Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
| ©2019 F5 NETWORKS1
BIG-IQ and BIG-IP Cloud EditionKyle Oliver,
Principal Product Manager
Date: March 20, 2019
| ©2019 F5 NETWORKS2
Agenda and Table of Contents
BIG-IQ
1
2
3
4
5
APIs
Device
Management
Operational
Management
Policy
Management
Application Centric
Management
Overview and Challenges
Holistic Application Services Management
Analytics
Security Management
BIG-IP Cloud Edition
6 What is new in 6.1
| ©2019 F5 NETWORKS3
ORGANIZATIONS ARE EMBRACING DIGITIZATION TO DRIVE BUSINESS PERFORMANCE
The Digital Economy
69%
Organizations with, or
planning to start, a
digital transformation
initiative
| ©2019 F5 NETWORKS SOURCE: STATE OF APPLICATION SERVICES, F5 NETWORKS, JANUARY 2019
n = 850
Q: What benefits do you want from your digital transformation projects? Select all that apply.
DESIRED BENEFITS OF DIGITAL TRANSFORMATION
45%
IT OPTIMIZATION BUSINESS PROCESS
OPTIMIZATION
EMPLOYEE
PRODUCTIVITY
NEW BUSINESS
OPPORTUNITIES
New digital technologies help organizations create competitive advantage
and deliver value through new offerings, new business models, and new
customer relationships
69% 57%62%
| ©2019 F5 NETWORKS4
Digital TransformationREALIZING THE BENEFITS REQUIRES CHANGE ACROSS PEOPLE, PROCESS AND SYSTEMS
CHALLENGES
• Lack of skillset for automation (46%)
• Lack of skillset for multi-cloud (26%)
PEOPLE
Embrace modern, DevOps-influenced,
cross-functional teams
48% operate beyond silo’ed functions
43% have automated app services
35% offering self-service provisioning
CHALLENGES
• Need for consistent security
policies and governance (40%)
• Need to protect apps (39%)
• Visibility into app health (39%)
SYSTEMS
Applications themselves are the
foundation of our new digital economy
42% exploring new architectures
56% now use containers
58% cloud decisions, by or with, LOB
CHALLENGES
• Desire for still greater automation
(62% already automating)
• Resistance to automation (28%)
PROCESS
Change how applications are developed,
deployed and delivered
52% change how they develop apps
62% change how they deploy apps
48% change how they deliver apps
SOURCE: STATE OF APPLICATION SERVICES, F5 NETWORKS, JANUARY 2019| ©2019 F5 NETWORKS
| ©2019 F5 NETWORKS5
A Multi-Cloud WorldMULTI-CLOUD IS NO LONGER AN EXPERIMENT, BUT AN INTENTIONAL AND DECISIVE STRATEGY
44%
42%
29%
15%
47%
Case by case, per application
Business unit directive (stakeholder)
Type of application
Consultant recommendation
Type of end user of the application
Determined by IT
44%
Criteria for deciding which type of cloud to use for each application
% respondents
87%… of organizations
use multiple clouds
SOURCE: STATE OF APPLICATION SERVICES, F5 NETWORKS, JANUARY 2019
n = 1,066
Q: As you think about managing applications in a multi -cloud
environment, what part of managing the application do you find the most
challenging, frustrating, or difficult? “Multi -cloud” in this case refers to
multiple forms of cloud (private, public, or SaaS). Select all that apply.
n = 1,070
Q: How does your organization decide which type of cloud is best for each application? Select all that apply.
| ©2019 F5 NETWORKS6
Security ChallengesSECURITY IS AN EVEN MORE ACUTE ISSUE IN PUBLIC AND MULTI-CLOUD ENVIRONMENTS
8%
11%
6%
15%
15%
13%
32%
34%
37%
36%
44%
30%
29%
26%
27%
24%
15%
13%
23%
Applications off-premises co-location
9%6%Applications on-premises
Applications in public clouds
(IaaS and PaaS)12%15%
9%Applications from SaaS providers
13%All applications
Level of confidence to withstand an application-level security attack
53%
44%
38%
40%
37%
Top 2
31 42 5
Not at all confident Very confident
Only 53% of all
organizations are
confident they can
secure applications
on-premises, and the
confidence further
erodes to only 38% in
public cloud
SOURCE: STATE OF APPLICATION SERVICES, F5 NETWORKS, JANUARY 2019
n = 861
Q: On a scale of 1 to 5, please rate your confidence in your company’s ability to withstand an application level security thr eat.
