When NetOps and SecOps teams aren’t involved in application delivery, you end up with applications being deployed without security and traffic management controls. Keep your apps safe by integrating networking and security policies into your CI/CD pipeline.
Because NetOps and SecOps teams traditionally spend the majority of their time and resources on manual, command-line tasks, they’re unable to participate in the automated application delivery pipeline. The problem is, as the amount of applications within a typical organization quickly increases from hundreds to thousands, networking and security teams are finding it harder and harder to keep up with the dev team and include the proper traffic management and security controls with each release. This increases the risk of exposure and performance issues and can also lead to significant post-release management challenges.
To increase the scale of operations, NetOps and SecOps professionals need to consider the use of automation. This enables more rapid and frequent deployments with the integration of reusable security and networking policies into CI/CD pipelines. Realign your NetOps and SecOps team ideologies from ticket takers focused on manual, one-off tasks to service providers creating reusable services. With this approach, you free developers up to focus on creating value through new application code, instead of spending their time and resources painstakingly adding the proper networking and security protections to each application manually.
F5 enables you to automate multi-cloud application services in order to cut deployment time and reduce opportunities for error, all while empowering your NetOps and SecOps teams to become an integral part of the application development and deployment pipeline.
The application landscape is exploding with application workloads growing from the hundreds of millions to the billions in the coming years. Many new apps are being built and released through automated processes that promise to both speed up time to value and make updates and improvements faster and safer.
However, these apps still need a range of application services, such as load balancing, web application firewalling, and bot detection and mitigation. Network operations (NetOps) and security operations (SecOps) teams have the technology and experience to enhance application security and user experience, but these services need to be injected as part of the automated deployment process. And that’s not currently the case for many organizations, even those operating under a DevOps methodology.
How do you ensure that every app you develop and deploy is supported with the appropriate application delivery and security services?
NetOps and SecOps teams must pivot away from manually implementing application delivery and security services and build interfaces and automation into their service infrastructure.
At a practical level, these operations teams can expose their valuable services through a series of tools and utilities that plug an Application Delivery Controller like the BIG-IP platform into the automation frameworks or platforms DevOps teams are using.
The F5 Automation Toolchain product family comprises the fundamental automation and orchestration building blocks that make it easy to integrate BIG-IP application services into common automation patterns such as CI/CD toolchains.
Depending on your deployment scenario, you might only need some of the components of the Automation Toolchain. For example, customers with existing, multitenant BIG-IP platforms might need to create new application service and monitoring configurations—so they should focus on the Application Services 3 Extension and the Telemetry Streaming Extension.
The Application Services 3 (AS3) Extension provides a simple and consistent way to automate layer 4–7 application services deployment on the BIG-IP platform via a declarative REST API. AS3 uses a well-defined object model represented as a JSON document. The declarative interface makes managing F5 application services deployments as code both simple and reliable.
The AS3 Extension ingests and analyzes the declarations and makes the appropriate iControl API calls to create the desired end state on the target BIG-IP instance. The extension can run either on the BIG-IP instance or via AS3 container, a separate container/VM that runs the AS3 Extension, and then makes external API calls to the BIG-IP instance.
The Declarative Onboarding Extension makes it easy to take an F5 BIG-IP platform from post-initial boot to a system ready to deploy security and traffic management for applications. The simple interface enables you to configure system settings such as licensing and provisioning, network settings such as VLANs and self IPs, and clustering settings if you are using more than one BIG-IP system.
The Declarative Onboarding Extension uses a JSON schema consistent with the AS3 schema and has a similar architecture. The extension is supplied as a TMOS-independent RPM that is installed on a newly booted BIG-IP as the first step in the onboarding phase. Once the onboarding process has completed, you can deploy application services using whatever automated (or manual) process you select..
If your deployment scenario requires new BIG-IP instances to be spun up on demand, you can use F5-provided cloud templates and the Declarative Onboarding Extension to launch and configure the BIG-IP platform.
Cloud templates use the deployment automation functions of public and private clouds to provision and boot BIG-IP virtual appliances. F5 currently offers supported templates for the following clouds:
F5 is actively expanding its cloud templates to cover a wider range of deployment scenarios. If you have suggestions or requests, please submit issues or (even better) pull requests via the relevant github repository.
The Telemetry Streaming Extension provides a declarative interface to configure the streaming of application, security, and network telemetry statistics and events generated by the BIG-IP platform to third-party consumers such as:
As with the other members of the Automation Toolchain family, configuration is managed through a declarative interface using a simple, consistent JSON schema.
Deploying applications without adequate security or application delivery services introduces risk, while maintaining existing working practices comes with incompatible latency and operational cost.
Applications should be built, tested, and deployed with the right application services in place. Ops teams can and should expose these services via interfaces that make it easy for their application teams to consume them.
The F5 Automation Toolchain offers a suite of tools that plug the powerful BIG-IP platform into a range of automation deployment scenarios.
Of course, one size never fits all in today’s IT landscape. Fortunately, there are a number of additional automation interfaces possible, including integration into container management platforms and automation tools.
Learn more about your options in Automating F5 Application Services: A Practical Guide.