National University Corporation, Osaka University

Adopting BIG-IP for Rebuilding the Campus Cloud: Integrating Firewall Functionality into the ADC Appliance Contributes to Reducing Total Costs and Improving Rack Utilization Efficiency

The Cybermedia Center at Osaka University, a National University Corporation, took the opportunity presented by consolidating Osaka University's campus cloud into the new IT Core Building to revamp its outdated ADC (Application Delivery Controller) and firewall systems, which had overlapping functions and an unbalanced system configuration. The center adopted a platform-consolidation model by integrating the functionality of BIG-IP AFM into BIG-IP LTM. Compared to other vendors' proposals for separate systems, this approach significantly reduced costs. By managing both the ADC and firewall on the same appliance, the solution reduced operational workload and lowered the rack space requirements. This improved utilization resulted in the realization of a high-density, highly efficient HPC (High-Performance Computing) system.

Business Challenge

In April 2000, Osaka University established the "Cybermedia Center" by reorganizing existing facilities such as the Large-Scale Computing Center and the Information Processing Education Center. The goal was to create a university-wide center that functions in collaboration with educational and research organizations. Furthermore, the Cybermedia Center has been certified by the Ministry of Education, Culture, Sports, Science, and Technology (MEXT) as an "Interdisciplinary Large-Scale Information Infrastructure Joint Usage/Research Center." It serves as one of eight such hubs, allowing collaborative use and research of supercomputers connected via a network, in partnership with Hokkaido University, Tohoku University, the University of Tokyo, Tokyo Institute of Technology, Nagoya University, Kyoto University, and Kyushu University.

“Supercomputers consume significant amounts of power, so operating them efficiently has been a major challenge amidst rising electricity prices,” says Reiki Kashiwazaki, Assistant Professor at Osaka University's Information Initiative Organization / Cybermedia Center. With cost reduction being an urgent priority, efforts began in 2009 to enhance the power efficiency of resources like CPUs and memory. To achieve this, the university pursued virtualization across as many internal systems as possible outside of the supercomputers. This led to the integration of decentralized systems into what became known as the "Osaka University Campus Cloud" (hereafter referred to as the "Handai Cloud"). However, Kashiwazaki notes that the Handai Cloud faced several major challenges.

"In 2009, there was no concrete estimate of the scale at which the virtualization infrastructure should be built, so the construction policy was decided without a clear picture. As a result, some functions overlapped, and the system design lacked balance and consistency. For example, for ADCs (Application Delivery Controllers), firewalls, and routers, top-tier models from different vendors were implemented. This created a significant mismatch between the resources needed and those provided, and managing the individual models placed a heavy operational burden on administrators."

 

Solution

In September 2014, Osaka University constructed the "IT Core Building" as a central hub for the Cybermedia Center, drawing significant attention from the education sector. The IT Core Building serves as a data center to consolidate all information equipment, including the Handai Cloud, while also providing powerful computing resources—comprising a vector-type supercomputer and a PC cluster—for use both inside and outside the university.

"With the completion of the IT Core Building, we took the opportunity to rebuild the first-generation Handai Cloud, as its equipment leases were expiring. We aimed to address the inefficiencies in its system design and create the second-generation Handai Cloud by incorporating innovative technologies in the design," recalls Assistant Professor Reiki Kashiwazaki.

During the 2014 replacement process, information from the virtualization infrastructure that had been in operation over the past five years made it easier to accurately size the necessary capacity. As a result, although the Handai Cloud, which runs over a hundred systems, was analyzed for load balancing, it was found that it was not handling a significant amount of traffic. Furthermore, the strict SLA (Service Level Agreement) requirements allowed for no downtime, but there was no quantitative justification for this, leading to the conclusion that ADCs (Application Delivery Controllers) and firewalls did not require excessive specifications.

Additionally, with the construction of the IT Core Building, two existing information systems were integrated into the campus cloud. However, this resulted in inefficiencies, as it required two 2U firewalls and one 2U ADC for operations, which were space-inefficient and consumed more power than necessary.

