Bring NetOps and SecOps into the App Delivery Process

When NetOps and SecOps teams aren’t involved in application delivery, you end up with applications being deployed without security and traffic management controls. Keep your apps safe by integrating networking and security policies into your CI/CD pipeline.


THE CHALLENGE? DISCONNECTED TEAMS

Because NetOps and SecOps teams traditionally spend the majority of their time and resources on manual, command-line tasks, they’re unable to participate in the automated application delivery pipeline. The problem is, as the amount of applications within a typical organization quickly increases from hundreds to thousands, networking and security teams are finding it harder and harder to keep up with the dev team and include the proper traffic management and security controls with each release. This increases the risk of exposure and performance issues and can also lead to significant post-release management challenges.
 

THE SOLUTION? EMBRACING NETWORK AND SECURITY AUTOMATION

To increase the scale of operations, NetOps and SecOps professionals need to consider the use of automation. This enables more rapid and frequent deployments with the integration of reusable security and networking policies into CI/CD pipelines. Realign your NetOps and SecOps team ideologies from ticket takers focused on manual, one-off tasks to service providers creating reusable services. With this approach, you free developers up to focus on creating value through new application code, instead of spending their time and resources painstakingly adding the proper networking and security protections to each application manually.

 

WEBINAR

Automate and orchestrate Your App Services with F5


HOW F5 CAN HELP

F5 enables you to automate multi-cloud application services in order to cut deployment time and reduce opportunities for error, all while empowering your NetOps and SecOps teams to become an integral part of the application development and deployment pipeline.
 


 

Solution guide

CHALLENGE

The application landscape is exploding with application workloads growing from the hundreds of millions to the billions in the coming years. Many new apps are being built and released through automated processes that promise to both speed up time to value and make updates and improvements faster and safer.

However, these apps still need a rage of application services, such as load balancing, web application firewalling, and bot detection and mitigation. Network operations (NetOps) and security operations (SecOps) teams have the technology and experience to enhance application security and user experience, but these services need to be injected as part of the automated deployment process. And that’s not currently the case for many organizations, even those operating under a DevOps methodology.

How do you ensure that every app you develop and deploy is supported with the appropriate application delivery and security services? 

RELATED CONTENT
Download the solution guide to get all the details
Get the guide

SOLUTION

NetOps and SecOps teams must pivot away from manually implementing application delivery and security services and build interfaces and automation into their service infrastructure.

At a practical level, these operations teams can expose their valuable services through a series of tools and utilities that plug an Application Delivery Controller like the BIG-IP platform into the automation frameworks or platforms DevOps teams are using.

The F5 Automation Toolchain product family comprises the fundamental automation and orchestration building blocks that make it easy to integrate BIG-IP application services into common automation patterns such as CI/CD toolchains.

RELATED CONTENT
NetOps is almost meeting DevOps in the automation race.
Read the blog

DEPLOY NEW APP SERVICES

Depending on your deployment scenario, you might only need some of the components of the Automation Toolchain. For example, customers with existing, multitenant BIG-IP platforms might need to create new application service and monitoring configurations—so they should focus on the Application Services 3 Extension and the Telemetry Streaming Extension.

Application Services 3 Extension >

The Application Services 3 (AS3) Extension provides a simple and consistent way to automate layer 4–7 application services deployment on the BIG-IP platform via a declarative REST API. AS3 uses a well-defined object model represented as a JSON document. The declarative interface makes managing F5 application services deployments as code both simple and reliable.

The AS3 Extension ingests and analyzes the declarations and makes the appropriate iControl API calls to create the desired end state on the target BIG-IP instance. The extension can run either on the BIG-IP instance or via AS3 container, a separate container/VM that runs the AS3 Extension, and then makes external API calls to the BIG-IP instance. 

Telemetry Streaming Extension >

The Telemetry Streaming Extension provides a declarative interface to configure the streaming of application, security, and network telemetry statistics and events generated by the BIG-IP platform to third-party consumers such as:

  • Splunk
  • Azure Log Analytics
  • AWS CloudWatch
  • AWS S3
  • Graphite

As with the other members of the Automation Toolchain family, configuration is managed through a declarative interface using a simple, consistent JSON schema. 

COMPONENTS

If your deployment scenario requires new BIG-IP instances to be spun up on demand, you can use F5-provided cloud templates and the Declarative Onboarding Extension to launch and configure the BIG-IP platform.

Cloud templates >

Cloud templates use the deployment automation functions of public and private clouds to provision and boot BIG-IP virtual appliances. F5 currently offers supported templates for the following clouds:

Public clouds

Private clouds

F5 is actively expanding its cloud templates to cover a wider range of deployment scenarios. If you have suggestions or requests, please submit issues or (even better) pull requests via the relevant github repository.

Declarative Onboarding Extension >

The Declarative Onboarding Extension makes it easy to take an F5 BIG-IP platform from post-initial boot to a system ready to deploy security and traffic management for applications. The simple interface enables you to configure system settings such as licensing and provisioning, network settings such as VLANs and self IPs, and clustering settings if you are using more than one BIG-IP system.

The Declarative Onboarding Extension uses a JSON schema consistent with the AS3 schema and has a similar architecture. The extension is supplied as a TMOS-independent RPM that is installed on a newly booted BIG-IP as the first step in the onboarding phase. Once the onboarding process has completed, you can deploy application services using whatever automated (or manual) process you select. 

CONCLUSION

Deploying applications without adequate security or application delivery services introduces risk, while maintaining existing working practices comes with incompatible latency and operational cost.

Applications should be built, tested, and deployed with the right application services in place. Ops teams can and should expose these services via interfaces that make it easy for their application teams to consume them.

The F5 Automation Toolchain offers a suite of tools that plug the powerful BIG-IP platform into a range of automation deployment scenarios.

Download the solution guide to get all the details >

RESOURCE

Of course, one size never fits all in today’s IT landscape. Fortunately, there are a number of additional automation interfaces possible, including integration into container management platforms and automation tools.

Learn more about your options in Automating F5 Application Services: A Practical Guide.  

Powerful partner integrations mean more powerful solutions

F5 works with leading technology partners to help make troubleshooting efficient, no matter where your applications live.

GET STARTED

Work smarter

Don’t just automate tasks. Automate your processes and empower application teams to do more.

Start training

Translate your knowledge of manual traffic management and security processes into the CI/CD world.

Deploy faster

Find out how F5 Automation Toolchain makes it easier to deploy F5 devices and application services.