Automating Google Workspace (GWS) & more with Apps Script
Virtual Edition ChassisAppliance: Automating & Orchestrating L4-L7 Service Configuration
1.
2. Virtual Edition ChassisAppliance
TMOS
F5 High Performance Application Services Fabric
Helping you meet today's challenges and future proofing for tomorrow’s architectures
iRules
Programmable
iCall iControl
• F5 does provide clustering
• F5 does provide option to synchronize TCP and SSL connections states
• F5 does provide protection for private SSL keys, the system administrator has full control
• F5 offloads also compression and network functions to dedicated accelerators
Application
Connector
Container
Connector
3.
4. COMPUTE NETWORKING STORAGE
CLOUD AUTOMATION,
ORCHESTRATION & MANAGEMENT
Automating & Orchestrating L4-L7 Service Configuration
Automation and Orchestration
systems driving Compute, Networking
and Storage via Controllers
CONTROLLER
Cloud Management & Orchestration Tools
OpenStack, VMWare vRO/vRA, CliQr,
Windows Azure Stack, Puppet, Chef, Ansible
SDN Controllers
Cisco APIC, VMware NSX,
Nuage Networks, Contrail
BIG-IP iSeries
(2) (1)
(1) L4-L7 service configuration via Cloud Mgmt & Orchestration Tools
(2) L4-L7 service configuration via SDN controller
L4-L7 Statefull Services
7. F5 Public Cloud Strategy
Managed Service Providers
Partners
EMEA – APAC – AMERICAS
Public Cloud-F5 Enabled
Partners
Securely Deploy with Low Friction, Any Application, Anywhere,
Consistent Application Services Across All Environments
Enterprise Migration
to Public Cloud.
8.
9. 1NIC Architecture
2NIC Architecture
3NIC Architecture
Clustered 1 or 3 NIC Active/Active
Clustered 3 NIC Active/Standby
Auto Scale WAF
Auto scale LTM
O365 SAML IDP – PAYG/BYOL
WAF – Non ASC(Azure Security Center)
Cloud Solution Templates by Platform – 8/2017
1NIC Architecture
2NIC Architecture
3NIC Architecture
2 Clustered BIG-IP’s (Same AZ)
2 Clustered BIG-IP’s (Across AZ)
Auto Scale WAF (Github & MP)
Auto Scale LTM
1NIC Architecture
10.
11.
12. Locations:
• Azure has regions around the world.
Availability Sets:
• Azure provides the redundancy option for VMs by isolating them
in different fault and update domains.
Virtual Networks (VNETs)
• Logically isolated network. You can create subnets, route tables.
Subnets: Fixed address blocked within a VNET (ex. 10.0.1.0/24 )
User Defined Routes (UDRs): Route table for next hop
Network Security Groups (NSGs): network firewall rules used to
secure resources
Azure Resource Manager Templates: Used to orchestrate
resources and deliver services in Azure
19. Availability Zone 1
BYOL BIG-IP
App subnet
Public subnet
Availability Zone 2
Hourly BIG-IP
Public subnet
Availability Zone 3
Public subnet
Hourly BIG-IP
BIG-IP EC2 Autoscale Group
• Save costs by on-
demand scalability of F5
app services
• Capacity on-demand
• Autoscale BIG-IPs and
Poolmembers
• Integrates with AWS
Autoscale and
CloudWatch
• Leverages Cloud-init
• BYOL and/or Hourly
20. Stateful failover of F5 app services across AZ’s
• Active/Standby VE Cluster
spanning two availability
zones
• EIP transferred via API call to
EC2 during failover
• Solution is supported with
online available iApp and
deployment guide
• Supported Modules: LTM,
ASM, AFM, and Analytics
• BIG-IP v11.5.1 and later
21.
22. Zvolte si business model dle Vašich požadavků
BIG-IP VE: Best in Class Technology
Consumption Options To Fit Your
Business Model
Buy as CAPEX and amortize
over time BYOL
Pay for what you
already use with no commitment (Azure, AWS,
Google Cloud)
Rent as OPEX for period
of time with no sunk cost or long-term
commitment
23.
24. Private Cloud
ADC & Security
Application
Data
Application
Data
ADC & Security AWS Tools
ADC & Security Azure Tools
How about migrating/scaling or adding new apps to a public cloud provider
to get the benefits of public cloud : cost, time to market and scale ?