The solution that drew Kashiwazaki’s attention came from a system integrator proposing F5 Networks' ADC appliance, the BIG-IP Local Traffic Manager (BIG-IP LTM), integrated with the high-performance firewall, BIG-IP Advanced Firewall Manager (BIG-IP AFM), into a single platform.

"BIG-IP LTM/AFM offers the flexibility to scale from a minimal configuration to a high-level enterprise configuration, all at a reasonable cost, which was a significant advantage. Additionally, the ability to manage both the ADC and the firewall on the same appliance made it possible for our limited number of technical staff to operate the system without undue burden," says Kashiwazaki.

 

Results

At Osaka University, the process of replacing the ADC and firewall involved evaluating multiple products that met basic requirements, by mapping their functions and performance into a matrix. In the final selection, the options were narrowed down to three models. Compared to proposals from other vendors that suggested separate solutions, the integrated proposal utilizing BIG-IP LTM/AFM was identified as the most cost-effective overall. Additionally, its proven track record in the global market was highly regarded. Following this process, a bid was conducted in September 2014, and the adoption of BIG-IP LTM/AFM was officially decided.

■ Achieving High-Density and Efficient HPC Utilization

"BIG-IP LTM/AFM proved to be price-competitive compared to the separate solutions proposed by other vendors," says Kashiwazaki. "Moreover, BIG-IP LTM/AFM accommodates the functionalities of both ADC and firewall within a 2U appliance. Even with the addition of L2/L3 switches, the entire setup comfortably fit within two racks, resulting in high-density and efficient HPC utilization, while significantly reducing the configuration burden on administrators. This was an essential factor."

■ Handai Cloud Adopts Public Cloud Migration as Its Basic Policy

While Kashiwazaki acknowledges these benefits, he explains that the Information Initiative Organization at Osaka University has a clear policy to migrate to the public cloud wherever possible, rather than expanding on-premises virtualization infrastructure. "Even so, if the utilization of the Handai Cloud increases, leading to higher traffic and requiring greater throughput from the ADC, the BIG-IP LTM lineup includes higher-tier models. This provides reassurance that we can continue leveraging F5 Networks' solutions if needed," Kashiwazaki notes.

The ability to upgrade the performance of BIG-IP LTM simply by adding licenses as an addon is one of the reasons why F5 Networks' ADC solutions are widely adopted globally. Kashiwazaki also recognizes this flexibility as a significant advantage.

■ BIG-IP: The Final Piece That Completed the Puzzle

Reflecting on this project, Kashiwazaki states: "BIG-IP matched the 'puzzle piece' that Osaka University was looking for perfectly. Within the constraints of a limited budget, the product provided all the necessary functionalities we required, fitting seamlessly like the final puzzle piece that completed the system." He emphasizes that choosing the right product to meet their requirements felt like a "destined match."

F5 Networks Japan, which supported the reconstruction of the Handai Cloud with BIG-IP, values this partnership and plans to continue backing Osaka University and the Cybermedia Center’s innovations with a robust support system and a diverse lineup of adaptable products.

 

Osaka University

Osaka University traces its origins back to "Tekijuku," a Dutch studies school founded in 1838 by Koan Ogata. Building upon the legacy of Tekijuku, institutions such as Osaka Medical School and Osaka Medical College were established, eventually leading to the founding of Osaka Imperial University in 1931. It became the eighth Imperial University in Japan and was initially comprised of the Faculty of Medicine and the Faculty of Science. Later, in 1949, it was renamed Osaka University. Following the incorporation of national universities in 2004 and its merger with Osaka University of Foreign Studies in 2007, Osaka University has grown into one of Japan’s leading comprehensive universities, boasting the largest undergraduate student population among national universities.

Benefits
  • Selecting ADC and firewall functionalities within the constraints of a limited budget.
  • Operating ADC and firewall on the same appliance reduces the burden on administrators.

Challenges
  • Overlapping functionalities of ADC and firewall due to the integration of two systems.
  • Managing operations for different models placed a significant burden on administrators.

Products