NetOps 및 SecOps를 앱 딜리버리 프로세스에 통합
NetOps 및 SecOps 팀이 애플리케이션 딜리버리에 관여하지 않으면 보안 및 트래픽 관리 제어 장치 없이 애플리케이션이 배포됩니다. CI/CD 파이프라인에 네트워킹 및 보안 정책을 통합하여 앱을 안전하게 보호하십시오.
문제: 분리되어 있는 팀
NetOps 및 SecOps 팀은 전통적으로 대부분의 시간과 리소스를 수동 명령줄 작업에 할애하기 때문에 자동화된 애플리케이션 딜리버리 파이프라인에 참여할 수 없습니다. 문제는, 일반적인 조직 내 애플리케이션 수가 수백 개에서 수천 개로 빠르게 증가하면서 네트워킹 및 보안 팀이 개발 팀과 속도를 맞추고 각 릴리스마다 적절한 트래픽 관리 및 보안 제어 장치를 포함시키기 점점 더 어려워지고 있다는 것입니다. 이로 인해 노출 및 성능 문제에 대한 위험이 증가하며, 출시 후에도 상당한 관리 문제를 야기할 수 있습니다.
솔루션: 네트워크 및 보안 자동화 도입
운영 규모를 늘리기 위해 NetOps 및 SecOps 전문가들은 자동화 사용을 고려해야 합니다. 자동화를 사용하면 재사용 가능한 보안 및 네트워킹 정책을 CI/CD 파이프라인에 통합하여 보다 빠르게 자주 배포할 수 있습니다. NetOps 및 SecOps 팀의 사고방식을 일회성 수동 작업에 중점을 둔 티켓 테이커에서 재사용 가능한 서비스를 생성하는 서비스 제공업체로 전환하십시오. 이 방식으로, 개발자는 시간과 리소스를 들여 수동으로 각 애플리케이션에 적절한 네트워킹 및 보안 보호 장치를 힘들게 추가하는 대신, 여유를 갖고 새로운 애플리케이션 코드를 통해 가치를 창출하는 데 집중할 수 있습니다.
고객의 관점에서 F5를 선택해야 하는 이유
“수천 개의 당사 애플리케이션에서 F5 자동화 기능을 사용함으로써 고객에게 보다 빠르고 안정적인 고품질의 금융 서비스를 제공할 수 있습니다. 이전에는 최대 6주가 소요되었던 보안 애플리케이션 서비스 배포에 이제 5분 정도 소요됩니다.”
— Aly Ndiaye, 호스팅 및 브라우징 담당 이사, BNP Paribas
회사 소개: “저희는 유럽의 여러 글로벌 은행들의 기준, 고객들이 선호하는 장기적 파트너, 책임감 있고 지속 가능한 글로벌 개발의 기여자가 되고자 합니다. 우리는 이를 달성하기 위해 고유한 입지를 구축하고 있습니다.”
F5의 지원 방법
F5를 사용하면 배포 시간을 단축하고 오류 가능성을 줄이기 위해 멀티클라우드 애플리케이션 서비스를 자동화할 수 있으며, NetOps 및 SecOps 팀은 애플리케이션 개발 및 배포 파이프라인의 필수 부분이 되어 입지가 강화될 수 있습니다.
솔루션 가이드
CHALLENGE
The application landscape is exploding with application workloads growing from the hundreds of millions to the billions in the coming years. Many new apps are being built and released through automated processes that promise to both speed up time to value and make updates and improvements faster and safer.
However, these apps still need a range of application services, such as load balancing, web application firewalling, and bot detection and mitigation. Network operations (NetOps) and security operations (SecOps) teams have the technology and experience to enhance application security and user experience, but these services need to be injected as part of the automated deployment process. And that’s not currently the case for many organizations, even those operating under a DevOps methodology.
How do you ensure that every app you develop and deploy is supported with the appropriate application delivery and security services?
RELATED CONTENT
SOLUTION
NetOps and SecOps teams must pivot away from manually implementing application delivery and security services and build interfaces and automation into their service infrastructure.
