AUTHORS
Articles by Lori MacVittie
The year 2022 will be remembered as the year the industry finally reconciled itself to the fact that IT is and will be for the foreseeable future, hybrid. The question is, what does that mean for security and, specifically, for app and API security.
Experience is based on perspective, and since you can't build perspective, focus needs to be directed toward architecting a digital service that addresses the technical requirements of a positive digital experience: availability, security, and performance.
Learn how artificial intelligence and machine learning aid in mitigating cybersecurity threats to your IT automation processes.
The explosive and expansive use of APIs is contributing to the rise of headless architecture and providing GraphQL a prominent place in this neomodern application architecture.
Businesses are on a digital transformation journey and the quality of their digital services impact the digital experience of their consumers—be it human, software, or system. App delivery and security is critical to supporting these digital services and enabling companies to compete in a digital world.
While the topic of public cloud repatriation may be taboo, more organizations are doing it. And our research and data indicate companies applying SRE practices are the most significant 'offenders.'
Public cloud is no longer the bright new shiny toy, but it paved the way for XaaS, Edge, and a new cycle of innovation.
Evidence shows a significant shift toward identity-based security, driven by accelerated transformation and the growing importance of APIs. An end result is the eager embrace of zero trust as a foundational approach to security.
Many organizations are planning to deploy data and app distribution workloads at the edge, but to do that will require an edge application platform capable of supporting those workloads. That platform will need to meet the needs of new application patterns and focus on both the ops experience and flow of data and control.
Edge computing is under pressure to simultaneously evolve with each wave of the internet. As we ride the third wave, this next evolution demands the creation of a platform to support new capabilities within the edge ecosystem. A platform that cannot simply be bolted together, but requires a new approach with design considerations at the architectural level.
Not even the stealthiest threats can hide from F5's Advanced Threat Research Center of Excellence. The team conducts rigorous research to unravel the details of today's cybersecurity threats and then shares their insights to help shut them down.
Existing security for the software supply chain is lacking, and it's only going to get worse as organizations modernize ops with SRE approaches. Organizations wanting to survive their digital transformation journey should take this deficit seriously, incorporating secure software supply chain approaches to tooling and operational software from the start.
Complexity is synonymous with operating in multiple clouds. Magnified by the use of APIs and the increasing skills and tools deficit, this complexity isn't going away, but it can be managed.
The enterprise architecture frameworks used by business, established nearly half a century ago, are not sufficient to support today's digital transformation. To successfully become a digital business, business and IT need to modernize their enterprise architecture.
Performance reigns supreme, so much so that businesses would exchange security to see its improvement. In addition, performance presents a significant obstacle to realizing the benefits of multi-cloud strategies and is definitively driving businesses to extend to the edge.
It's become clear that to continue the momentum of their digital transformation journey, organizations need to renew their focus on business functions. While customer-facing experiences are still priority, enabling business functions such as legal, HR, and finance to digitize is necessary. This means CIOs are taking the driver's seat as digital transformation transitions from modernizing aps to modernizing ops.
Traditional cybersecurity methods and tools are falling behind as a digital world offers nearly unlimited targets for attackers. Security companies need to capitalize on new hardware and technologies that leverage AI/ML for real-time detection and mitigation of threats at scale.
The line between operation and digital systems continues to blur as homes and businesses increase their reliance on connected devices, accelerating the convergence of IT and OT. While this trend of integration brings excitement, it also presents its own challenges and concerns to be considered.
AI is quickly being recognized as integral to the success of digital business with adoption across business, operations, and security. An area not as extensively discussed is the benefits of incorporating AI into development for pattern recognition and modeling.
Operating a digital business requires analysis of data for insights. Data bias - the opinionated collection of data - impacts the ability to glean insights for performance, availability, and security, resulting in missed or "false" insights. To achieve a fully digital business, IT and business must develop a data and observability strategy.
Most of us, sharing the trait of being human beings, have experienced what’s commonly referred to as “fight or flight”—an often intense autonomic physical reaction manifesting with a racing heart, tense muscles, and sweaty palms. A sense of panic can accompany the reaction, as well as a decision paralysis that renders our ability to think logically virtually non-existent.
Digital business functions are just as critical to supporting customer experience and legal is starting to get the much-needed attention it deserves. Organizations far along their digital transformation journey are taking a step back to phase one, addressing functions that have remained manual through recent rapid digitization.
In a digital as default world, operations is still too reliant on manual methods and needs to evolve to enable adaptive applications. This evolution requires significant change across all of IT. It needs AI-enabled adaptability that will maintain availability, optimize performance, and ensure security.
As the digital economy grows so does the processing of payments through financial services institutions, and malicious actors are taking notice of the lucrative opportunities this presents. The digital payment ecosystem relies on the use of APIs to facilitate digital financial transactions and the number of API security incidents are growing yearly. Digital firms, especially those in financial services, need to increase focus on securing their APIs to protect their customers and business.
Assuming customer experience correlates only to uptime is a faux pas. CX is impacted by perception, which stems from the overall interaction, not just whether or not the power is on. And CX is not relegated strictly to customer facing apps. Apps primarily accessed by non-human entities (machines, script, etc.) still have a human somewhere in the process. The result: CX is an increasingly important part of digital transformation and pertinent to the development lifecycle.
Observability, aka Monitoring 2.0, is a significant step forward in this technology journey for operators and digital business as they strive to understand and stabilize the relationship between user experience and business outcomes. But it’s only half the battle, and the other half involves analytics and automation.
Compute power in not limitless, and if there’s a limit to our ability to increase size and space as we move to the edge, then we must instead focus on optimization. When we have needed to improve capacity in the past, there’s been an introduction of optimized hardware components. Hardware-optimized computes will be a necessary capability for any application-centric platforms looking to support organizational enablement at the edge.
As businesses continue to move toward a “digital as default” operating model the ease of operations results in an increase of complexity – task automation requires more code, digital expansion requires more connections, AI-assisted business requires more data. And complexity is the enemy of security. Therefore businesses will have to adapt their security stack to keep up.
The explosive growth of automation and digitization along with a trend toward hybrid work models will accelerate the momentum away from IP-based security toward identity-based access strategies.
As business approaches a default-digital model, it necessarily relies more and more on data. Eliminating bias in that data will be a critical step in ensuring that decisions based on that data will lead to the best outcome possible for customers and the business.
Savvy CIOs know that the interface is just that: a means to a much more comprehensive digital experience that crosses functional and organizational boundaries. With most organizations firmly entrenched in the second phase of digital transformation—digital expansion—the need to digitize the entire enterprise architecture should be clearly rising as an inevitability.
Most organizations employ automation with infrastructure as code but still retain control over deployments. Looking forward, we’ll see more of an event-driven approach, where the trigger itself is automated based on an event. This is a significant part of what will make applications adaptive in the future—the ability to react to automatically to events and adapt location, security, and capacity to meet service-level objectives.
