CHALLENGE
The application landscape is exploding with application workloads growing from the hundreds of millions to the billions in the coming years. Many new apps are being built and released through automated processes that promise to both speed up time to value and make updates and improvements faster and safer.
However, these apps still need a range of application services, such as load balancing, web application firewalling, and bot detection and mitigation. Network operations (NetOps) and security operations (SecOps) teams have the technology and experience to enhance application security and user experience, but these services need to be injected as part of the automated deployment process. And that’s not currently the case for many organizations, even those operating under a DevOps methodology.
How do you ensure that every app you develop and deploy is supported with the appropriate application delivery and security services?
RELATED CONTENT
SOLUTION
NetOps and SecOps teams must pivot away from manually implementing application delivery and security services and build interfaces and automation into their service infrastructure.
At a practical level, these operations teams can expose their valuable services through a series of tools and utilities that plug an Application Delivery Controller like the BIG-IP platform into the automation frameworks or platforms DevOps teams are using.
The F5 Automation Toolchain product family comprises the fundamental automation and orchestration building blocks that make it easy to integrate BIG-IP application services into common automation patterns such as CI/CD toolchains.
RELATED CONTENT
DEPLOY NEW APP SERVICES
Depending on your deployment scenario, you might only need some of the components of the Automation Toolchain. For example, customers with existing, multitenant BIG-IP platforms might need to create new application service and monitoring configurations—so they should focus on the Application Services 3 Extension and the Telemetry Streaming Extension.
Application Services 3 Extension >
The Application Services 3 (AS3) Extension provides a simple and consistent way to automate layer 4–7 application services deployment on the BIG-IP platform via a declarative REST API. AS3 uses a well-defined object model represented as a JSON document. The declarative interface makes managing F5 application services deployments as code both simple and reliable.
The AS3 Extension ingests and analyzes the declarations and makes the appropriate iControl API calls to create the desired end state on the target BIG-IP instance. The extension can run either on the BIG-IP instance or via AS3 container, a separate container/VM that runs the AS3 Extension, and then makes external API calls to the BIG-IP instance.
Declarative Onboarding Extension >
The Declarative Onboarding Extension makes it easy to take an F5 BIG-IP platform from post-initial boot to a system ready to deploy security and traffic management for applications. The simple interface enables you to configure system settings such as licensing and provisioning, network settings such as VLANs and self IPs, and clustering settings if you are using more than one BIG-IP system.
The Declarative Onboarding Extension uses a JSON schema consistent with the AS3 schema and has a similar architecture. The extension is supplied as a TMOS-independent RPM that is installed on a newly booted BIG-IP as the first step in the onboarding phase. Once the onboarding process has completed, you can deploy application services using whatever automated (or manual) process you select..
COMPONENTS
If your deployment scenario requires new BIG-IP instances to be spun up on demand, you can use F5-provided cloud templates and the Declarative Onboarding Extension to launch and configure the BIG-IP platform.
Cloud templates >
Cloud templates use the deployment automation functions of public and private clouds to provision and boot BIG-IP virtual appliances. F5 currently offers supported templates for the following clouds:
Public clouds
- AWS – Cloud Formation Templates
- Azure – Azure Resource Manager Templates
- Google – Google Deployment Manager Templates
Private clouds
- VMware - vCenter Templates
- OpenStack – Heat Orchestration Templates
F5 is actively expanding its cloud templates to cover a wider range of deployment scenarios. If you have suggestions or requests, please submit issues or (even better) pull requests via the relevant github repository.
Telemetry Streaming Extension >
The Telemetry Streaming Extension provides a declarative interface to configure the streaming of application, security, and network telemetry statistics and events generated by the BIG-IP platform to third-party consumers such as:
- Splunk
- Azure Log Analytics
- AWS CloudWatch
- AWS S3
- Graphite
As with the other members of the Automation Toolchain family, configuration is managed through a declarative interface using a simple, consistent JSON schema.
CONCLUSION
Deploying applications without adequate security or application delivery services introduces risk, while maintaining existing working practices comes with incompatible latency and operational cost.
Applications should be built, tested, and deployed with the right application services in place. Ops teams can and should expose these services via interfaces that make it easy for their application teams to consume them.
The F5 Automation Toolchain offers a suite of tools that plug the powerful BIG-IP platform into a range of automation deployment scenarios.
RESOURCE
Of course, one size never fits all in today’s IT landscape. Fortunately, there are a number of additional automation interfaces possible, including integration into container management platforms and automation tools.
Learn more about your options in Automating F5 Application Services: A Practical Guide.