Application
Data
Public Internet
25. Time to Market
Low initial costs (Pay per use)
Flexible & unlimited capacity growth
• Security: private keys, policy, sensitive data
• Storage: cost, data to/from the cloud
• Cloud lock-in: policy, data transfer cost
• Performance: Higher latency
CONS
Private Cloud
ADC & Security
Application
Data
ADC & Security AWS Tools
ADC & Security Azure Tools
Application
Data
PROS
New Green App to Azure
Application
Data
Migrate/Scale out Orange App to AWS
Public Internet
26. • Security: private keys, policy, sensitive data
• Storage: cost, data to/from the cloud
• Cloud lock-in: policy, data transfer cost
• Performance: Higher latency
CONS
ADC & Security AWS Tools
ADC & Security Azure Tools
Unifying your L4-L7 application services and
policies across your Private and Public Cloud
deployments (BYOL, Utility Billing)
Private Cloud
ADC & Security
Application
Data
Application
Data
Application
Data
Public Internet
PROS
27. Securing and automating app delivery in public cloud
• F5 Solution for Private–Public Cloud inter-connect
• Secure reverse tunnel between Private–Public cloud (SSL keys on BIG-IP in Private Cloud/DC)
• Public cloud resources auto-discovered and managed by BIG-IP in Private Cloud/DC
Application Connector
Private Cloud
ADC & Security
App Connector
App Connector
AC
AC
Private keys
Application
Data
Application
Data
Public Internet
Application
Data Secure Reverse Tunnel
28. • Security: private keys, sensitive data
• Storage: cost, data to/from the cloud
• Cloud lock-in: data transfer cost
• Performance: Higher latency
CONS
Private keys stored in Private Cloud
App front-end via BIG-IP in Private Cloud
Auto-discovery of Public Cloud resources
All resources managed from Private Cloud
Private Cloud
ADC & Security
App Connector
App Connector
AC
AC
Private keys
Application
Data
Application
Data
Public Internet
Application
Data
PROS
Secure Reverse Tunnel
29. Private Cloud
ADC & Security
AC
AC
Application
Storage
ADC & Security
• Security: sensitive data
• Storage: cost, data to/from the cloud
• Cloud lock-in: data transfer cost
• Performance: Higher latency
CONS
Sensitive data securely stored in Colo
Colo brings app closer to end users
Moving data in/out colo at low cost
Low latency towards all public cloud providers
Application
Data
Application
Data
Application
Data
App Connector
App Connector
Public Internet
Colo Facility
Public Cloud
XChangePrivate
Interconnect
Extend your Private Cloud into Colo Facility
PROS
Secure
Reverse
Tunnel
30. Private Cloud
ADC & Security
AC
AC
Application
Storage
ADC & Security
Application
Data
Application
Data
Application
Data
App Connector
App Connector
Public Internet
Colo Facility
Public Cloud
XChangePrivate
Interconnect
Extend your Private Cloud into Colo Facility
Secure
Reverse
Tunnel
Silverline
Services
31.
32. iControl
(REST & SOAP)
Allows light weight, rapid
interaction between user,
script & F5 devices
iApps
Services-based, template-
driven configurations on
BIG-IP
PROGRAMMABLE MANAGEMENT, CONTROL & DATA PLANES
iRule
Allows complete
programmatic access
to application traffic in
real time
34. Control
Plane
Data
Plane
LAYER 2-4
Stateless Fabric
SDN Controller iApp
Catalogue
iWorkflow
L4-L7 configuration
L2-L4 Configuration
APIC
REST APIsBIG-IP
APP APP APP APP APP
LAYER 4-7
Application Services
Cloud Orchestrator
Heat (iApp)
L4-L7 service configuration (F5)
App Configuration
L2-L4 network configuration
(optional) REST API Proxy
35.
36. • Lightweight alternative
for app development
• App runs without
guest VMs
• Portability: Easy lift
and shift to clouds or
vice versa
Review Using Docker Container Technology with F5 Products and Services on F5.com.
40. F5 Application Services Proxy
Key Features:
• Load Balancing
• HTTP headers manipulation
• Connection Manager
• Forwarder
• Telemetry
• TCP
• HTTP
Enable service mesh for application performance and
availability – native integration into Kubernetes, and Mesos/
Marathon for managing container app traffic.
Greater scale to meet app demands - provides app
scalability in container environments.
Spin up or down in seconds - flexibly routing and load
balancing within your container framework in seconds for
rapid deployment.
Gain end-to-end visibility - enables end-to-end visibility and
analytics via datastream export for fast resolution of
container traffic anomalies.