| ©2019 F5 NETWORKS7
F5’s Perspective on the Application EcosystemTHREE INDUSTRY BELIEFS INFORM OUR STRATEGIC AGENDA
APPLICATION CAPITAL
Applications are our customers’ most valuable asset, and the number of apps is growing fast1
MULTI-CLOUD
Our customers choose the right public or private cloud for each application2
APPLICATION SECURITY
Application security becomes even more critical in multi-cloud, distributed environments3
| ©2019 F5 NETWORKS8
Traffic
Management
WAF,
DDoS,
Identity
Security
Analytics
Application
Performance
Monitoring
DNS,
GSLB
(We make apps go faster, smarter, safer)
ROLE
RE
AC
H
(Every
App, A
nyw
here
)
Software
as a Service
Infrastructure
as a Service
Platform
as a Service
On-premises
Private cloud
TODAY
OUR
FUTURE
Leader in
Multi-Cloud
Application
Services
Function
as a Service
Container
& as a Service
Container
Visibility &
Security
| ©2019 F5 NETWORKS
| ©2019 F5 NETWORKS9
Multi-Cloud ChallengesADOPTION OF MULTI-CLOUD INTRODUCES NEW CHALLENGES
CHALLENGES TO MANAGING MULTI-CLOUD APPLICATIONS
F5’s Application Services portfolio addresses these challenges
Protecting applications from existing and emerging threats
39%
Applying consistent security policy across enterprise
applications
40%
Optimizing performance of applications
39%
Gaining visibility into application health
39%
SOURCE: STATE OF APPLICATION SERVICES, F5 NETWORKS, JANUARY 2019
n = 1,066
Q: As you think about managing applications in a multi -cloud environment, what part of managing the application do you find the most challenging,
frustrating, or difficult? “Multi -cloud” in this case refers to multiple forms of cloud (private, public, or SaaS). Select all t hat apply.
| ©2019 F5 NETWORKS10
Universe of Enterprise ApplicationsUNLOCKING MILLIONS OF NEW APPLICATIONS THAT CAN BE ADDRESSED
BIG-IP Hardware &
Virtual Edition
BIG-IP
Cloud Edition
F5 Cloud SoftwareF5 Cloud Services
# of applications,
2017, millions
# of applications,
2022, millions
33 M 36 M 191 M
44 M 198 M 1,452 M+ +
APPLICATIONS 100%0%
More complex,
higher TCO
Cloud-native
AP
PLIC
AT
ION
AR
CH
ITE
CT
UR
E
| ©2019 F5 NETWORKS10
| ©2019 F5 NETWORKS11
Enterprise ApplicationsTHE MODERN ENTERPRISE IS HIGHLY DEPENDENT UPON APPLICATIONS
SharePoint
Concur
Workday
CRM
Inbox
Business Intelligence
| ©2019 F5 NETWORKS13
The Foundation of App-centered SecuritySECURING APPLICATIONS REQUIRES VISIBILITY, CONTROL AND RELIABILITY
Control ReliabilityVisibility
| ©2019 F5 NETWORKS14
ADC is a Key Control Point for SecurityKEY STRATEGIC CONTROL POINT FOR IMPLEMENTING SECURITY VISIBILITY AND CONTROL
PUBLIC / PRIVATE CLOUD DATA CENTER
For On-Prem | Off-Prem | Co-location | Public Cloud
F5 STRATEGIC CONTROL POINT FOR SECURITY
✓ Proxy ─ Unique Inline Insertion Point
✓ App Decomposition / Rich Context
✓ Integrated Service Chaining & Management
VIRTUAL ADC EXTENDS F5’s STRATEGIC POSITION
| ©2019 F5 NETWORKS15
The Changing Face of IT—Traditional Roles
Network Performance and Security
Provide network and security services to
app teams and users via service request tickets
NetOps SecOps
Application Availability and Performance
Consume app services and often lack unified visibility
into application health, performance, and security
App Owner DevOps
| ©2019 F5 NETWORKS16
Problems with the Status Quo
Trying to be strategic and pro-active• Want to focus on the big picture—overall network
health and security—not ticket fulfillment
• Drowning in endless change/resourcing tickets
• Desire to avoid being perceived as roadblocks
NetOps SecOps
Need empowerment, autonomy & speed• Desire to self-serve
• Responsible for app health but lack required tools
• Frustrated by need to constantly submit trouble
tickets and “hurry up & wait” for IT
App Owner DevOps
| ©2019 F5 NETWORKS17
The app owners are considering to move to cloud
native tools as they complain we are too
slow to address their new needsNetOps
“I don’t want to lose control.”
