Increase CI/CD velocity through automation integration

Don’t let DevOps, NetOps, and SecOps teams slow each other down. Instead, automate security and performance policies into your code pipeline to keep everything running smoothly and securely across clouds by default, without the need for manual intervention.


THE CHALLENGE? TRADING SECURITY AND PERFORMANCE FOR DEPLOYMENT SPEED

While deployment cycles continue to speed up using automated CI/CD pipelines, many network and security policies are still attached using manual, ticket-driven processes. That mismatch in cycles can lead app teams to by-pass corporate security and network policies in favor of releasing code quickly.

But security threats haven’t disappeared. The threat surface area is growing as apps are being stretched across multi-cloud environments. And with application downtime being so incredibly detrimental to a brand, high performance at all times is vital. So when threats or performance issues are detected, DevOps teams often lack the tools or expertise they need to respond effectively.

THE SOLUTION? SEAMLESS CI/CD INTEGRATION

Application services that provide advanced security protection and intelligent traffic routing can be automatically provisioned through the same tools and processes driving your CI/CD pipeline. This way, your DevOps teams can leverage the existing development and deployment pipelines, without slowing down innovation or increasing company risk.

 

WEBINAR

Automate DevOps & SecOps deployments with CI/CD Pipeline Integration


HOW F5 CAN HELP

F5 offers the widest range of application services integrations, providing you with unparalleled operational flexibility. F5 integrates with common tools like Ansible, ServiceNow, and GitLab which allows you to match the workflow of the tool you’re using. The result is a consistent set of application services applied automatically no matter where or how your applications get deployed.

 

Solution guide

CHALLENGE

The continuous integration and continuous delivery (CI/CD) practices of modern software development promise to bring new software or new features to market faster. Alongside the evolution of highly virtualized, automatable cloud and container platforms, this innovation in delivery methods has contributed to the rapid increase in the number and functionality of applications in a typical enterprise.

No matter how or where applications are deployed, however, they need support from application services like traffic management, content routing, bot defense, and API security. Most well-functioning CI/CD pipelines handle the integration and deployment of application code with minimal human intervention. However, many organizations still manage application services and policies—often manual configurations of network and security policy—through a slow, ticket-driven process.

This can lead to decisions to bypass corporate security policy, network operations and other controls in favor of releasing code quickly. How can you ensure that critical applications get the services they require—without slowing down release cycles?

RELATED CONTENT
Download the solution guide to get all the details
Get the guide

SOLUTION

The only viable solution is to insert the configuration and deployment of app services into the same toolchain that is being used to deploy the rest of the software stack. Integrating code and artifacts to insert application services into the workflows that build, test and then deploy applications has two key advantages.

  • Application code is tested with production-version application services in place. If there are interoperability issues between a security policy and a new software feature, they can be detected during the testing process and the software build can be aborted.
  • Applications deployed to production get security and application delivery services they need—at the time they need them. Instead of being additional components that are manually added.

Infrastructure as code and declarative onboarding for BIG-IP

HOW IT WORKS

A typical deployment workflow contains a number of services.

Source code manager (SCM) >

Source code manager (SCM)

This is where application code, infrastructure code, and other text-based artifacts needed to build and deploy an application are kept. The SCM is generally the “source of truth,” because in an ideal world, changes to the application or infrastructure it runs on can only be made by altering the source and running the workflow.

Orchestrator >

Orchestrator

An orchestration tool creates software build, test, and integration pipelines—plus jobs to create the test infrastructure and configurations. Application services need to be created by the orchestrator, sometimes directly integrating into application services platforms and sometimes via secondary automation tools.

Automation tools >

Automation tools

When infrastructure components such as server instances, networking components, and application services need to be created or altered by an orchestrator, an automation tool of some sort is often used. This might be a locally installed and managed service such as Ansible, or it could be a cloud service, like Amazon Web Services CloudFormation.

Element managers >

Element managers

These represent the automation interface to the infrastructure that actually supplies the services. While not present in every architecture, element managers can manage licensing, telemetry, reporting, and platform software versions—plus act as an additional layer of authentication and authorization for service creation.

Service platform >

Service platform

Generically, a service platform is made up of the components providing the service, like a container, or an application proxy. This is the ‘final destination” of application or infrastructure code, a running service on a compute instance, a load balancing process, or an application-layer firewall configuration.

COMPONENTS

To integrate application services deployments into CI/CD workflows, organizations can leverage a few F5 components.

BIG-IP Platform >

BIG-IP is the industry-leading application delivery and security services platform. With scale from a few megabits to over a terabit per second throughput, an immense range of functionality, and availability in a wide range of compute environments (from ruggedized hardware for telco POPs to public cloud virtual versions), the BIG-IP platform can deliver the services applications need—in all the locations they need them.

Learn more about the BIG-IP platform >

F5 Automation Toolchain >

The F5 Automation Toolchain product family comprises the fundamental automation and orchestration building blocks that enable you to integrate F5 BIG-IP platforms into common automation patterns such as CI/CD toolchains.

The F5 Automation Toolchain contains the following key components:

  • Declarative Onboarding Extension (DO)—Configure BIG-IP platform settings like networking, DNS, and high availability.
  • Application Services 3 Extension (AS3)—Configure application services like load balancing, content routing, and bot detection.
  • Telemetry Streaming Extension (TS)—Configure automated application traffic telemetry streaming to analytics systems like Kafka, Splunk, or Graphite.

These tools offer declarative interfaces for configuring F5 BIG-IP application services platforms, which deliver the security, optimization, and scaling services your applications need, and can be integrated with automation and orchestration tools.

Learn more about F5 Automation Toolchain >

Network Infrastructure as Code >

Network Infrastructure as Code

According to Nathan Pearce, tech vlogger, most Infrastructure as Code implementations are oriented around ‘server’ infrastructure. In this video, Nathan takes a look at bringing Infrastructure as Code practices to managing F5’s BIG-IP App Services appliances.

CONCLUSION

The practices of continuous integration, continuous delivery, and continuous deployment offer the promise of safer, faster, and more efficient software development. Critical to realizing this promise is the integration of application delivery and security services into the development and deployment workflows.

F5 offers the platform, the integration, and the training to insert industry-leading application protection and optimization services into workflows so that software can be built, tested, and deployed with the services it needs to be secure, fast, and available. 

Download the solution guide to get all the details >

Resources

POWERFUL PARTNER INTEGRATIONS MEAN MORE POWERFUL SOLUTIONS

F5 works with leading technology partners to help make troubleshooting efficient, no matter where your applications live.

GET STARTED

Work Smarter

Get acquainted with F5’s superior network automation and orchestration tools.

Simplify Networking

Consolidate 70 networking tasks down to a single click with F5 and Ansible.

Deploy Apps Faster

F5 Cloud Solution Templates: Fully functioning cloud deployments in minutes.