Application Service Mesh Across Containers
Node 2Node 1
Visibility and
Analytics
Visibility and
Analytics
F5 Application
Services Proxy
F5 Application
Services Proxy
Orchestration
F5Container
Connector
Container Environments
41. Container Environments
ApplicationServicesAcrossNetwork
F5 Container Connector
Scale and Secure Your Container Apps:
• Natively integrates with Kubernetes,
Marathon, OpenShift and Cloud Foundry
• Provides translation between Container
Environments and BIG-IP/ASP iControl
API
• Easily configure ingress control on BIG-IP
with app routing, automatic policy
creation, and health monitoring
• Leverage iApp pre-defined templates for
advanced app delivery, performance, and
security services
• Use traditional ADC functionalities in
Container infrastructure e.g. SSL offload,
L7 routing, …
Orchestration
F5Container
Connector
F5 BIG-IP
App Performance
and Security
Services
F5Container
Connector
F5 Application
Services Proxy
Visibility and
Analytics
Application Service Mesh Across Containers
42. Node 2Node 1
Orchestration
Kubernetes or OpenShift
ApplicationServicesAcrossNetwork
Application Services Across Container Environments
F5Container
Connector
F5 BIG-IP
App Performance
and Security
Services
Visibility and
Analytics
F5 ASP
(Kubernetes only)
Integrate and enable container app
services in Kubernetes or OpenShift
• Easily configure ingress control on
BIG-IP with app routing, automatic
traffic policy creation, and health
monitoring
• Enables service mesh routing, app
availability, and scale across
Kubernetes container environments
• Subscribes to Kubernetes or
OpenShift events to automatically
create, scale, or remove app
performance and security services
• Traffic visibility via data stream
export for analytics review
F5 ASP
(Kubernetes only)
43. Dynamic App Services For Container Environments
Frictionless And Automated App Services Insertion
Benefits:
• Frictionless app services for containers – integrates
natively with Kubernetes or RedHat OpenShift enabling
ingress control and Mesos/ Marathon for app
performance.
• Enable self-service for DevOps – spin up, spin down
app services in seconds within orchestration. Enable
service mesh for app scale with ASP across containers
• Automated discovery and services insertion –
dynamically create, modify, and remove app services
based on container events.
• Elastic app services – increases app performance,
enables access control, and delivers app protection.
• Faster deployment and greater visibility – rapid
deployment with predefined BIG-IP templates and obtain
complete visibility for fast resolution.
Problem: Constant manual changes with container
services causes lack of agility and increases friction.
Node 2Node 1
ContainerOrchestration
Container Environments
F5 BIG-IP
App Performance
and Security
Services
F5 Application
Services Proxy
Visibility and
Analytics
F5 Application
Services Proxy
F5Container
Connector
Solutions:
• F5 BIG-IP App Delivery Services
• F5 Container Connector
• F5 Application Services Proxy
Application Services Across Containers and PaaS
ApplicationServicesAcrossNetwork
44. Benefits:
• Simplify and Centralize Security Services – Enable
front-door security services protecting from BoTs, DDoS
attacks, unauthorized access, and app data leakage
• Automatically create and scale protection – by
subscribing to container events to auto-protect new
apps using BIG-IP templates
• Gain attack insights – from logging, reporting, and
analytics. Visualize attack traffic via data stream export
to 3rd party SIEM and analytics for in-depth review
• Integrate with vulnerability assessment – scan and
patch app vulnerabilities in development and production
Simplify and Centralize Security Services
Node 2Node 1
Orchestration
Container Environments
Visibility and
Analytics
F5Container
Connector
Problems: Security workloads are difficult to deploy
and too large in container environments.
• Container apps need security services outside of
the environment for advanced protection.
• Competitive solutions lack robust security services.
Solutions:
• F5 BIG-IP physical or virtual appliance
• F5 Container Connector
F5 BIG-IP
App Performance and
Security Services
3rd Party DAST
Vulnerability
Assessment
46. Licensed? Location? Open Source?
Container Connector no charge DockerHub, GitHub yes
Application Services Proxy per download, no charge DockerStore no
BIG-IP per appliance & module F5 no
BIG-IP virtual edition per VE & module F5 no
VIPRION chassis per chassis, blade, & module F5 no
F5 CONFIDENTIAL
• No charge required to run F5 Container Connector or Application Services Proxy
• Licensing is for BIG-IP per appliance/chassis/VE and any add-on modules
• Support for Container Connector and Application Services Proxy is included with a
BIG-IP Services contract