Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
| ©2018 F5 NETWORKS1
Application Services for a DevOps World
Bart Salaets
Sr Director Solution Architects EMEA
October 22, 2019
| ©2019 F5 NETWORKS2
SPEED
| ©2019 F5 NETWORKS3
SECURITY
| ©2019 F5 NETWORKS4
SECURITYSPEED
| ©2019 F5 NETWORKS5
APPLICATION CAPITAL
Uber
Today1800s
PHYSICAL CAPITAL
Carnegie
Rockefeller
The Journey to Application Capital
1900s
HUMAN CAPITAL
McKinsey and Company
IBM
| ©2019 F5 NETWORKS6
The number
of applications
is booming
2023
3.7B
2018
700M
| ©2019 F5 NETWORKS7
The Application Landscape is Transforming
THE FUTURE IS CLOUD
87% of customers are adopting multi-cloud1
0% of customers can report the number
of applications in their portfolio with confidence
Privacy and compliance are taking a back seat
to speed to market
DEVOPS IS RISING2
65% of orgs will expand agile/DevOps
methods into the wider business by 2021
70% of CIOs will use APIs to interconnect
automation tools by 2021
DevOps is critical to agility, but causes
an organizational divide
TECHNOLOGY IS CHANGING
85% of new app workload instances are
container-based, growing to 95% by 20213
83% of Internet traffic is now APIs, only 17%
is HTML4
Analytics and API management across the
environment is difficult
1 F5 STATE OF APPLICATION SERVICES REPORT 2018 2 IDC FUTURESCAPE 2019 3 CISCO GLOBAL CLOUD INDEX: 2016-2021
4 AKAMAI STATE OF THE INTERNET REPORT 2019
| ©2019 F5 NETWORKS8
MONTHS DAYS HOURS
Application Lifecycle Challenges
Classic enterprise Transforming enterprise Web scale
PEOPLE AUTOMATION AI-ASSISTED
Visibility / Security & Privacy / Customer Experience / Data & Intelligence
3-tier or Monolithic 3-tier or Monolithic + Microservices
10s 100s 1000s
Microservices
How fast can you go from code to customer?
How many apps are you able to take from code to customer in the next year?
How do you secure & govern your application portfolio?
| ©2019 F5 NETWORKS9
App Dev DevOps NetOps SecOps Business Owner
Develop
Secure &
Govern
Deploy
Operate
CI/CD tools, SDK
App Server
Web Server
API Gateway
Provisioning
Orchestration
Scale
Performance
Central management
Visibility and monitoring
Patching and upgrades
Automation
Security
Privacy
Compliance and policy enforcement
Total cost of ownership
Lifecycle of a Single Application
| ©2019 F5 NETWORKS10
Application Services That Go from Code to CustomerTHE F5 SOLUTION
LOCAL LOAD BALANCING
GLOBAL LOAD BALANCING
FIREWALL APIMANAGEMENT
API GATEWAY
WEB APP FIREWALL
DDoS + BOT PROTECTION
ACCESS MANAGEMENT
APPLICATION PERFORMANCE MANAGEMENT
WEB/APP SERVER
SSL DECRYPTION and ORCHESTRATION
CREDENTIAL ENCRYPTION
| ©2019 F5 NETWORKS11
Multi-Cloud Application Services with F5FROM CODE TO CUSTOMER
Secure &
Govern
Operate+
DeployDevelop
VISIBILITY AND ANALYTICS
MULTI-VENDOR ORCHESTRATION
Any infrastructure
Public Cloud / Colocation / Containers / Virtual Machines / COTS HW / Proprietary HW
CODE CUSTOMERApp
server
LB
K8S Ingress
API
gateway
Web app
firewall
DNS CDNWeb
server
DDoS
Control Plane
NGINX Controller
Control Plane
BIG-IQ
Ecosystem
Control Plane
| ©2019 F5 NETWORKS12
Leveraging Ecosystem Integrations
F5 Ansible
Modules
ECOSYSTEM
SOLUTIONS
| ©2019 F5 NETWORKS13
Right-sized App Services for Any Application
Centralized with netops CONTROL Decentralized to developers
Hybrid
Cloud-native
APPLICATION
ARCHITECTURE
BIG-IP Hardware, Virtual Edition, Cloud Edition, BIG-IQ
Broadest portfolio of advanced application services that
deliver superior app performance, security and availability
across multi-cloud environments.
NGINX
Lightweight, agile ADC and API software for container-built apps, CI/CD workflows, and microservices, deployed as subscription.
