USE CASE

Securing Cloud Connectivity

Overview

Your connection to the cloud can’t be just fast, secure, or available. It has to be all three.

Connecting your enterprise to the cloud—or connecting different cloud environments together—can be a challenge. Your application data must only go where it should. But when the data does go, it needs to be fast, secure, and bandwidth efficient.

F5 can help you build a flexible, optimized, and secure connection between your locations. By linking BIG-IP hardware and software you can create a highly available, accelerated connection that offers incredibly granular traffic controls.

That means you can put the right resources in the right places with confidence. And with an open, automation-ready REST API, you can build strict security controls into your release process.

Considerations

Native cloud endpoints or dedicated devices?

Cloud providers often offer a VPN connection service for IPSec connections. BIG-IP appliances can offer a native device-to-device connection. When choosing to terminate your VPN on a cloud provider’s native service or a BIG-IP virtual appliance, consider support and interoperability. With F5 you get support at both ends of the connection. Also, when you link two or more cloud environments, it’s easier to go with one provider, like F5, than count on cooperation between two competitors.

Internet or private leased lines (for example Amazon Direct Connect)?

It’s typically a budget vs. high availability question. With F5, you don’t have to compromise. We can optimize traffic and still improve performance while saving bandwidth. Ask yourself how much high availability you need. Do you need dual links?

Hardware or software?

The BIG-IP platform is available in both high-capacity hardware editions and cloud-ready software. Choose what best suits your locales and throughput needs. You don’t have to use the same device at both ends of a link.

Application data flow and segmentation.

Rather than blindly optimizing and securing a link, do you need to offer a more granular solution? Do you want policy enforcement at the individual application traffic layer between each cloud or site?

Management and monitoring.

How will you know if your monitoring and management system is working? How will you programmatically add new endpoints? How dynamic is the environment?

Steps

Once you’ve made your design decisions, implementing the F5 system just takes a few steps.

1. Install F5 devices.

Deploy F5 appliances in the environments you need them. You’ll find F5 in most cloud marketplaces and in hardware versions that’ll scale to suit your requirements. Installation is wizard-driven, easy, and fast.

2. Test basic connectivity.

Now, get your network environment configured. You’ll need to configure routing, cloud network configuration, and so on.

Once the devices can communicate with each other and the networks they need to, it’s time to test.

3. Test high availability.

Make sure you can retain access if things go wrong!

4. Create optimized link.

You can use the iApp to create optimized, encrypted links on a per application basis. It’s a templated deployment that will set you up with a best practice connection and allow you to easily redeploy as often as you need to.

5. Test your app.

Speed, security, availability—you should be getting it all.

Result

A securely optimized interconnected compute environment. Data is strictly controlled.

Connect with F5

F5 Labs

The latest in application threat intelligence.

DevCentral

The F5 community for discussion forums and expert articles.

F5 Newsroom

News, F5 blogs, and more.