Creation of self-service portal for configuring network functions using the API of iControl
Efficient, real time configuration changes
Increased customer capacity and stronger security
Lengthy lag time required for requested changes to process
No secure or efficient method to house multiple customers
Information and communications technology company, Fujitsu Limited, wanted to eliminate the paperwork and three-day turnaround it took to configure and reflect changes made to a customer’s network. Using F5, Fujitsu built a self-service portal that automated customers’ modification requests and showed new configuration changes in real time.
The rollout of Fujitsu’s cloud offering, Private Hosted A5+, required that ICT resources be bundled in a physical server for each customer. Fujitsu realized that because network configurations were performed in-house, a solution that instantly reflected a customer’s configuration request in real time was necessary, yet any additional workload to Fujitsu IT teams would need to be avoided.
“It took at least three business days from the time we received an application form until completing the requested modifications,” recalled Mr. Takagi, a Fujitsu manager who oversaw Private Hosted A5+’s design.
First, in order to modify any configuration settings, customers had to send an application form outlining their required modifications in an Excel spreadsheet. Secondly, Mr. Takagi pointed out, a dependency between customers was also an issue. “Some network appliances are designed to have only one configuration file. If someone made a mistake during a configuration change, there was a risk the mistake might affect other customers as well.” With this added problem, a more efficient and secure way to house multiple customers was also needed.
Because BIG-IP is capable of having multiple route domains within a single instance, we can assign each tenant to a route domain effectively separating the customers. Configuration for each tenant may also be safely modified without affecting others as the configuration information for each tenant is separately stored.
“We first considered an instance-based separation scheme, but it turned out more customers could be accommodated with the route domain-based separation,” stated Mr. Takagi.
Fujitsu selected BIG-IP to solve these issues, citing four reasons for the decision. The first was multi-tenancy. “Because BIG-IP can accommodate multiple route domains in a single instance, it can be used to separate customers,” said Mr. Takagi, referring to the safety BIG-IP provides; it makes configuration changes separately for each tenant so that the configuration information is stored separately.
The second reason was because of iControl, a versatile API based on SOAP/REST. “Using iControl, it became possible to turn the configuration of network functions into a self-service service,” said Mr. Kenya Uchida, the person who oversaw the development of Fujitsu’s self-service portal. The portal reduced the operational burden on the Fujitsu team and also shortened the time it required to reflect changes made to actual configuration settings.
Thirdly it was the availability of BIG-IP VE (Virtual Edition) which would make it easy for Fujitsu to verify any functional enhancement to the self-service portal in advance.
The fourth reason was because the VXLAN/NVGRE gateway feature would facilitate an overlay-type virtualization of the network.
Thanks to the iControl software development kits for various languages and the sample codes in F5’s DevCentral, development of our self-service portal was smooth. Implementation of rollback was also easy because multiple API issuances can be bundled into a transaction.
iControl helped with the implementation of the rollback function because of its capability of bundling multiple API issuance into a single transaction.
Fujitsu greatly reduced the time required for configuration changes by implementing the self-service configuration of network functions.
“Our security is now even stronger because of the tenant separation based on the route domains”, commented Mr. Yoneoka, the network professional in charge of the network design and service management. “Each tenant now has its routing table, and customers are no longer restricted when using IP addresses.”