It should be no surprise that just as the emergence of cloud gave us cloud-native applications, edge is driving a set of edge-native applications. These applications, however, will not reside solely at the edge. Simultaneously, new architectural patterns are emerging that take advantage of applications residing in the cloud and data center.
Let’s say your cat has wandered off. You can’t find them anywhere and tasty treats are not working their magic today. Then imagine that you could leverage the video doorbells in your neighborhood—i.e., idle compute and processing power from endpoints and nodes at the edge—to find them.
Cloud computing has long sought to remove the need to deal with infrastructure, with APIs and drag-and-drop configuration tools to help keep those adverse to the network and infrastructure from getting their hands dirty. But we can't just ignore it either, or its profile as a key attack target.
User, within the context of the application domain, has always referred to the entity that interacts with an application. Just as shifts in application architectures drive changes in the technologies that deliver and secure them, shifts in the definition of user have driven changes in where apps are deployed.
Edge is one of the hottest topics in technology right now. An increasingly distributed society, workforce, and reliance on digital interactions have driven edge to the forefront of conversation as business faces challenges with security and delivery of the digital services that connect us all.
You might have noticed a few changes at F5 over the past year. First, we’re just F5 now. Not F5 Networks. Just F5. Because honestly, we’ve never been centered on the network.
Automation is a critical component of digital transformation. It is the automation of tasks via applications that is the focus of the first phase of the business journey known as digital transformation.
Like Greek and Roman gods, multiple manifestations of the same persona are evident throughout many mythologies. At the core, each incarnation is a new face to an existing persona. A similar reality is true in the digital world; what we call “applications” can often be considered as incarnations of existing functionality.
Insights come from analysis of data. Consider that right now, as you read this, your human body is generating about 11 million bits of ‘data’ per second.
This framework maps the technology evolution that accompanies the business journey from physical to digital models. Each phase is marked by a business initiative that is enabled by technology.
While there’s a tendency to focus on applications that directly implement a customer experience, every business domain will see the rise of applications that ultimately become critical to their digital presence. These applications, then, become the modern equivalent of a monolith.
Like many proverbs, the origins of "necessity is the mother of invention" is muddled. Often attributed to Plato, it is also ascribed to a variety of other well-known writers. Lacking an authoritative source, however, makes the proverb no less true.
There are many tropes in film and television. We're aware of them, even if we don't implicitly recognize them. A common set of tropes revolves around the hero of a story.
In 2018, Epic Games landed a $15B USD valuation. Many attributed this incredible event to its viral video game, Fortnite. With over 200 million users across the world, the game pulls in billions of dollars a year through microtransactions.
Whether we’re talking digital transformation, application architectures, or the importance of telemetry in maintaining a digital business, the soon-to-be-released results of our annual survey help shape F5's understanding of the market and strategic decisions. This year, we gave respondents a bit more latitude in providing freeform answers. They did not disappoint.
This is the reality of cloud properties. They all use the same mechanisms – APIs, consoles, processes – to perform common operational tasks. This is one of the benefits of cloud. And in terms of onboarding new technology professionals, it can dramatically reduce time required for onboarding.
We recently crested the third wave of cloud. Concurrently, the pandemic has shifted a lot of enterprise attitudes. One has been the approach to remote work. Another is that toward public cloud. In fact, just about every survey out there now says the market is full steam ahead on cloud migrations—but, while certainly related, an important distinction exists between cloud migration and cloud adoption.
Gaming accounts and microtransactions are valuable enough to have become substantial targets for hackers. Given that these accounts—like those in other industries—can be used across platforms (website, console, mobile phone), they can pose lucrative opportunities with multiple attack vectors for those savvy enough to go after them.
Whether through a mobile app using APIs to interface with an existing monolithic mainframe app or via message queues that connect Slack to a traditional client-server based customer service application, the task facing enterprise IT today is not merely to transform monoliths to microservices, but to make microservices talk to monoliths.
The advantages just aren’t about defense; careful control over entry points also results in a multiplicative increase in the efficacy of defenders. It’s no surprise, then, that these principles are often applied in the world of digital security.
As organizations ramp up their generation of data and seek to extract business value from it, analytics and automation powered by AI and ML will certainly be on the table as technologies put to the task. These are exactly the type of workloads that will benefit from optimized infrastructure, and yet they are the ones least likely to be able to take advantage of it today.
While it's true that 2020 has seen different DDoS attack patterns emerge, what is also true is that DDoS attacks at the infrastructure layer are still DDoS attacks. They are what we might call "traditional" attacks. What is changing are targets and opportunities that come with a distributed workforce, along with considerations around 5G and Edge computing.
There's a big difference between knowing something's wrong and knowing what to do about it. Only after monitoring the right elements can we discern the health of a user experience, deriving from the analysis of those measurements the relationships and patterns that can be inferred. Ultimately, the automation that will give rise to truly adaptive applications is based on measurements and our understanding of them.
The industry saw nearly 250,000 attempts of credit card fraud in 2019. That breaks down to about one attempt every two minutes. Detecting fraud today requires a correlation of data, collected from as many points in the digital workflow as possible, and the ability to analyze it at speeds far greater than manual data processing can offer.
One of the biggest impacts of digital transformation is the disruption to application development. Historically, the introduction of new architectures into app development generally takes several years before it kicks into high gear and sees mainstream adoption.
The issue of remote access has become a priority as our response to the pandemic continues to encourage, if not require, working from "anywhere but the office." The first wave of remote access concerns was focused on users. How do they access ...
While SaaS is not really all that new, what is new is the range of activities being commoditized and packaged as SaaS. All manner of business functions are joining CRM, SFA, productivity, and communications as SaaS offerings. And we anticipate that organizations will quickly jump at the chance to offload the operation of such software to a provider.
There are two walls in the delivery path for applications. The first (which has been the cause of much friction) is between development and production. And while DevOps methodologies have begun to break down this wall, the other—the one between production and delivery to consumers—is not so easily breached.
Over the years we've seen a lot of industry trends come and go. Two—cloud and mobility—fall into what we might call "mega trends." These are movements within the industry that have...
Most organizations are operating in multiple cloud properties in addition to their own on-premises private cloud. For the past three years we've asked about the challenges and frustrations professionals in every role within IT experience while operating in this mode.
In the three phases of digital transformation, the first phase is all about automation. The focus on digitizing of workflows in phase two will ultimately offer business a path forward to the third phase, where data-driven services will generate actionable insights that improve efficiency, reduce process friction, and increase both productivity and profits.
First confined to the data center, Application Performance Monitoring (APM) has become increasingly context-driven around web-based user experiences. Today, it isn't enough to identify what went wrong after the fact. Businesses need to identify where trouble might occur before it happens.
There is an ebb and flow to technology cycles. Its inevitability is extant in many theories, such as the S-curve of innovation and a certain well-known analyst firm's hype cycle. Cloud is subject to these same waves. We've seen two very strong cycles over the past ten years, and it appears that a third wave is beginning to crest.
Based on our research, you are almost certainly in the 87% of organizations that operate applications across multiple cloud providers. Of that majority, you're also most likely to employ between two and six different public cloud providers. More than half (51%) of organizations do.
