BLOG

BIG-IP Cloud Edition: Per-app Security and Scale

Lori MacVittie Miniatur
Lori MacVittie
Published April 25, 2018

There is a new network coming to a data center near you. And by ‘near you’ I mean within walking distance of your desk.

Whether we like it or not, pressure from digital transformation continues to drive development of new apps at a frantic pace. In the race to win at the digital economy, many organizations are facing challenges they feel unprepared to meet. A recent Appian survey found that “20 percent [of respondents] have huge application backlogs of more than 50 new app requests; and 72 percent said they don't have confidence in being able to scale IT to meet the needs of the business.” (Appian, January 2018)

Organizations are increasingly looking to public cloud to address challenges of scale and speed, but also continue to push apps into private cloud and traditional architectures. And some are starting to rely on containers in production environments – including 17% of developers who are hosting serverless platforms on-premises.

The network must change if it’s going to scale to help keep up with the business of applications.

One of the ways the network is changing is the use of automation and orchestration to operationally scale. What begins in app dev with Continuous Delivery is being carried into production with Continuous Deployment. It’s a significant change in the way networks operate, but one that’s necessary to scale operations and match the frenetic pace of digital transformation.   

But it isn’t just automation that’s changing the network, it’s architecture. Pressure from the per-app models of cloud with its individual, on-demand deployment capabilities are rippling into the heart of IT.

Developers and operations have come to expect certain characteristics when it comes to apps and cloud. One of them is that services provisioned for their app, are theirs. It’s a 1:1 relationship; there’s no sharing. Scale and security belong to one app, and that’s final.

That is forcing change up and down the data path in the data center and creating a two-tiered network model that marries a traditional shared network service model with a modern, per-app infrastructure and application service architecture.

A per-app architecture for everything from security to identity to acceleration and scalability must be supported in this new model. The application services business rely on must be self-serviceable and manageable. They should support automation and integration into deployment toolchains. Most of all, they must be application-focused to fit into this brave new world of per-app pipelines. That means fast-booting, lightweight software with APIs ready for deployment in public and private cloud.

Which is why we’re announcing BIG-IP Cloud Edition (CE) today.

Designed to fit a per-app architecture in any cloud – public and private - BIG-IP CE provides Advanced WAF and scalability for a single application. BIG-IP Cloud Edition (CE) comprises a lightweight, software BIG-IP for security and scale and BIG-IQ 6.0 for management and licensing at a price-point that makes sense on a per-app basis.

Software that Scales and Secures One App at a Time

The new architecture we’re moving toward is predicated on the notion that NetOps don’t have to interact with every service in production. That’s because they can’t. There are way more apps than ops in production – and that imbalance is going to continue to grow.

Throwing more NetOps at the problem isn’t a solution. Because we can’t fight Brooks’ Law.

The Law of Diminishing Deployments illustrates the impact of throwing more “ops” at the problem of increasing demand. At some point, it starts to leech value rather than add it.

That’s why enabling a per-app architecture means automated provisioning (self-service) and simplified configuration. If the distinction there is new, take a moment to recognize that they are now two different processes that may be owned by two completely different roles. In fact, that’s what we want. We want provisioning to be step one and configuration to be another step that can be completed by someone on the other side of the wall (or in another IT silo, at least).

BIG-IP CE is designed to satisfy both processes. Self-service provisioning is part and parcel of a cloud – private or not. Whether the button is pushed automatically via an API or by a developer through a portal is irrelevant. In the DevOps preferred CI/CD model, push-button provisioning of BIG-IP is enabled through robust integration with all their favorite tools like Ansible, Chef, and Puppet. For some folks, BIG-IQ CM will be their primary button interface (through API and GUI). BIG-IP CE supports a variety of options because there are as many different preferences as there are apps being deployed.  

With that many apps – and app services - the issue of management and scale will quickly rear its head. That’s why BIG-IQ CM is such a core component of the BIG-IP CE solution. BIG-IQ CM provides centralized control, visibility, and analytics as well as the ability to auto-scale application services to keep pace with app demand. BIG-IQ CM is critical to ensuring the success of a per-app architecture and retaining the sanity of NetOps managing many more services.

Support for multi-cloud is also a must, as it provides the ability to standardize security policies to ensure protection of apps anywhere they’re deployed. BIG-IP CE includes our Advanced WAF because we believe that there is no such thing as a non-critical app when it comes to security. Every app deserves protection against bots and attacks, and BIG-IP CE is designed to ensure they have it.

Whether in the public or private cloud, the resulting architecture is a dedicated delivery path that results in the ability to support per-app deployment schedules – even if they are on-demand – without impact to the rest of your application portfolio. Troubleshooting time is dramatically reduced simply by the elimination of shared systems. Operations can simultaneously assure stability for existing apps while supporting the greater speed and frequency associated with modern app development methodologies whether in a public cloud or at home in a private cloud.

BIG-IP CE is the application services solution you’ve been looking for to satisfy the needs of DevOps, retain the sanity of NetOps, and ensure the security of all your apps, no matter where they might be deployed. 

Additional resources: