Automation Makes Vodafone WAF Management Faster, More Agile

Hundreds of millions of global users rely on Vodafone, one of the world’s largest technology communication providers. Seeking to improve the speed, efficiency, and visibility of its WAF management and address the slow pace of application onboarding, Vodafone Digital made swift progress with help from F5 Automation Toolchain for F5 BIG-IP products.

The Challenge

As a global technology communications provider supporting more than 600 million subscribers in more than 20 key markets, Vodafone has multiple sites where it must manage high volumes of traffic and protect sensitive customer information.

Since 2006, the company has deployed F5 solutions across its network and spanning a broad spectrum of use cases, from load balancing to the F5 BIG-IP Advanced Web Application Firewall (WAF) to API security.

A close and adaptive partnership formed between F5 and Vodafone in the subsequent years, so when market conditions started to demand greater application deployment speed, the teams were quick to act.

“The WAF was configured manually, and the onboarding process for a new app took weeks or even months. We had different environments, all of which were configured and managed by different teams. Onboarding an app required speaking to three separate teams,” says Jazz Toor, Senior Security Site Reliability Engineer at Vodafone.

“In addition, we didn’t have much visibility on the WAF itself, which was owned by a team outside Vodafone Digital. We wanted more control of the WAF, and we needed better visibility.”

The Solution

In search of a more seamless approach to managing Advanced WAF, the systems security team contacted its F5 account manager about automation solutions. The next step was to attend an F5 automation workshop tailored to its individual needs, which demonstrated the utility of Automation Toolchain.

In little more than a week following the session, F5 and Vodafone Digital representatives implemented Automation Toolchain’s Declarative Onboarding extension for the initial configuration of BIG-IP instances, the Application Services 3 (AS3) extension for deploying application services, and the Telemetry Streaming extension for monitoring, analytics, and logging.

“F5 provided a lot of the Automation Toolchain, which means we can do everything as code—we can automate and in effect everything is done for you,” Toor explains.

F5 also supported the systems security team as it explored different tools to support its automation journey, including a move to the Red Hat Ansible Automation Platform as its preferred configuration management solution.

Automation for managing Advanced WAF was onboarded across Vodafone’s main consumer website, app, and business portal, and key processes were automated, including certain licenses, certificates in lower environments, and an environment scheduler. Automation Toolchain quickly made a tangible difference for Vodafone Digital, adding speed, efficiency, and visibility to its WAF management.

The Results

Speed of deployment

Compared to the weeks or months that were previously the norm for onboarding new applications, the Vodafone Digital team can now do so on the same day.

“With everything on the WAF now automated and done via code, it’s become a zero-touch environment. This includes automated patching,” Toor says.

“You don’t have to go in and make small changes manually to get things working. There’s no speaking to multiple different teams to get something onboarded. And we’ve gone from weeks and months to just a matter of minutes to onboard a new application.”

Error reduction

When it comes to error reduction, the automation tools improved the accuracy of application deployment as much as its speed. “Now there is better control, visibility, and consistency in our environments, as everything is driven by code and there are no manual differences,” says Toor. “It’s also minimized complexity as, driven by automation, there are fewer errors.”

Visibility and control

After previously struggling for visibility over the WAF, the systems security team now benefits from a regular feed of information within their regular workflow.

“We’ve integrated our automation within Slack, so you don’t need to deep dive on all these different consoles and websites to get the information you need,”  Toor explains. “When we configure F5 products, the deployment logs get sent to Slack to confirm that the deployment has been successful and if there are any aspects that may prompt additional investigation.”

Toor also credits F5 support with allowing Vodafone Digital to quickly embrace automation in its WAF management.

“There were a lot of meetings and demos. Without that, it wouldn’t have been possible to get everything automated and working in this way,” he says. “The F5 documentation is also awesome. Anyone who wants to do something with automation can quite easily understand it and copy it into their environment.”

From a challenging structure with multiple teams, increasingly slow deployments, and limited visibility, Vodafone Digital now has a WAF that can be operated seamlessly by the people who need it. “It’s a singular team managing the infrastructure, looking after the WAF, and maintaining it,” Toor says. “And other than clicking a button to deploy, there are hardly any manual processes involved. It’s a game changer.”