The term 'cloud-scale' is often tossed around blithely. It's used in marketing a lot to imply REALLY BIG scale as opposed to, I suppose, traditional not-as-big-but-still-significant scale.
Data comes from a variety of sources across the code-to-customer path. Applications. Platforms. Application services. Infrastructure. Devices. All are capable of emitting data that can be turned into business value by the right solution. The elephant in the room during any discussion on the use of data is, of course, privacy.
Digital payments have become as common as cash used to be. Shutdowns due to the COVID-19 pandemic have only accelerated the rate consumers rely on such services. But it has also accelerated digital payments on the corporate side. After all, businesses still have accounts payable and receivable whether they're open to the public or not.
Perhaps the biggest impact on operations due to the abrupt migration of consumer and employee to digital experiences is availability. Certainly, a significant percentage of organizations struggled with remote access as workers moved from the office to the home. But only some workers wound up working from home while entire populations were suddenly reliant on digital equivalents of day to day life.
Recently, I was reminded of the importance of calibrating measurements when I re-entered the realm of reef keeping. Like rapid changes in the application landscape, reef keeping has dramatically changed in the past five years.
Amid this pandemic, the systems processing unemployment claims in many U.S. states found themselves in peril. Developed using COBOL, the systems faced overwhelming demand, prompting urgent calls for those proficient in a programming language dating back to 1959. In parallel, many applications driving contemporary digital transformation efforts are microservices-based. These apps, like their COBOL forebears, are likely to be so critical that they, too, may still be running in 50 or 60 years.
In days gone by, the app services (the data path) delivering apps was straight and narrow. All apps basically traversed the same set of services over the same network.
Extraordinary times call for extraordinary measures. Many people have uttered this phrase since COVID-19 forced us from our offices into our homes to work remotely. One of those extraordinary measures has been ...
An insertion point is an architecturally distinct location in the code to customer data path at which it makes sense to add functionality that is often outside the purview of development or operationally more efficient. Insertion points include the client, infrastructure, and the app itself. So, what we're looking for are app services that are both operationally and cost efficient at the point of insertion; in this case, we're focused on the app server (platform) itself.
This componentization of IT is like the componentization of the applications it is tasked with securing and delivering. Estimates range from 80 to 90% of modern applications are composed of third-party components; most of which are open source.
The dominance of video and SaaS traffic today is, in part, why remote access services are being overwhelmed. In parallel, the rise of telemedicine during this pandemic is increasing and along with it, live video traffic. One way to increase capacity and improve performance for remote users is to update your remote access configuration to reflect the modern makeup of application traffic.
For more than a decade now, the term cloud has promised agility as one of its primary benefits. Surveys and studies often cited the elusive and nebulously defined "agility" as a key adoption driver of all forms of cloud.
The inescapable truth of this survey is that the life of a network operations professional is increasingly automated. From configuration changes to ...
Before you dive in, we wanted to reiterate that DevOps is unique. If you think they're just developers who write scripts and manage CI/CD pipelines, you'd be wrong. If you thought they were just operations ...
When organizations adopt new architectures and develop new apps, they don't throw away ones that already exist. While there's always some culling of the portfolio that's taking place over time, it’s generally true that apps put into service years ago using traditional architectures are still ...
When we dig into the state of application services each year, we don't just focus on app services. While that's certainly our primary interest, there are a plethora of trends and technologies that impact app services in general.
Are we just using telemetry because it sounds sexier than data? Ultimately both data and telemetry are organized bits of information. To use them interchangeably is not a crime. But the reality is that, if you want to be accurate, there is a difference. And that difference will become increasingly important as organizations march into the data economy.
A growing number of app services are an integral component of a cloud-native architecture. This is, in part, why we see a shift in responsibility for app services away from IT operations toward DevOps.
Months of analyzing over 2600 responses to our State of Application Services survey have culminated in a fascinating look at the impact of digital transformation on organizations around the globe. Companies are in progress on a technological transformational journey. Four in five executives told us they are acting on digital transformation initiatives, and that those initiatives are driving adoption of cloud-native architectures and app services—with automation and security also top-of-mind.
As organizations march steadily on their journey through digital transformation, the issue of integration becomes critical. In addition to the obvious ...
The inability to verify the integrity or correctness of data should be of significant concern to those organizations pursuing digital transformation efforts (which rely heavily on data). That data will be used not only to conduct business but it also forms the basis for pattern and behavior recognition. Accordingly, it will power advanced analytics that automatically make operational and business decisions without human intervention.
API stands for Application Programming Interface. Over the years, it has evolved from a tightly coupled imperative specification to a loosely coupled declarative model. Regardless of implementation and the mode of invocation, APIs tend to be associated with app development. But another API economy has been steadily expanding. It lies within operations. And in that domain, the "A" in API stands for automation.
Application architectures have evolved several times since the early days of computing, and it is no longer optimal to rely solely on a single, known data path to insert application services. Furthermore, because many of the emerging data paths are not as suitable for a proxy-based platform, we must look to the other potential points of insertion possible to scale and secure modern applications.
Consider this: 54% of containers live fewer than five minutes. Predictably, this leads to security topics. If you’re trying to secure access (and you should be) and trying to protect the app or API running in that container, you've got to make sure your security services are constantly adjusting policies to match the current state of the cluster. That's a lot of change going on, which means a lot of operational overhead.
Digital transformation is about moving technology from business interactions to processes to new models. At first, it's about apps. But as app portfolios expand, it turns to focus on automation and orchestration. With the increase in data generation, transformation becomes the pivot point for new business opportunities.
A Dimensional Research survey of more than 3000 mobile app users confirmed what many of us believe about customer expectations today.
Did you know that when Sysdig looked at its customers this year it found more than two million container instances running on-premises and in the public cloud? More exciting (for us, at least) was the data point that NGINX was running in 60% of those containers. That’s a lot of NGINX.
Cloud-native applications are being built at a good clip. While they're not quite dominating app portfolios just yet, they are increasing in number.
APIs create value through their ability to abstract at the application layer. For example, the use of an API to abstract access to internal systems and data provides a way to simplify and automate access to legacy IT systems.
It doesn’t matter how fast you can deliver if deployment delays release. While NetOps are warming up to automation and orchestration, there are significant challenges facing their efforts to speed up deployment.
Visibility is an often-cited challenge typically referring to the ability to inspect traffic, transactions, and errors that occur during an application's execution.
We are thrilled that Intel has named F5 as a 2019 Leaders Board partner in the Intel® Network Builders program. Our strategic partnership with Intel has, for more than 15 years, enabled F5 to use Intel technology to deliver optimized, highly performant application services for both enterprises and service providers.
Digging through Sumo Logic's latest data - compiled from actual usage of more than 2000 customers - we see an increase in Kubernetes usage specifically in AWS.
Breaches abound. Vulnerabilities are discovered on a daily basis, and the patch gap doesn't seem to be getting any smaller.
The open source movement has always focused on freedom. The freedom to choose the solution that works best for you given skills, budgets, architecture, and goals.