| ©2019 F5 NETWORKS18
My application doesn’t perform well. I have my
suspicions on where the problems may be, but
I need to wait for IT to investigate.App Owner
“I want more control.”
| ©2019 F5 NETWORKS19
The IT team is too slow deploying my app services.
We are moving into the era of agile development and
CI/CD but the infrastructure cannot keep up.DevOps
“I want more speed, agility, AND control.”
| ©2019 F5 NETWORKS21
Central Management with BIG-IQ
APIs
Device
Management
Operational
Management
Policy
Management
Application Centric
Management
| ©2019 F5 NETWORKS22
BIG-IQ Key Functions
APIs
Device
Management
Operational
Management
Policy
Management
Application Centric
Management
Per-App Dashboards
Advanced Analytics
Automate Deployments
Empower App Teams
Manage F5 Devices
Manage F5 Software
Manage Certs,
Licenses, Templates …
Manage Policies
| ©2019 F5 NETWORKS23
BIG-IQ Use CasesUNIFIED MANAGEMENT, VISIBILITY, AUTOMATION & ORCHESTRATION OF F5 APPLICATION SERVICES
Holistic, Role-Based App
Services Management
• Provide app owners autonomy
with self-service app services
templates
• Focus on improvement and
innovation, not service tickets
• Stop worrying about narrow
change/upgrade windows
• Simplify backups and restores
• Manage applications services
on-premises or in your preferred
cloud
Reduced Mean Time-To-
Innocence
• Gain deep, app-level visibility
into health metrics and security
alerts
• Quickly discover root causes
and solutions to application
problems
• Get a granular, per-app view
across operating environments
and F5 devices
• Foster collaboration between
app owners, SecOps, and
NetOps
On Demand Scalability of
Application Services
• Respond to increased load
quickly and easily
• Scale-out manually or based on
threshold templates—whatever
makes the most business sense
• Automatically spin resources
back down when demand
subsides
• Upgrade to new software
versions automatically
Centralized Management of App Services & Devices
Deep Visibility and Simplified Troubleshooting
Intelligent, Dynamic Autoscaling
360-Degree View of Your
Application Security
• Set fine-grained, per-app
security policies
• Gain one view into application
security from a single console
• Manage every F5 security
solution—L4-L7—from one
dashboard
• Improve compliance and
reporting with detailed audit logs
for security events
Centralized Security Dashboarding and Alerting
| ©2019 F5 NETWORKS24
Use Case: Centralized Management of App Services and Devices
Public cloud On-premises / PhysicalPrivate cloud & Colocation
App
TemplatesBIG-IQ
Service catalog
GUI-based(click-of-a-button)
App Owner
VIPRION or
BIG-IP
NetOps SecOps
REST API(infrastructure-as-code)
CI/CD tools
DevOps
| ©2019 F5 NETWORKS25
Align NetOps and SecOps Priorities with BIG-IQ
• Manage physical and virtual F5
devices
• Manage certificates
• Manage licenses
• Backup & restore devices and
configurations
• Integrate with iHealth
• Unify monitoring, alerting, and
reporting
• Define roles, permissions, & workflows
• Create service catalogs for app owners
and DevOps teams
• Enforce consistent security policies
• Centralize security dashboards
ADC DNS, GSLB
Network
Security
DoS
Protection
Web App
Security
Access Web Fraud
Protection
SecOps
NetOps
| ©2019 F5 NETWORKS26
Provide App Owners & DevOps with the Services They Need
AppOwners
Roles-Based Functions
Roles-Based Workflows
Application Dashboards
Self-service Catalog for app
deployment
Integration into CI/CD pipelines
Rich set of APIs
Declarative technology
ProvisioningTroubleshooting/
Analytics
DevOps
| ©2019 F5 NETWORKS27
"Any" cloud
Automate BIG-IQ via REST
BIG-IQ
App & AS3templates
Virtual Editions
VIPRION
BIG-IP
Public cloud
VE
VE
| ©2019 F5 NETWORKS28
Reports AuditEvents
Use Case: Deep Visibility and Simplified Troubleshooting
• Device Changes
• LTM
• APM
• ASM (WAF)
• AFM
• Fraud Protection
• System
• Aggregated/
searchable iHealth
reports
• Upgrade Advisor
• Network Security
• Web Application
Security
• DDoS Events
• Fraud Protection
Service Alerts
• IPsec
• Web Application
Security (L7)
• Network Security (L4)
Dashboards
• F5 Devices
• Traffic Mgmt. (LTM)
• APM (Access)
• SWG
• DNS
• DNS DDoS
• L7 Security
• AFM
New
!