At a practical level, these operations teams can expose their valuable services through a series of tools and utilities that plug an Application Delivery Controller like the BIG-IP platform into the automation frameworks or platforms DevOps teams are using.
The F5 Automation Toolchain product family comprises the fundamental automation and orchestration building blocks that make it easy to integrate BIG-IP application services into common automation patterns such as CI/CD toolchains.
RELATED CONTENT
DEPLOY NEW APP SERVICES
Depending on your deployment scenario, you might only need some of the components of the Automation Toolchain. For example, customers with existing, multitenant BIG-IP platforms might need to create new application service and monitoring configurations—so they should focus on the Application Services 3 Extension and the Telemetry Streaming Extension.
The Application Services 3 (AS3) Extension provides a simple and consistent way to automate layer 4–7 application services deployment on the BIG-IP platform via a declarative REST API. AS3 uses a well-defined object model represented as a JSON document. The declarative interface makes managing F5 application services deployments as code both simple and reliable.
The AS3 Extension ingests and analyzes the declarations and makes the appropriate iControl API calls to create the desired end state on the target BIG-IP instance. The extension can run either on the BIG-IP instance or via AS3 container, a separate container/VM that runs the AS3 Extension, and then makes external API calls to the BIG-IP instance.
The Declarative Onboarding Extension makes it easy to take an F5 BIG-IP platform from post-initial boot to a system ready to deploy security and traffic management for applications. The simple interface enables you to configure system settings such as licensing and provisioning, network settings such as VLANs and self IPs, and clustering settings if you are using more than one BIG-IP system.
The Declarative Onboarding Extension uses a JSON schema consistent with the AS3 schema and has a similar architecture. The extension is supplied as a TMOS-independent RPM that is installed on a newly booted BIG-IP as the first step in the onboarding phase. Once the onboarding process has completed, you can deploy application services using whatever automated (or manual) process you select..
COMPONENTS
If your deployment scenario requires new BIG-IP instances to be spun up on demand, you can use F5-provided cloud templates and the Declarative Onboarding Extension to launch and configure the BIG-IP platform.
Cloud templates use the deployment automation functions of public and private clouds to provision and boot BIG-IP virtual appliances. F5 currently offers supported templates for the following clouds:
Public clouds
- AWS – Cloud Formation Templates
- Azure – Azure Resource Manager Templates
- Google – Google Deployment Manager Templates
Private clouds
- VMware - vCenter Templates
- OpenStack – Heat Orchestration Templates
F5 is actively expanding its cloud templates to cover a wider range of deployment scenarios. If you have suggestions or requests, please submit issues or (even better) pull requests via the relevant github repository.
The Telemetry Streaming Extension provides a declarative interface to configure the streaming of application, security, and network telemetry statistics and events generated by the BIG-IP platform to third-party consumers such as:
- Splunk
- Azure Log Analytics
- AWS CloudWatch
- AWS S3
- Graphite
As with the other members of the Automation Toolchain family, configuration is managed through a declarative interface using a simple, consistent JSON schema.
CONCLUSION
Deploying applications without adequate security or application delivery services introduces risk, while maintaining existing working practices comes with incompatible latency and operational cost.
Applications should be built, tested, and deployed with the right application services in place. Ops teams can and should expose these services via interfaces that make it easy for their application teams to consume them.
The F5 Automation Toolchain offers a suite of tools that plug the powerful BIG-IP platform into a range of automation deployment scenarios.
RESOURCE
Of course, one size never fits all in today’s IT landscape. Fortunately, there are a number of additional automation interfaces possible, including integration into container management platforms and automation tools.
Learn more about your options in Automating F5 Application Services: A Practical Guide.
2021 State of Application Strategy Report
Optimizing the customer experience: AI-assisted business activity has tripled.
강력한 파트너와 통합하여 보다 강력한 솔루션 제공
F5는 주요 기술 파트너와 협력하여 애플리케이션 위치에 관계없이 문제를 효율적으로 해결할 수 있도록 지원합니다.