Our understanding of the role of application services in an increasingly application-centric business world has grown considerably thanks to the thousands of respondents who take time to respond every year.
The average person now has more than 80 apps installed on their phone. That same person interacts with an average of nine of those apps every day, and thirty over the course of a month.
Who reading this is running OpenStack in their production environment? Prometheus? Perhaps you're generating Grafana dashboards? GitHub. GitLab. Nagios. Jenkins. Ansible. Puppet Enterprise?
Along with the larger container ecosystem, service meshes continue to plow forward toward maturity. We're still in early days, though, and there are a variety of approaches being applied to solving the problem of intra-container traffic management with service meshes.
Predictions that the data center is dead - or at least on its death bed have been made many times since the ascendancy of cloud to the majority industry mindshare. And it continues to be wrong.
Businesses want speed. One of the impacts of digital transformation - and the associated pressure to succeed in an app economy - is the desire to move at speed.
The first thing to note is that cloud-native, despite its name, does not require cloud.
This September, in Seattle, NGINX will be hosting its annual conference. I'm already booked to go and you should (very seriously) consider attending, too.
One of the interesting – and more frustrating - things I've noted over the years is the differences between how network engineers and application developers see apps. We've seen this in the way applications are depicted on network diagrams and, conversely, the way networks are shown on application architecture diagrams.
In the days of yore, transmissions in cars were manual. Some might have referred to them as a "stick" thanks to the mechanism by which you shifted gears. In those days, an automatic transmission was something special that you often had to order.
In traditional network infrastructure there are generally three architectural planes associated with network infrastructure: data, control, and management.
When it comes to breaches involving apps and data exposure, fingers are almost always pointed at developers. Many times, this is the right direction. Injection attacks and stack-based exploits are almost always the result of insecure code.
Lori MacVittie continues our blog series surrounding F5’s acquisition of NGINX, discussing the concept of operational simplicity.
Let's stop spending so many cycles on what to call each other that we miss the opportunity to create a collaborative environment in which to deliver and deploy apps faster, more frequently, and most of all, securely.
When it comes to multi-cloud consistency, Lori MacVittie discusses why a failure to recognize the two different types of consistency - functional and operational - and their importance is at the root of the problem with implementation.
The path to production is not a product. It's a process. And it's a process that needs to be collaborative and delivered in parallel whenever possible to improve time to value and enable successful application deployments.
It is the use of cloud-provider security services that can dramatically impact the operational costs of doing business in the cloud - especially when it comes to managing application services infrastructure. Lori MacVittie discusses how augmentation and strong password practices will help constrain the cost of doing business in the cloud.
Because such transitions take time - we're still almost all operating in a multi-cloud model today, after all - it's important to find and take advantage of architectural options that maximize benefits without compromising on core customer needs like availability and security. Using a two-tier architectural approach provides both without constraining containerization efforts.
With a staggering 60% of users experiencing a container security incident in the past 12 months, if you aren’t already practicing safe containerization, Lori MacVittie shares five steps to consider putting into practice.
We look at the trends and changes in application services usage – across security, performance, and identity/access – from the first quarter of 2019.
The majority of organizations across the globe and in every industry are currently in process of digital transformation. Lori MacVittie looks at the latest trends surrounding the digital economy and supply chains to better understand how enterprises are changing how they develop apps, when they deploy apps, and with what architectures.
Operations needs integration. Without it, we can't automate processes (which is what orchestration is) because processes necessarily span multiple systems, services, and devices—each of which likely has its own operational domain and toolset.
We are nearly numb to breaches today because they happen with such alarming frequency. At the same time, we are so enthralled by our own brilliance in cryptography that we forget that most data at rest—tucked away inside databases—is unencrypted.
Bringing together F5 and NGINX, we will be able to satisfy the requirements for “reliability” no matter the definition. Whether that applies to the reliability of small, developer-driven deployments scaling modern applications or large deployments scaling application services and traditional apps alike, a combined portfolio will offer customers the ability to use the right tool for the right app.
There is a growing demand for APIs. Whether helping to fuel the digital economy by enabling mobile apps or internally pumping up productivity through automation and orchestration initiatives, APIs are everywhere.
As the world of container technology matures, so does the integration of the enterprise-class technology required to support it, encouraging traditional offerings to move in the direction of container orchestration environments like Kubernetes.
Today, both traditional and modern architectures are valid and necessary for business to succeed in delivering digital capabilities faster and more frequently and, most importantly, in the most efficient way possible to support its most valuable asset: a multi-generational portfolio of applications.
Digital transformation is driving growth of application portfolios and changing the way in which they are developed, delivered, integrated, and ultimately even consumed.
The challenge of consistent security across applications remains. One of the culprits appears to be that application services aren't always moving with the applications they protect.
Componentization is great for development and certainly aids in speeding up time to value. But it can have a negative impact on performance - and security.
Looking forward, F5 and NGINX can enable enterprises to address one of IT’s most pressing needs: fast, frequent deployments across a varied set of application architectures residing in multiple cloud properties. We believe that doing that successfully depends on NGINX remaining open source and being driven in large part by the community that built it.
DNS remains one of the least appreciated application services in existence. Its role is so important, that its failure is considered catastrophic.
We have to move from relying on Moore's Law to increase our capacity and speed to relying on a system of systems that scales itself to process more data, more frequently, and faster than ever before.
Given the slow but steady adoption of HTTP/2 and the security challenges posed by HTTP/3, the latter is likely to face a long, uphill road to adoption for the foreseeable future.
Fail fast is the mantra of speed today. Whether DevOps or business, the premise of operating in a digital economy demands uptime as close to perfect as you can get it.
Team structure matters. Not just because of the need to encourage a more collaborative culture, but because of the way it impacts decisions - including technology choices.
Microservices and Function as a Service (FaaS) often facilitate Agile development because a relatively small team can design, develop, and then refine a service much more quickly than they can a large, monolithic application. But there's another interesting benefit of microservices and FaaS that isn't being touted as much as it should: security.
For five years we've asked thousands of respondents across every role in IT and around the world a simple question: What one thing would you never deploy an application without? In other words, what's the most important thing you can provide for your applications?
By layering an F5 Advanced WAF in front of a 3scale API gateway, you can benefit from additional security measures that include the use of IP intelligence to identify threats faster and more accurately, the ability to offer a secure API façade internally or externally, and protection against a variety of application layer attacks.
While most of the focus of programmability is on operations today, there remains a significant amount of data path programmability that's vital to enabling consumers to interact with applications.
Function as a Service (FaaS) is quickly finding use in a variety of operational and development contexts. And while the rising star of cloud computing is often mentioned in conjunction with APIs and IoT and mobile apps, there is significant use outside development for the technology.
We know that just about half of the traffic on the Internet today is generated by bots. Some good, mostly bad. Operational efficiencies from automation and machine learning—usually discussed in a more positive context—are also being weaponized to perform reconnaissance probes and attacks alike.
