Application-Centric Management with BIG-IP Cloud Edition
At F5, ADCs have always been about applications. After all, that is what the A in ADC is all about. F5 has done a good job on focusing on application delivery – our customer community, DevCentral, is stuffed with application-specific deployment guides, application-specific iApps, app integration code, and tips and tricks on how to improve the performance and security of applications.
However, ADCs have long been the domain of the network professional whose role was to provide network services such as load balancing and traffic management in support of the app developers. Well, that rigid distinction between the network and the application is yesterday’s news. Organizations, driven by the need to be more agile, are moving from a hierarchical organizational model to something more akin to a “network of teams” approach. This approach is characterized by a high degree of empowerment for developers, strong communications, role-based access to technology, and rapid access to analytics.
But what happens when the decentralization of DevOps meets the Agile development movement? What happens is the need to empower app teams to define and manage their own networking requirements. For F5, this means rethinking how our technology is managed – rethinking the role of network administrators.
While BIG-IQ 5.4 started down the path of Application-Centric Management, it is with BIG-IP Cloud Edition, supported by BIG-IQ 6.0 that really takes on this concept. We do this with four important functions, each new or improved. It is these four functions, along with per-app ADC deployments that Application-Centric Management becomes real. Let’s take a look:
1. Application Templates – In the last release of BIG-IQ (5.4), we added the ability to create application templates as well as a catalog of such templates. BIG-IQ Application Templates are a way of standardizing application policies required to deploy an application in a service catalog. In version 5.4, these templates only covered LTM policies. BIG-IQ 6.0 is able to create templates for most BIG-IP modules. BIG-IQ will also ship with templates for a half-dozen common applications.
The application template is defined by the domain expert (typically the network administrator) and includes the appropriate network and security services. The domain expert creates the template and adds it to a catalog of application templates. In doing so, he or she can copy an existing app or create something new. The domain expert will configure settings and expose a limited set of configuration options to the app owner. In this way, the app team will be able to manage F5’s application services without needing to be experts in security or ADC configuration. This results in quicker application deployment times as the app owner has a simple-to-use UI, or a single API call, to deploy an application. An app owner will select a template that matches their desired deployment, fill out the required fields and then click, “deploy” or schedule it for later deployment. BIG-IQ also supports creating workflows so that changes and deployments are reviewed, and even tested, before moving to production. It's as simple as a single API call or a few clicks in the UI to deploy an application from the service catalog.
2. RBAC – It all starts with fine-grained Role-Based Access Control (RBAC). BIG-IQ has always had a rough notion of RBAC with roles for managing key modules such as Access, LTM, AFM...and roles under that for workflows such as viewing, editing, staging, and deploying policies. With 5.4, we upped our game by adding far more flexibility with role-based control. With this release, you can now customize user access to managed devices based on job responsibilities. This allows you to give specific permissions to view or modify only those BIG-IP objects you explicitly assign to a user.
3. Auto-Scaling – Since the dawn of computing, IT organizations have spent fortunes over-provisioning “just in case.” Apps in public clouds too are at least theoretically capable of adding or removing capacity as business needs change. In reality, this isn’t so simple. BIG-IP Cloud Edition turns this theory into reality with support for auto-scaling. BIG-IQ collects advanced analytics about the health and performance of your applications. When metrics such as response times, latency, throughput, etc. indicate the need, BIG-IQ can spin up additional BIG-IP devices based on predefined device templates. BIG-IQ can even automatically apply licenses as needed. When traffic decreases, BIG-IQ automatically deletes unneeded devices, and returns the license back to the license pool, saving you money by giving you better control over your resources.
A group of BIG-IP devices that work together to provide scalable ADC services for one or more applications is called a Service Scaling Group (SSG). BIG-IQ will use Device Templates to provision newly scaled BIG-IP devices and Application Templates for application-specific configurations. Auto-scaling currently supports VMware ESX and Amazon AWS environments.
4. Role-Specific Dashboards – Let’s say you are an app developer responsible for a marketing app. You will want and need a way to track the performance, health, and configuration of the servers supporting that app, as well as the F5 services associated with the app. Great, BIG-IQ can do that. But let's also say that you should not have access to network and security policies for other applications. BIG-IQ 6.0 can provide dashboards specific to your role and to the apps you are assigned to.
These dashboards are more than just eye candy. They not only provide fast insight into the health and performance of your application, they also allow you to quickly troubleshoot performance issues. What’s more, these analytics can trigger automatically spinning up or spinning down additional virtual BIG-IPs as traffic and performance conditions change.