When we talk about connected machines or machine-to-machine communications, we don’t just mean the vast number of physical devices across global enterprise networks. Today, machine also includes code running independently on devices, APIs, containers, serverless architectures, and of course virtual machines (VMs).
Because they are software-defined, these machine types are easily created, changed, and destroyed throughout the day, every day. And that ease of use has made software-defined machines an important part of the app development workflow. Throughout the continuous improvement, continuous development (CI/CD) pipeline, the ease of spinning up new VMs to develop and test applications is often an important part of quickly bringing to market new applications (or new features on existing applications).
For application developers, a speedy CI/CD pipeline can be a real boon; but if they are not created with care and consideration, all those VMs can put a strain on your infrastructure and can introduce security vulnerabilities. And machine security starts with machine identity protection.
There are two essential components to ensuring machine identities and securing machine-to-machine communications:
1) Digital certificates: Digital certificates are how a public key is associated with its owner (i.e., associated with a particular machine, which in this case includes virtual machines, software, and web domains). Certificates always have an expiration date and are far more easily renewed prior to expiration.
2) Cryptographic keys: Private keys enable a user to digitally sign information to prove it came from the owner of that private key. Public keys are used by the recipient to validate digital signatures as having come from a particular private key. The set also work together to ensure that data encrypted with a public key can only be decrypted by the owner of the associated private key.
Maintaining secure communications relies on the flawless implementation and coordination of certificates and keys across your entire network of physical and virtual devices. The best way to prevent certificate-related outages is with proactive management—which is where the Venafi Platform comes in. About a year ago, we began working on F5 and Venafi integration to ensure our joint customers can simply and safely scale HTTPS for their applications, including automating and scaling applications across multi-cloud infrastructure. Now we are pleased to deliver on a new phase of this partnership that extends Venafi’s industry-leading machine identity protection capabilities into a range of F5 products and solutions, including BIG-IQ Centralized Management. With BIG-IQ and Venafi, you can more easily automate and orchestrate keys and certificates to secure machine identities across all your F5 BIG-IPs—physical and virtual.
BIG-IQ Centralized Management simplifies oversight of complex BIG-IP environments by automating discovery, tracking, management, and monitoring of physical and virtual BIG-IP devices (and the services running on them), whether in the cloud, on premises, or co-located at another datacenter. Certificate Management is among the many management tasks consolidated within BIG-IQ, and here we can work with the Venafi Platform to automate the processes of deploying, renewing, or changing SSL/TLS certificates. BIG-IQ can also alert you in time to plan ahead before certificates expire—alleviating headaches before they start.
Additional Resources
- Certificate Management with BIG-IQ and Venafi – DevCentral Lightboard Lesson
- F5/Venafi Solution for Enterprise Key and Certificate Management – DevCentral Article
- Key and Certificate Management with F5 and Venafi – Video Demo
- Automating Protection: Machine Identities, F5 and Venafi – Solution Overview
- BIG-IQ Product Details
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...