The strategic importance of data can only be realized through an application. And an application can only fulfil its purpose by interacting with data. This strategic codependency can be clearly seen in this year’s State of Application Services report.
Container adoption has been a steady course to consume budget for a couple years now. What may be a surprise is the reasons behind that adoption. Spoiler alert: it isn't really about microservices.
As DevOps has continued to press its case inside of IT, we've seen the adoption of automation and "as code" methodologies, including growing use of CI/CD tools like GitHub enterprise and Jenkins within the production pipeline. This post from Lori MacVittie and the Office of the CTO takes a closer look at Infrastructure as Code and what F5 is doing to enable and support it.
APIs are the new CLI. Increasingly, it is through an API that infrastructure and application services are provisioned, configured, and operated. Between automation and integration into deployment pipelines, the API is a critical component that every device—hardware, software, on-premises, or cloud—must have.
Diving into application services alone is (almost) always interesting. But delving into the applications, environments, trends, and technology that drive organizations to use an average of 16 different applications services gives us a valuable glimpse of what IT and business will look like in the next year.
Lori MacVittie comments on the role of cloud and application services in the context of F5’s upcoming State of Application Services report. In all its forms—public, on-premises private, and SaaS—cloud has maintained its place of strategic importance, impacting the application services deployed, the tools and technologies used to automate and orchestrate IT, and even in the evolution of team structures inside organizations. Will this year continue the trend?
Lori MacVittie: For as long as I can remember—which is a long time—the siren call of a single pane of glass through which to view and operate infrastructure has lured IT. Like the Holy Grail, it has never been discovered and a good many IT professionals have become cynics as to its existence.
Serverless is the rising darling of the cloud world, but it's often misunderstood and attributed with almost supernatural powers to reduce costs, speed time to value, and make you breakfast in bed. And if that wasn’t enough, it’s also frequently conflated with Function as a Service (FaaS).
As the worlds of DevOps and NetOps collide and container environments subsume definitions traditionally used in the network, let’s explore the use of the often-confusing term "ingress" in terms of the data path and container environments.
Cloud showed us a better way to onboard, provision, and operate network and application infrastructure—aspects that have been steadily pushing their way into the data centers of organizations worldwide. But the digital transformation that began with cloud is now seeping into on-premises systems to bring about something far more interesting: the breakup of the network.
It’s important to recognize that it’s not always NetOps teams that get in the way of deploying the latest thing/app/service. Impediments to speed are often due to a failure to adopt all the premises of DevOps as organizations seek to transform IT operations.
Lori MacVittie: There remains a tendency to equate containers with microservices. And by equate, I mean “use interchangeably.” This is a bad assumption.
Mainframes have a bad rap in IT. They are viewed as dinosaurs, when the reality is that they provide a significant source of computing power for many organizations—computing power that’s growing in use. They also have more to do with DevOps, Agile, and other modern methodologies than you might think.
Lori MacVittie highlights F5 Labs research on global attacks against IoT devices from January–June 2018, pointing out the sobering implications. Not only do IoT devices continue to be exploited, but they are being transformed into attack platforms, meaning attackers can better take advantage of what’s emerged as a guaranteed growth market.
A particularly compelling advantage of applying machine learning to application security is that it focuses on constantly learning what is normal and identifying what is not. Lori MacVittie explains how layer 7 Behavioral Denial-of-Service (DoS) protection is like a flu vaccine that's capable of detecting the virus responsible based on its behavior rather than its actual composition.
Cryptography is naturally a computationally expensive process, meaning it takes more CPU cycles to encrypt or decrypt a message than to execute business logic. For cloud deployments, these added CPU cycles have been an accepted cost because the point is to shift capital costs to operational expense. But decrypting and encrypting a message multiple times—at a non-zero cost each time—can really add up.
In technology, simplification means abstraction, with declarative interfaces serving as a good example of that abstraction. By simplifying the interfaces used to provision, configure, manage, and integrate infrastructure today, declarative interfaces democratize infrastructure and open up opportunities for both NetOps and DevOps.
It’s time again to dig into the application services organizations are actually using to make apps faster and safer. Of note this quarter again is a continuing rise in use of bot defense services, as well as growth around analytics-related services.
Generally speaking, “ignore vulnerabilities” is not something you expect to hear from a security company. And you certainly don't see “ignore vulnerabilities” paired with the notion of “improving security.” But now you have. F5’s Lori MacVittie is kind enough to elaborate.
When approaching your production pipeline “as code,” it’s a certain bet that multiple sets of operators and developers will be responsible for it. This lies at the heart of the push for standardization—especially as NetOps takes the plunge into developing and maintaining systems to automate and orchestrate elements of the network and application service infrastructure.
Just as it’s true that the application platform—the web or app server or app engine—must be provisioned first, so too must the network and application service platforms be provisioned before they can be configured. Increasingly, and especially in cloud environments, that provisioning and configuration process is driven by systems like HashiCorp's Terraform.
Speculation continues around why businesses and industries formerly reluctant to officially encourage open source software use have suddenly embraced it. Most often, the legacy culprit is assumed to be a fear of legal liability. But another catalyst is the driving force of digital transformation.
Serverless means developers don’t need to worry about infrastructure. And the business, too, sees value in its speed and efficiency. Combined with the frictionless nature of deploying code with serverless, you can be out the door with functionality in hours rather than weeks or months.
Infrastructure, Configuration, Pipeline, Operations. Suddenly everything is “as code.” Lori MacVittie attempts to sort through the terminology and identify the different components within a continuous IT stack.
Lori MacVittie explores how the industry has found itself with a strange hybrid of Service-Oriented and Microservice architectures that leaves many wondering where one ends and the other begins.
When we recently polled IT ops practitioners on the ‘State of Network Automation,’ we found the market experiencing a number of challenges. Among those cited specifically by NetOps professionals was a lack of integrated tools with which to move forward with automation efforts.
The goal of automation in almost any industry focuses on optimization and eliminating bottlenecks. In the world of IT, that typically means addressing the in-between steps of an operational process.
From day one of development through post-deployment, the choices we make regarding the security of the entire application stack play out with far-reaching consequences.
APIs are not integration. They are a means to implement integration. And judging by the challenges seen in the industry, they aren’t enough for IT to get continuous.
The evolution of F5’s annual survey now emphasizes the application services you need rather than the platforms you use to deliver them. Learn more and participate in the survey today!
It’s time again to dig into the application services organizations are actually using to make apps faster and safer.
Lori MacVittie comments on a recent report from Lacework highlighting the need to reiterate one of the common core security rules: Thou Shalt Not Leave Admin Consoles Open
Just as previous app architectures have driven responses in the network infrastructure, so are containers and microservices. Only this time the changes aren’t coming in the form of a new box. What’s happening now is the move to integrate the application services developers need into the container environment.
For decades, application services have been deployed on shared platforms. But emerging application architectures such as microservices are forcing changes in the production pipeline that better map to modern deployment schedules and operational practices like infrastructure as code.
