F5 Global Services Gains Cloud Security Even a Dev Team Could Love

F5 Global Services provides F5 customers, partners, and employee teams around the world  with deployment support, training, certification, and other resources. One of those resources is PartnerNet, a platform that F5 channel partners use for compliance reporting and to track metrics such as engineer certifications and sales performance against rebate programs. This platform and the suite of apps and tools that power it are being moved incrementally from on-premises hosting to an Azure cloud as part of a broader modernization effort whose goals include increased efficiency, simplified management, and improved performance. 

The question was how to also ensure the security and performance previously provided by on-premises stacks comprised of BIG-IP Application Security Manager (ASM) and other modules of the BIG-IP product family. 

“Obviously we needed a web application firewall (WAF) and a DDoS solution,” says Jason Sustarich, a senior principal software engineer for F5 who leads the development team that recently completed initial pieces of the migration. 

Improved visibility and manageability were additional goals. The existing on-premises security and performance solutions were managed by another team, so telemetry was hard for Sustarich’s team to access.

“As a dev team, we previously had no visibility whatsoever into WAF hits or why the WAF was returning an error,” says Sustarich. “That made it difficult to resolve oddities as part of our PartnerNet maintenance. We wanted to move that architecture to where we could see what was going on and manage it.”

The move to the cloud thus presented an opportunity. In effect, Sustarich began asking, “Can I get what I’m looking for and can I do it in an automated fashion with all the security controls I need to adhere to?”

His team considered the Azure native WAF and DDoS protection but found them “extremely expensive.” Another app security option was too complicated to set up. “I code, and even I thought it was complicated!” Sustarich says.

By mid-2021, with the long-planned migration approaching, Sustarich began exploring F5 Distributed Cloud Services, which had yet to publicly launch in the Azure Marketplace. (It was added to the Azure Marketplace in early 2022.)

Distributed Cloud Services are SaaS-based security, networking, and application management and delivery solutions that can be deployed across multi-cloud, on-premises, and edge locations. Sustarich liked what he learned about how easy it was to set up a tenant and how intuitively his team could work with Distributed Cloud products, from invoking automation to finding API information to integrate into critical dev workflows.

After architectural design and proof of concept work in early 2022 and a subsequent threat model assessment, PartnerNet went live in Azure with Distributed Cloud WAF, Distributed Cloud DDoS Mitigation, and Distributed Cloud DNS in the fall of 2022. All PartnerNet traffic was routed to the Distributed Cloud Platform, which forwarded sanitized traffic to the Azure public endpoints for the site. 

The Global Services team was so pleased with the results that it subsequently added Distributed Cloud Content Delivery Network (CDN) functionality after that product was released in September 2022. The CDN enables Global Services to address latency issues that it couldn’t before—for instance, by easily moving assets such as third-party libraries into other regions. Meanwhile, secure migration of additional components continues at an accelerated pace.

Global Services’ cloud strategy is already paying off in cost, agility, and user experience benefits, while Distributed Cloud Services save time and improve dev team efficiency with features such as the ability to quickly add and remove secure dev instances. 

“The programmability and simplicity of it—that’s what I really like,” says Sustarich. “The goal is to maximize the efficiency of the software engineers, and it’s really good for that.”

For instance, each engineer can now create their own dev environment to work on spot fixes or tasks. “You hit the button, go grab a coffee and come back, and it’ll all be done for you,” Sustarich says. “No months or weeks of configuration. That’s a big bonus.”

Global Services’ cloud strategy is already paying off in cost, agility, and user experience benefits, while Distributed Cloud Services save time and improve dev team efficiency with features such as the ability to quickly add and remove secure dev instances. 

“The programmability and simplicity of it—that’s what I really like,” says Sustarich. “The goal is to maximize the efficiency of the software engineers, and it’s really good for that.”

For instance, each engineer can now create their own dev environment to work on spot fixes or tasks. “You hit the button, go grab a coffee and come back, and it’ll all be done for you,” Sustarich says. “No months or weeks of configuration. That’s a big bonus.”

Sustarich also appreciates the observability delivered by Distributed Cloud Services. For instance, the dev team now can review WAF blocking actions with contextual information, which helped the team quickly solve a recurring  error. “The error was getting through on our old platform and probably shouldn’t have. It was definitely wrong,” says Sustarich. “Now we’ve corrected it, which is good, and the full visibility made that much faster.”

Distributed Cloud Services also reduced PartnerNet’s overall cloud resource consumption. He says, “I can see right on the dashboard how much bandwidth is being saved, so we know we’re saving money.” 

Distributed Cloud Services may be changing attitudes among the dev team. “Developers don’t like security,” Sustarich says with a laugh. “It’s time consuming. We have a small team, only four engineers, and we’re responsible for a lot, so we need to automate as much as possible. Distributed Cloud Services allow us to automate.”

By doing so, the solution promotes more secure agility. He says, “We hit a strategy of being agile and fast to respond and change.”

That pleases the dev team and the CISO alike. Senior Vice President and CISO Gail Coury says, “With the pressures on DevOps today, many people underestimate how technical risk translates to business impact. Distributed Cloud Services ensure our company, customers, and partners stay protected as we increase our business and IT velocity.”

Sustarich adds with a smile, “If my CISO is happy, I’m generally going to be happy, too.”

See all customer stories