one primary IPv4 address.
Additional IP blocks are available in quantities of one, two, four, eight, 16, or 32.

IP block type Description

Static IP block A block of IP Addresses that are routed directly to a specific IP on
the network.
Portable IP block Any IP block that can be used on multiple servers within a single
VLAN concurrently. Portable IP address are switchable within a
VLAN from server to server. There are two types of portable IP
blocks:
• Routed to VLAN is a static IP block that is routed to an entire
VLAN rather than a specific IP address. This IP block provides
the customer access to all IPs within the block.
• Secondary to VLAN is designed to be used within a virtual
environment. It requires that the network, gateway, and
broadcast IPs be bound directly to the VLAN rendering these IPs
unusable by the customer. This block is used in conjunction with
a virtual machine. (To have one usable IP address for a server
you need at least four IP addresses in a block.)

27 © 2014 IBM Corporation

 Understanding IP addresses in SoftLayer (cont.)
Global IP's provide IP flexibility by letting users shift workloads between servers (even in
different data centers). Global IPs also provide IP persistence by allowing for transitions
between servers and virtual instance’s. This is a direct competitor to Amazon Elastic IPs,
without the limitation of being defined to a specific region.

Deployment options include:

• Monthly charge per deployed IP address.
• IP destination change through the customer portal or API commands.

28 © 2014 IBM Corporation

 Using SoftLayer’s Domain Name System service
In this topic, you will learn about SoftLayer’s
Domain Name System offering.

29 © 2014 IBM Corporation

 Using Domain Name System (DNS)
A customer has four options for using a named server with their SoftLayer infrastructure:
1. Use your (the customer’s) domain name registrar name servers to manage your (the
customer’s) domain names.
2. Use SoftLayer name servers to manage your domain names.
3. Use a third party DNS service to manage your domain names.
4. Run your own name servers on your server to manage your domain names.

SoftLayer DNS services:

• Public option (SoftLayer manages the customer’s domain). Public name servers act
as authoritative name servers for domain names that reside in SoftLayer DNS
servers and are managed through Customer Portal. These servers "answer" and
"resolve" domain names to a company’s IP address for the general Internet
population.

• Private Network. Resolving name servers are located on the private network and act
as DNS resolvers for a customer’s server. The private resolvers slave from SoftLayer
public name servers so they are always up to date. This is a convenience service for
customers.

30 © 2014 IBM Corporation

 Describing a VLAN
What is a VLAN?
Virtual LAN (VLAN) is a networking concept in which network interfaces on different
routers, switches, and servers act as if they're on the same local network broadcast
domain.

How are VLANs used by SoftLayer?

SoftLayer servers are provisioned on “private VLANs” that are created per router (in a
data center) for the public and private networks. See the diagram below.

Public network Private network

DC1
VLAN VLAN
1 5
VLAN
VLAN 4 DC3
2

VLAN
3 VLAN
6
DC2

31 © 2014 IBM Corporation

 Spanning
• VLAN spanning is turned off by default.
• VLAN spanning enables a server or virtual instance connection to multiple VLANs
and data centers on the SoftLayer private network.
• IPs on the private VLANs in a customer account will be able to communicate once
spanning is enabled. There is no current discrete spanning separation.
• Five minutes to 15 minutes to activate VLAN spanning.
• Option is available to span private VLAN of two separate SoftLayer accounts.
• Cost is $25 per account.

32 © 2014 IBM Corporation

 Planning an advanced VLAN design

• A customer can
segment their
provisioned
physical and
virtual servers
onto one or more
private VLANs.
• Customer VLANs
across one or
more data centers
can be
interconnected via
the SoftLayer
private network.
• Distributed denial
of service (DDoS)
protection is
provided on the
SoftLayer public
network via Cisco
Guard devices.

33 © 2014 IBM Corporation

 Questions

?
34 © 2014 IBM Corporation
 Leading Edge
Recommended actions
Sign up for a free 1 month trial account:
http://www.softlayer.com/info/free-
Trusted
cloud/skills100

Within 60 days, register as a SoftLayer

partner with a viable SL opportunity (time
frame, workload, configuration) at: Completely Free
http://www.softlayer.com/partners/ibm-
partners

35
© 2014 IBM Corporation
Attend other SoftLayer Fundamentals webinars or download
the replay and materials at your convenience
Webinar
Topic # Topic
Date
February 25 1 Changing the landscape, not the definition - SoftLayer overview

February 27 2 One size does not fit all – Defining the SoftLayer cloud architecture
March 4 3 Connecting to the cloud – SoftLayer network options, part 1
March 6 4 Connecting to the cloud – SoftLayer network options, part 2
March 11 5 Keep safe – Securing your virtual instances
March 13 6 Storing your data – Understanding SoftLayer storage options
March 18 7 Flexible and on demand – Understanding SoftLayer managed services
March 20 8 You can’t manage what you don’t monitor – SoftLayer management and
monitoring
March 25 9 Evaluating cloud providers - Leveraging SoftLayer differentiators

Please remember to download the glossary of terms

© 2014 IBM Corporation