From F5’s Office of the CTO, Lori MacVittie draws connection points between DevOps practices and F5’s new declarative interface that decreases reliance on APIs and increases the ability to implement a fully automated, continuous deployment pipeline.
Lori MacVittie explores the potential of achieving an ‘MVD’ for an application by adopting a per-app architecture for its tightly coupled app services.
The association of a singular identity with an IP address is so tightly ingrained in our heads that we tend to apply it to other areas of technology. Even when it’s utterly ineffective.
The data shows that despite the challenges inherent in automation, NetOps aren't nearly as far behind as some posit.
Sometimes I love reading commentary from El Reg on IT and technology. Delivered with just the right amount of bite, their bark is often right on target. Other times, though, they miss the mark.
So says the data. It would be easy to dismiss the importance of network automation by claiming that the size of your organization
Or is that ‘tears’ of frustration? ¯\_(ツ)_/¯ Perhaps it’s both.
There is a relationship between network and application architectures. Usually we like to talk about how changes and shifts in application architectures impact the...
In a more balanced world, application users would have the same level of concern for the security of their data as they do for their access to it.
Oh yes. It’s happening. Consider making it a part of your overarching cloud strategy to make the process less painful. What do the following have in common? Salmon, Canadian Geese, Monarch butterflies, and applications. If you guessed all of...
Back in 2015, I noted that Software was Eating IT. That was based on data culled from a variety of industry sources included RightScale, HBR, PWC, and others. From development to deployment to delivery, software was taking over everywhere. But...
Sure, a data breach may cost more (at least right now) and it certainly forces your failure into the limelight (you gotta notify) but security can’t be just about data exposure. These days you only hear about a breach if there’s been a data...
As a developer, my favorite editor for writing code is vim. I know, I know. But it’s fast, I can get around in it, and it isn’t emacs. (Yeah, I went there.)
There’s an old business axiom we all know that goes like this: The customer is always right. In this digital economy, it turns out that axiom has to change to read: The customer’s data is always right. Let me illustrate with a little...
There are days when the jargon coming out of container land makes your head swim. With each new capability or feature offered by related solutions – service mesh, orchestrators, registries – seems to mandate a new term or phrase.
The Hunt for IoT by our own F5 Labs threat researchers continues. Its latest report exposes not only an active search for vulnerable IoT devices, but the targeting of build infrastructure.
When I was a wee lass getting ready to deliver my company’s very first Internet-enabled application, I learned a valuable lesson. It wasn’t about technology. It wasn’t about the Internet. It was about processes and how frustrating they can be t...
It’s time again to dig into the application services organizations are actually using to make apps faster and safer. Of note is a rise in use of bot defense services and the slow but steady inroads being made by HTTP/2. While not an application..
Apps are under siege. Attacks occur with alarming frequency – every 39 seconds according to research conducted by the University of Maryland
Discover the key findings of F5's fourth annual State of Application Delivery report.
Lori MacVittie continues her series on “The Art of Scaling Containers”, after touching on discovery and distribution, this blog digs into retries.
Like multi-cloud, automation can be (and should be) strategic. In a perfect IT world, we would see the smooth road of (internal) digital transformation follow a predictable path to success. It would start with the selection of platforms and...
Apps are the strategy upon which business has staked its digital survival, and F5 Labs research shows they will remain under siege in 2018. This year, let’s resolve to be vigilant in their protection, no matter whether they lie over hill in the...
Lori MacVittie decided to put down in digital ink what the data and technology cycle is showing will be pretty much a given in 2018.
Whether we like it or not, HTTP is the de facto application transport protocol of the modern age. We use it everywhere. It’s as ubiquitous as IP and TCP, and serves much the same purpose. Its only goal is to transport the digital gold of today’s...
Back in 1983, a group of like-minded folks in the computer and telecom industries got together to create a detailed specification they called the Open Systems Interconnection (OSI).
When considering vulnerabilities, remember application security is a stack. You may have heard me say this before, but sometimes we need a reminder that modern applications are never deployed alone.
The data path contains multiple insertion points at which a WAF can be deployed. But that doesn’t mean every insertion point is a good idea.
Okay, NetOps. As you’re getting all automated up and scripting your hearts out, it’s time for a gentle reminder about security. I’m not talking about firewalls and WAF or other security services you may be responsible for.
Learning online is big. Especially for those who self-identify as a developer. If you take a peek at Stack Overflow’s annual developer survey...
We are, I think it’s safe to say, universally delighted by technology. The mundane is transformed into the magical by the mere introduction of technology. The novelty wears off after a time, of course, but by then there’s some other task that has...
It has been said – and not just by me – that encrypted malicious code is still malicious code. The encryption does nothing to change that...
Don’t let anyone tell you hardware doesn’t matter. Hardware is everywhere. In every mobile phone. Every Fitbit and techno-gadget we own. In our cars. In our laptops and tablets. Increasingly, it’s in our appliances. In our watches. And apparently,...
To untangle the complexity inherent in IT automation today, we need to find a better way to construct the workflows that represent the processes used to deploy, manage, and configure IT infrastructure.
IT has to embrace standardization of the code that makes IT go or risk creating systems that syphon off the financial and efficacy benefits of IT automation. I spent nearly a decade developing software. Embedded software. Web software....
In January of 2017, the very popular MongoDB suffered what seems to be becoming a fairly predictable tactic for attackers: taking data hostage. Subsequent investigation noted that for the most part, attackers had exploited … nothing.
There are two sides to every coin, so the old adage goes. It goes without saying that both sides of the coin are the same color even if they bear different images. So we discovered when we dove into the middle of DevOps and NetOps. W...
While apps represent opportunities to improve productivity and increase profits, poor performance and annoyed users bring these gains to a halt.
The slow but steady migration to cloud-based environments has had an impact on many aspects of IT. One we rarely make mention of is administration. But we should.
App security is a lot of things, but sometimes we need to stop and consider what it isn’t, particularly as the volume and frequency of applications developed and deployed to meet the insatiable demand continues to rise. 1. Not a high priority A...
We hear a lot about the digital economy and the API economy, but the experience economy is what both are powering.
Continuous deployment doesn’t have to mean every change, every time, right away. But it does have to start somewhere. CI/CD (Continuous Integration/Continuous Delivery) is the domain of developers. It’s the overarching model for improving speed...
There is little doubt (in my mind, at least) that the new standard operating model for enterprise organizations is based largely on cloud. I use the term “cloud” as a broad umbrella for both private (on-premises) and public (off-premises) cloud...
There's potentially a gulf of pain between using cloud services and successfully using cloud services. How will you know if you're being successful? You need the metrics that match your priorities: agility, TCO, reach and productivity.
Applications are moving to public clouds. Maybe not as fast as the market predicted (hoped?), but they are moving.
Everyone’s got one (yes, even us) and all of them are enabled by the (other) API economy.
Lori MacVittie comments on the evolution of the network, and the next wave of architectures rolling in (that’s serverless).
Without the cultural change to a more open, collaborative cross-IT environment, many of the benefits of DevOps can’t be fully realized.