| ©2019 F5 NETWORKS31
Problems that Keep App Owners Up at NightEASILY SOLVED WITH BIG-IP CLOUD EDITION
App
Landscape
View
App
Drill-Down
View
404 Errors
Missing Pool Members
Slow Application Response Time
Browser Issues
Security—Single Attacks
Security—Massive Attack
503 Errors
| ©2019 F5 NETWORKS32
Quickly Identify Problems (and Solutions)REDUCE OVERALL MEAN TIME-TO-INNOCENCE
Gain single-pane-of-glass visibility into your
entire application estate
Get deeper, per-app insight into app health,
performance, and security
Pinpoint problems and their resolutions
faster
Manage and troubleshoot apps deployed in
multi-app VE, per-app VE, and hardware
| ©2019 F5 NETWORKS33
Quickly Identify Problems (and Solutions)TROUBLESHOOTING A 404 ERROR
Gain deeper
analytics at
the click of a
buttonApplication
Performance
Response
codes
| ©2019 F5 NETWORKS34
Quickly Identify Problems (and Solutions)TROUBLESHOOTING A 404 ERROR
Narrow
down the
problem to
404 errors
| ©2019 F5 NETWORKS35
Quickly Identify Problems (and Solutions)TROUBLESHOOTING A 404 ERROR
See when the
404 errors
occurred
Narrow down
the problem to
404 errors and
a specific URL
| ©2019 F5 NETWORKS36
“BIG-IQ simplifies management, helps ensure compliance, and gives us the tools we need to deliver our applications securely and effectively.”
Key benefits of F5 BIG-IQ Centralized Management• Increased productivity
• Delivers self-service workflows
• Enables focus on core business, not IT
• Simplifies management
• Ensures compliance
F5 Reference Architectures• Application Services
-Edgar Palamarchuk, Senior Network Engineer, Enterprise Networking, MAXIMUS
LTM BIG-IQ
View on F5.com
| ©2019 F5 NETWORKS37
Use Case: Autoscaling of App ServicesON DEMAND SCALABILITY WITH NO NEED TO OVERPROVISION
L7 Traffic Mgmt.
+ App protection
(LTM, WAF)
BIG-IQ
VE App
VE
VEQuick response
to increased
load with
auto-scaling of
app services
and security
Auto-scale
based on
threshold
policies
Once traffic
peak subsides,
additional
instances are
spun down
Legend
| ©2019 F5 NETWORKS38
Autoscaling of App Services
Select Trigger
Metric
Automatic
Scale Out
Set Manual
Scale Out
Template-based autoscaling policies
Trigger based on CPU, memory,
throughput - in/out
Manual scale-out for pre-planned
events
Supported in VMware, AWS, Azure
| ©2019 F5 NETWORKS39
Seamless Update to New Software VersionTRADITIONAL IN-PLACE UPGRADES GO AWAY
L7 Traffic
Management.
+ App Protection
(LTM, WAF)
Per-App
App
Traffic
Distribution
VE
V13.1
VE
v14.1
Automated rolling upgrades
Eliminate manual upgrades
Supported in VMware, AWS, and Azure
BIG-IQ
| ©2019 F5 NETWORKS40
Use Case: Centralized Security Management
Gain unified
security
dashboards,
reports, and alerts
Set centralized,
per-app security
policies across
operating
environments
Manage and
distribute
signatures from a
single location
Improve
compliance with
enterprise-wide
audit trails
and asset mgmt.
