F5 Application Connector: Connecting and Controlling Cloud Apps

Lori MacVittie Miniature
Lori MacVittie
Published May 17, 2017

Applications are moving to public clouds. Maybe not as fast as the market predicted (hoped?) in its early years, but they are moving nonetheless. Our own State of Application Delivery surveys tell us that 1 in 5 respondents planned to have over 50% of their application portfolio in “the cloud.” And while we’re still seeing a lot of “the cloud” is private and on-premises, there is ample proof that public cloud is growing. Some of the challenges cited  by respondents still revolve around security, specifically the ability to provide the same level of security off-premises in the cloud as they do now on-premises, in the data center.

percentage apps in cloud

The thing is that those services organizations use now to secure, scale, and speed up applications aren’t going away. In fact, 39% of respondents in our survey declared they would not deploy an application without security services like web application and network firewalls, DDoS attack protection, IPS/IDS, and anti-bad-things-that-infect-our-networks.

The challenge is that some of these services are not available in the public cloud, and some that are available turn out to be shallow imitations of the more robust and capable enterprise-deployed services in use today. Purely public cloud models aren’t designed to allow the kind of control over network and application services required, after all, which makes parity difficult for providers to achieve.

Yet customers want to take advantage of public cloud, especially for new and disposable applications.

Cloud interconnects – or colo cloud if you prefer – were designed with just this scenario in mind. At the cloud edge, at the interconnect provider, lies control over common services, while apps can happily live, scale, and succeed inside the public cloud.  The cloud interconnect (colo cloud) is a way to equally and equitably service SaaS and applications running in a public cloud with the same services common to the enterprise data center. This is particularly useful for the web applications typically deployed in a public cloud in terms of providing secure access via HTTPS. Whether SSL or TLS, keys and certificates must be issued, managed, and stored somewhere, and many enterprises prefer it be a single, certified location to reduce the risks of a distributing such sensitive data across multiple locations.

f5 app connector diagram

This seems like the ideal “hybrid” data center cloudy architecture we’ve been looking for to solve the public-cloud-with-control conundrum. But of course if it were, I wouldn’t need to write a blog post, would I? The problem becomes how to “connect” the applications inside the public cloud with the common services they need back at the cloud edge in the cloud interconnect.

Say Hello to F5 Application Connector

The F5 Application Connector is a lightweight proxy instance you deploy in the public cloud. It discovers your apps, and via a secure connection back to an F5 BIG-IP deployed in your preferred cloud interconnect provider that enables app services insertion and management. That means you can provide the same security, performance, and availability services you offer on-premises, in the data center, at the cloud edge in the interconnect while taking advantage of public cloud compute to deploy and scale web applications. Migrations between public cloud providers – or even high-availability architectures employing more than one provider – are dramatically simplified because you don’t have to migrate services and apps. The apps and an F5 Application Connector is all you need to freely move between providers without compromising or changing any of the app services you need to make sure apps are secure, fast, and available.

Because the F5 Application Connector is a proxy-based solution, no public IP addresses are needed in the public cloud environment, an organization’s risk is reduced by reducing potential points of entry without impeding the ease of access often touted as one of the primary benefits of public cloud computing.

It further optimizes budgets by focusing generalized public cloud compute on general purpose application logic and taking advantage of purpose-built compute within BIG-IP at the cloud edge to perform the more complex and compute intense cryptographic processing associated with encrypted traffic. Inspection and termination can occur at the edge safely, allowing apps to focus on processing valuable business transactions.

F5 Application Connector provides organizations with the confidence to lift-and-shift or go native in public cloud environments by enabling a solution capable of addressing challenges with security, scale, and performance typically addressed by app services.

You can get more information here.