The integration of virtual (software) based network and application services into the CI/CD pipeline is a lot more real than some might think.
Throughout history, certain places have been anointed with the term “gateway to the _____.” These locations are famous for being strategically important for the defense of a kingdom or as a pathway to new opportunities.
Many folks eschew the “cultural” component associated with DevOps. But bound up in “culture” is “communication,” and communication is critical to success not just of DevOps, but for any automation and orchestration efforts in the enterprise.
The success of SaaS is largely due to companies being able to identify and encapsulate in software commoditized business processes. The same holds true for network and infrastructure teams inside the business.
For several years now, my cohort Cindy Borovick and I have conducted, compiled, and analyzed thousands of responses from IT professionals across the globe in response to our State of Application Delivery surveys. The primary focus of this survey...
Executives aren’t nearly as giddy over DevOps as those in the trenches, and the answer may be found in one of these three key concerns.
SDN, which started out with a roar, was last seen whimpering by the side of the technology highway watching containers and DevOps speed by on their way to an invite-only party in the enterprise without so much as glancing back at the recent...
Amidst the rush of consumer-facing ads and releases during the 2016 holiday season, Amazon made quite a stir when it announced it was embracing hardware.
Whether it’s related to home automation or personal fitness, the consumer consumption rate for things shows no signs of stopping.
From State of Application Delivery 2017 – The transition from HTTP/1x to HTTP/2 is of great interest given its potentially disruptive impact.
Digital transformation cannot be focused solely on the outside, it must include the inside as well. This year’s buzzword bingo card includes the amorphous phrases “digital transformation” and “API economy.” They have real meanings, but they’re...
Cloudy insights from the State of Application Delivery 2017 – Control. We use that word a lot. Control yourself! Control your own destiny! Control your financial future. Find out how! Control is a simple word that connotes a very powerful concept...
We asked 2000+ IT pros about their plans for apps, cloud, app services and security--and what they really think about DevOps & SDN.
Thanksgiving and … turkey. Christmas and … trees. Containers and …. microservices. If the first word you thought of for each of those matches my expectations, then you’ve fallen prey to over-association in the technology market today.
A cloud-ready application delivery controller is not your traditional ADC. Available for deployment on custom or COTS hardware, it’s a scalable software-solution supporting both the need for fast, secure, and available delivery and...
A cloud-ready application delivery controller (ADC) is not your traditional ADC. Available for deployment on custom or COTS hardware, it’s a scalable software-solution supporting both the need for fast, secure, and available delivery and...
A cloud-ready application delivery controller (ADC) is not your traditional ADC. Available for deployment on custom or COTS hardware, it’s a scalable software-solution supporting both the need for fast, secure, and available delivery and...
It has been 10 years now since Amazon set the digital world on fire with the introduction of Amazon Web Services. Or as most of us today call it, public cloud. Since then, the landscape has grown increasingly cloudy, with a variety of new models...
A cloud-ready application delivery controller (ADC) is not your traditional ADC. Available for deployment on custom or COTS hardware, it’s a scalable software-solution supporting both the need for fast, secure, and available delivery and...
Cyber. Things. Security. DDoS. These are digital disruptions; the modern equivalent of enemies at the gate.
And scale leads to speed. And speed leads to success. Suppose one engineer can process a change request in two hours. Suppose another engineer can process that change request in 1.5 hours. If they work together, how long will it take for them to...
Current infrastructure cannot handle the projected explosion of data, connections, and traffic as the world moves into the digital economy. We talk about the digital economy but we don’t often dive into the specifics of what that really means....
Cloud, compliance, and certifications. It's a complex world out there.
No, not that kind of speed. The other kind of speed. Velocity, the speed with which applications can be developed and released into production, is a common driver of organizations adopting agile development methodologies and DevOps for...
To say that Docker’s container technology is experiencing explosive growth and adoption is not mere hyperbole or wishful thinking on the part of its highly vocal advocates. Nary a day goes by that does not include some new use of the technology or...
For the past few years we (as in the corporate We) have delved into the data center to discover how and why and where enterprises deploy and deliver applications with our State of Application Delivery surveys. We’re focused, of course, on...
There has emerged two distinct models of “going cloud.” The first, most obvious, is the native approach. Native meaning new, either greenfield or rewritten. The native approach encourages a narrow focus on the application, the assumption being...
"The Internet of Things (IoT) continues to be a topic of interest. And while consumer oriented gadgets and gizmos tend to make headlines, it’s the behind the scenes, in the data center prep work being conducted by early adopters that remain more..."
Technology tends to use a lot of words interchangeably, but in some cases, the difference is actually pretty profound.
You might have figured out that yes, I’m one of those people playing Pokémon Go. Or, as is often the case of late, not playing Pokémon Go. That’s bad, because it also means our youngest is not playing, because as it turns out we’re bot...
Grand Rapids is the second-largest city in Michigan, located in the lower peninsula (what we in the Midwest refer to more colloquially as “under the bridge”). There are no remarkable landmarks in Grand Rapids, like the Space Needle or the Golden...
Technology moves quickly. Or maybe it just seems like it moves quickly because new movements, approaches, and architectures are popping up left and right. This month, it’s the sudden rise of “serverless” architectures to the fore of everyone’s...
The term hybrid, in technology, has come to mean composing some thing from two or more seemingly disparate things. Hybrid cloud, for example, brings together SaaS, IaaS, and on-premise as the basis for a new, diversified corporate computing...
When we think of virtual desktop infrastructure (VDI) it usually conjures up images (ha! see what I did there?) of an infrastructure designed to support manageable desktop delivery to vast legions of non-technical users. Because fixing some craz...
App services, those often misunderstood layer 4-7 (TCP up to HTTP) services that provide for the scale, security, and performance of applications when delivered over networks (which means, basically, all of them today) are an integral part of the...
Cyberattacks are a fact of life for IT teams, but no one wants to deal with the aftermath of a hacker breach. F5, a leader in application security, has teamed with Comtrade Software to provide users with an additional level of clarity into hacke...
The study of philosophy, at least in the past, has involved asking questions that seem, on the surface, to be, well, irrelevant. After all, is it really all that important to know “whether a ship that had been restored by replacing every single...
There’s a kind of repetitive cycle to everything (or so it seems in hindsight) in which changes in app architectures and usage spur the need for new technologies in the network. Technologies designed to address those challenges that impede the...
One of the biggest challenges organizations face today is how to “modernize” their traditional data center to meet increasing demands from the business and users alike.
"The most significant data breaches in the last 15 years were a result of application vulnerabilities."
Most folks have heard or seen Maslow’s Hierarchy of Needs. If you aren’t familiar with the concept (or need a refresher), here’s the TL;DR – Maslow believed that people are motivated to achieve certain needs. He defined a five level hierarchy...
Anyone who has studied philosophy and in particular, logic, knows that there are wide range of logical fallacies that ultimately undermine one’s argument. Most people are probably familiar with the ad hominem fallacy, which attempts to repudiate...