Use one console to
manage the F5 suite:• Advanced WAF
• ASM
• AFM
• DNS
• APM
• Fraud Protection
• Cert Management
Build, distribute,
and improve
security policies in
ASM
| ©2019 F5 NETWORKS41
ALIGN NETOPS AND SECOPS TO SECURE APPS
Comprehensive policies, threat visibility,
automation, and analytics enable agile
application protection
Build per-app automated security mgmt. and monitoring
DevOps, SecOps, and app developers work together
Delivers per-app security analytics/dashboards
Threat visibility across the security stack
Security Management & Monitoring
| ©2019 F5 NETWORKS42
BIG-IQ for Advanced WAFPER APPLICATION SECURITY, AND BREACH MGMT. AND MONITORING
OWASP Top 10 Incident Detection and Response (IDR)
Malicious Bot IDRAnti-Bot Mobile SDK mgmt. Credential attack IDR
API’sSecOps meets DevOps App layer DoS signature mgmt.
Per-app analytics, logs,alerts, and usage
| ©2019 F5 NETWORKS44
What is BIG-IP Cloud Edition?A SOLUTION COMPOSED OF BIG-IP PER-APP VIRTUAL EDITIONS AND THE ENHANCED
MANAGEABILITY OF BIG-IQ—DELIVERING DEDICATED, RIGHT-SIZED F5 APPLICATION SERVICES
Per-App Virtual Edition
Enhanced BIG-IQ Management
Supported cloudsDedicated
Right-sized
Industry-leading ADC and WAF
Ease of use and self-service
Application level analytics
Auto-scale and multi-cloud presence
| ©2019 F5 NETWORKS45
Five Key Use Cases
Dedicated
services for Apps
Easiest to use
and operate
Cost Effective
services for
more Apps
Best Protection
for more Apps
AutoScale
when needed
On Demand
Scalability
Self-Service
for App team
Agile App Services
Simple,
App-focused
troubleshooting
Reduced mean
time to innocence
Same as BIG-IQ
| ©2019 F5 NETWORKS46
Deliver Dedicated F5 App Services for each AppBREAK DOWN BARRIERS TO DEPLOYING EXISTING AND NEW APPS FASTER
L7 traffic management
and app protection
(LTM, Adv. WAF)
App 1
App 2
App N
VE
VE
VE
• Industry-leading dedicated traffic management and app
protection for existing apps
• Cost effective F5 app services for the next tier of apps
Proven F5 Per-App Services for NetOps & App Teams
• Right-sized to enable per-app deployment of services
• Isolation of service failure reduces impacts to business
operations
• Improved productivity with automated provisioning
• Advanced protection for all apps
Benefits
Per-App vADC
| ©2019 F5 NETWORKS48
Application Services 3 Extension (AS3)
iControl LX Extension
Accepts declarative API
Runs on BIG-IP, BIG-IQ or in a
container
Minimizes need for BIG-IP
domain expertise
Minimizes deployment errors
BIG-IQ will create app
dashboards for monitoring and
alerting
API Call
BIG-IP
BIG-IP
BIG-IP
BIG-IP
One
Declarative
Statement
AS3 on BIG-IQ
| ©2019 F5 NETWORKS49
New Security Dashboards and Reports
New DDoS dashboards - summary, HTTP, network
analysis, attach history and DNS activity
Layer 7 protection
ACL traffic
Security Analytics and Dashboards
| ©2019 F5 NETWORKS50
Other New Features
BIG-IQ 6.1
APIs
Device
Management
Operational
Management
Policy
Management
Application Centric
Management
Auto-Scaling in Azure
Provide access to specific utility license offerings to a license manager
Schedule subscription license reports
Support for BIG-IP 14.1 WAF features
Add or import LTM policies and policy rules into service catalog templates
Improved Global Search
Threat Intelligence Menu for managing WAF signature, Server Technology, and Browser Challenge files
Author custom identifiers for utility pool license offerings
Verify hosts for secure encrypted SSL communication
Resolve conflicts when discovering and importing LTM profiles and default monitor for BIG-IP devices
Add multiple BIG-IP devices to BIG-IQ at the same time