CHALLENGE

CHALLENGE

The continuous integration and continuous delivery (CI/CD) practices of modern software development promise to bring new software or new features to market faster. Alongside the evolution of highly virtualized, automatable cloud and container platforms, this innovation in delivery methods has contributed to the rapid increase in the number and functionality of applications in a typical enterprise.

No matter how or where applications are deployed, however, they need support from application services like traffic management, content routing, bot defense, and API security. Most well-functioning CI/CD pipelines handle the integration and deployment of application code with minimal human intervention. However, many organizations still manage application services and policies—often manual configurations of network and security policy—through a slow, ticket-driven process.

This can lead to decisions to bypass corporate security policy, network operations and other controls in favor of releasing code quickly. How can you ensure that critical applications get the services they require—without slowing down release cycles?

RELATED CONTENT
Download the solution guide to get all the details
Get the guide
SOLUTION

SOLUTION

The only viable solution is to insert the configuration and deployment of app services into the same toolchain that is being used to deploy the rest of the software stack. Integrating code and artifacts to insert application services into the workflows that build, test and then deploy applications has two key advantages.

  • Application code is tested with production-version application services in place. If there are interoperability issues between a security policy and a new software feature, they can be detected during the testing process and the software build can be aborted.
  • Applications deployed to production get security and application delivery services they need—at the time they need them. Instead of being additional components that are manually added.
     

Infrastructure as code and declarative onboarding for BIG-IP

HOW IT WORKS

HOW IT WORKS

A typical deployment workflow contains a number of services.

Source code manager (SCM) >

This is where application code, infrastructure code, and other text-based artifacts needed to build and deploy an application are kept. The SCM is generally the “source of truth,” because in an ideal world, changes to the application or infrastructure it runs on can only be made by altering the source and running the workflow. 

Orchestrator >

An orchestration tool creates software build, test, and integration pipelines—plus jobs to create the test infrastructure and configurations. Application services need to be created by the orchestrator, sometimes directly integrating into application services platforms and sometimes via secondary automation tools. 

Automation tools >

When infrastructure components such as server instances, networking components, and application services need to be created or altered by an orchestrator, an automation tool of some sort is often used. This might be a locally installed and managed service such as Ansible, or it could be a cloud service, like Amazon Web Services CloudFormation.

Element managers >

These represent the automation interface to the infrastructure that actually supplies the services. While not present in every architecture, element managers can manage licensing, telemetry, reporting, and platform software versions—plus act as an additional layer of authentication and authorization for service creation.

Service platform >

Generically, a service platform is made up of the components providing the service, like a container, or an application proxy. This is the ‘final destination” of application or infrastructure code, a running service on a compute instance, a load balancing process, or an application-layer firewall configuration.

COMPONENTS

COMPONENTS

To integrate application services deployments into CI/CD workflows, organizations can leverage a few F5 components.

BIG-IP Platform >

BIG-IP platform

BIG-IP is the industry-leading application delivery and security services platform. With scale from a few megabits to over a terabit per second throughput, an immense range of functionality, and availability in a wide range of compute environments (from ruggedized hardware for telco POPs to public cloud virtual versions), the BIG-IP platform can deliver the services applications need—in all the locations they need them. 

F5 Automation Toolchain >

F5 Automation Toolchain

The F5 Automation Toolchain product family comprises the fundamental automation and orchestration building blocks that enable you to integrate F5 BIG-IP platforms into common automation patterns such as CI/CD toolchains.

The F5 Automation Toolchain contains the following key components:

  • Declarative Onboarding Extension (DO)—Configure BIG-IP platform settings like networking, DNS, and high availability.
  • Application Services 3 Extension (AS3)—Configure application services like load balancing, content routing, and bot detection.
  • Telemetry Streaming Extension (TS)—Configure automated application traffic telemetry streaming to analytics systems like Kafka, Splunk, or Graphite.

These tools offer declarative interfaces for configuring F5 BIG-IP application services platforms, which deliver the security, optimization, and scaling services your applications need, and can be integrated with automation and orchestration tools.
 

Network Infrastructure as Code >

According to Nathan Pearce, tech vlogger, most Infrastructure as Code implementations are oriented around ‘server’ infrastructure. In this video, Nathan takes a look at bringing Infrastructure as Code practices to managing F5’s BIG-IP App Services appliances.

CONCLUSION

CONCLUSION

The practices of continuous integration, continuous delivery, and continuous deployment offer the promise of safer, faster, and more efficient software development. Critical to realizing this promise is the integration of application delivery and security services into the development and deployment workflows.

F5 offers the platform, the integration, and the training to insert industry-leading application protection and optimization services into workflows so that software can be built, tested, and deployed with the services it needs to be secure, fast, and available.