Back in the day (I’m talking 2003 here, so way back in technology years) a lot of hopes and dreams for a more seamless identity management experience were high. That was when Security Assertion Markup Language (SAML) was first coming into vogue...
It’s no secret to those who engage in actual fishing (for real, live fish) that timing matters. Certain types of fish are more active and thus likely to be caught in the morning, others in the evening, and still others in the early afternoon. It...
Once you realize that load balancing with modern, programmable proxies is more than just scale or availability, you start recognizing its potential as part of the application architecture itself.
OpenStack is making its way into production. In OpenStack’s sixth user survey, it found that 60% of deployments were there, in production. That’s compared to only 32% a mere two years earlier. That’s in part thanks to the steady growth of...
As is the case with every technology that comes to dominate data center conversations, DevOps is currently suffering from definition fatigue. Actually at this point I think it’s exhaustion, but the line between the two is difficult to determine....
How Standardization Enables a Customizable Per-App (Microservices) Approach to App Security
The global SDN market will be worth $12.5 billion by 2020...
Having watched the ebb and flow of technology trends over the past, well, many years, I’ve come to the conclusion that that the very first thing that drives adoption of new technology is all about costs. When cloud was first introduced, surv...
With the end of the year came the traditional spate of predictions and forecasts from trade publications, pundits, and analysts alike. Among these were the number-laden forecasts for IT budgets in 2016. None of which were particularly impressive...
It’s a digital world. That’s pretty obvious. But it’s also a rich and robust digital world that offers us a vast array of information consumable in a variety of formats. Some prefer the written word, consuming information in traditional white...
The need for scalability isn’t even a question these days. The answer is always yes, you need it. Business growth depends on operational growth of the applications that are, after all, part and parcel of today’s business models – no matter what...
The mere mention of security as an inhibitor to cloud adoption can often cause the experts to roll their eyes and sigh dramatically. And while it’s true that security where cloud is concerned has come a long way, it’s still true that as far a...
As early as 2009, when cloud was just beginning to rise ascendant as the technology most likely to disrupt, well, everything, many of us began looking at the problem of consistency at the infrastructure level. Under the moniker of “infrastructure...
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...
It’s only sort of true that people are the weakest link in the information security chain. The truly weakest link is the browser. That’s because the browser is one of those apps that no one really pays much attention too, likely because in most...
Scalability is a critical capability for both business and applications. On the business side, scaling operations is key to enabling the new app economy...
It is natural to assume that when we see a padlock icon in our browsers that the site is using SSL to secure our communications. It’s also apparently a signal to consumers that the site is, in fact, secure. So much so that according to the CA...
Smart leggings. A portable Gluten sensor. Wireless speaker in a light bulb. The number of “things” invading the market today is incredible, and every day brings something new and perhaps unexpected. The sheer volume...
I’m often asked after speaking at conferences just what dog F5 has in the race. Of late, that topic is usually DevOps or related to DevOps in some way. The reality is that application-affine services like load balancing are being pulled toward...
A wide variety of HTTP-based attacks can (and should) be prevented in your application. The OWASP Top 10 is a prime example of attack techniques that are both detectable and preventable from within any application. A plethora of tools including...
The network is forking. Bifurcating. Dispersing. You’re welcome to use whatever term you’d like to use to describe the phenomenon of network services relocating from the quiet suburb that is the corporate network to hectic and noisy urban quarters...
The world of the application developer and the network architect could not be more different except, perhaps, in the way in which they each view the other’s domain. A typical network perspective of an application deployment often looks like...
As virtualization began to take hold there were a variety of metrics proposed for measuring success. Consolidation ratios, admins to virtual machine ratios, time to provision, and percentage of servers virtualized were among the most commonly used...
When I say “app services” or, to use the more common networking-oriented moniker, “L4-7 services”, what do you think of? Wait, let me guess. You thought of: load balancing caching WAN optimization Am I (at least mostly) right? Those are the...
It’s an application world. That’s beginning to sound trite and cliché, but it’s still true. When it comes to security, that means our focus should start with the application and work our way out towards the user. But that’s not how we build...
Keep the hot side hot and the cold side cold. You may recall (if you’re old enough and no, don’t worry, I won’t ask you to raise your hand) a campaign years ago by McDonald’s promoting packaging of some of its products that kept the “hot side hot...
There are many more attributes that can be gleaned from a seemingly simple application request than may at first meet the eye. There is, of course, IP address. From which can be determined one’s location. That’s geolocation and it’s fairly...
We are living in, as the Chinese proverb-curse says, interesting times. A growing awareness of confidentiality and integrity has led to a groundswell of efforts to, in effect, encrypt “all the things.” Whether it’s web sites and applications (SSL...
When someone says “mobile app” it’s likely they think of consumer-facing apps. Social apps. Sharing apps. Games. Banking. Maps. Apps are engagement. Apps are revenue. Apps are profit. But that’s only half the story. The other half is only visible...
Jim Metzler recently penned an excellent conversation-starting article asking, "Does NFV have a place in the enterprise?" He notes, among other arguments, "I don’t know of any enterprise that currently has, or that ever will,...
James Ward, who writes code (his description), recently wrote up a great piece in which he compared application deployment today versus ten years ago. One of the better kept secrets in the IT industry at large is that changes in application...
Load balancing. It’s commonly accepted that we need it, rely on it, and use it every day to scale up (and hopefully down) applications. It’s become critical infrastructure responsible for not only scaling to meet demand but ensuring the continued...
Malware. It’s come to be a significant factor in attacks against both corporate and consumer assets. It continues to result in millions of dollars in fraud while simultaneously chipping away at consumer trust in financial and banki...
It’s an application world. One of the consequences, intended or not, is a change in how we measure success. Today’s measurements are in downloads and installs instead of foot traffic; in microseconds and uptime percentages instead of cost per...
Data center models are changing. A variety of technical trends and business demands are forcing that change, most of them centered on the explosive growth of applications. That means, in turn, that the requirements for application delivery are...
At DevOps Summit NY there’s been a whole lot of talk about not just DevOps, but containers, IoT, and microservices. Sessions focused not just on the cultural shift needed to grow at scale with a DevOps approach, but also made sure to include the...
Enterprise applications like Microsoft SharePoint and Exchange, along with VDI, continue to serve as the backbone of your business. Productivity, while not as sexy as profit, is a key factor in the success of business operations today. Failure to...
Okay, kids. It's time we had "that talk". You know the one, the one you've been whispering about with your friends but heretofore were afraid to actually ask about because of course everyone else knows about it and you didn't...
Conferences agendas. Event navigation. Specific tasks, like buying a house or getting a car loan. If you've installed an app for any of these things you've installed what's known as a "disposable mobile app" or DMA. App...
The goal of F5 Synthesis is to deliver the app services that deliver the apps business relies on today for productivity and for profit. That means not just delivering SDAS (Software Defined Application Services) themselves, but delivering them ...
No, this isn't a tirade on the security of IoT. It's about story about change. Specifically, change and its implications on security. Change is constant. There's a million different axioms and proverbs about change, so it's...