F5 CLOUD SERVICES
Composable, extensible, and self-serve App Services globally available as a SaaS model.
| ©2019 F5 NETWORKS14
Automating App Services – Shifting Control
Cloud
ArchitectDevOps
API-driven provisioning & monitoring of App Services
Consult, validate & review app services
TRADITIONAL APP SERVICES DEPLOYMENT
CLOUD-NATIVE APP SERVICES DEPLOYMENT
NetOps SecOps
AppDev
Cloud
ArchitectDevOps AppDev
NetOps SecOps
Deploy Apps
Prepare Templates
Deploy Apps
API-driven deployment & provisioning of App Services
API-driven provisioning & monitoring of App Services
| ©2019 F5 NETWORKS15
DevOps & CI/CD PipelinesPROCESS & TOOLING
Continuous
Monitoring
Continuous
Release & DeploymentContinuous
Business Planning
Collaborative
DevelopmentContinuous
Testing
Continuous Customer
Feedback & Optimization
Develop
Secure &
Govern
Deploy
Operate
| ©2019 F5 NETWORKS16
Automation of Application Services in CloudDELIVERING SPEED & AGILITY FOR THE APPLICATION TEAMS
DEPLOY APPSERVICESBOOTSTRAP ONBOARD
MONITORING/TELEMETRY CHANGE
Private Cloud
Public Cloud
Declarative API
Declarative API
Cloud-specific
templates
VE
TelemetryStreaming
| ©2019 F5 NETWORKS17
Automation Toolchain for BIG-IP
CLOUD SOLUTION
TEMPLATES
DECLARATIVE
ONBOARDING
EXTENSION
APP SERVICES 3
EXTENSION
TELEMETRY
STREAMING
EXTENSION
Start BIG-IP
instances in public
and private clouds
Initial configuration of
BIG-IP instances
Deploy classic and
advanced application
services on BIG-IP
using declarative
REST APIs
Stream telemetry,
events, and logs from
BIG-IP to various
analytics and logging
solutions
BOOTSTRAP ONBOARD DEPLOY APP SERVICES MONITORING/TELEMETRY
| ©2019 F5 NETWORKS18
Infrastructure as Code – Two ApproachesSTORED IN SOURCE CONTROL – SINGLE SOURCE OF TRUTH
Tell the system HOW to do
something – every step of the way
Tell the system WHAT you want,
and let it figure out HOW to do it
IMPERATIVE DECLARATIVE
Declarative API: You define the desired end-state; it fills in the details on “how to get there.”
VS
| ©2019 F5 NETWORKS19
AS3 Sample Declarative API
| ©2019 F5 NETWORKS20
Infrastructure Change ApproachTWO TYPES OF INFRASTRUCTURE CHANGES
ONE-OFF CHANGESVIA SERVICE CATALOG
Only once during the lifecycle of an app
• Database or queue provisioning
• Virtual IP address with SSL profile and
cookie persistency
CONTINUOUS CHANGESVIA CI/CD PIPELINES
Continuously evolving with the lifecycle of the app
• API protection on new endpoints
• WAF Policy & Anti-bot mitigation
| ©2019 F5 NETWORKS21
Introducing DevSecOpsSECURITY AS CODE
DevSecOps means thinking about application and infrastructure security
right from the start.
It also means automating some security
gates to keep the DevOps workflow
from slowing down.DEV SEC OPS
| ©2019 F5 NETWORKS22
App Services Automation for Traditional AppsINFRASTRUCTURE & SECURITY AS CODE
Source Code Repository IT Automation
Application code/config for app X
ADC & Security policy/config for app X
Ansible playbook for deployment
of App X with it’s App Services
BIG-IP
Deploy and configure
ADC & Security policies
(declarative API)
Deploy and configure
Application X
| ©2019 F5 NETWORKS23
App Services Automation for Modern AppsINFRASTRUCTURE & SECURITY AS CODE
Source Code Repository CI/CD Pipeline Tool IT Automation
Application code/config for app X
ADC & Security policy/config for app XPipeline for build/test/deploy of App X
Ansible playbook for deployment
of App X with it’s App Services
INGRESS CONTROLLER
SERVICE 1 SERVICE 2
SERVICE 3 SERVICE 4
BIG-IP
K8SMASTER
F5CIS
Config info for App X and L4/L7 ADC & Security policiesleveraging NGINX and BIGIP ingress services
ADC & Security policiesvia declarative REST API
L7 Routing Policies
| ©2019 F5 NETWORKS24
Summary – Our Multi-Cloud App ServicesENHANCE AND SECURE YOUR APPLICATION CAPITAL
FASTER
Improves the performance
and end-user experience
of your applications
SMARTER
Makes your developers
more productive
SAFER
Improves your enterprise
security and risk posture
| ©2019 F5 NETWORKS25
must enhance and secure To survive in the digital economy, every enterprise
their Application Capital.
| ©2019 F525
| ©2019 F5 NETWORKS26