Archive for cloud

Lightboard Lessons: BIG-IP in Hybrid Environments

Posted in security, f5, big-ip, ssl vpn, cloud, silva, application delivery, lightboard, devcentral, remote access, saml, aws, azure, saas by psilva on October 12th, 2016

A hybrid infrastructure allows organizations to distribute their applications when it makes sense and provide global fault tolerance to the system overall. Depending on how an organization’s disaster recovery infrastructure is designed, this can be an active site, a hot-standby, some leased hosting space, a cloud provider or some other contained compute location. As soon as that server, application, or even location starts to have trouble, organizations can seamlessly maneuver around the issue and continue to deliver their applications.

Driven by applications and workloads, a hybrid environment is a technology strategy to integrate the mix of on premise and off-premise data compute resources. In this Lightboard Lesson, I explain how BIG-IP can help facilitate hybrid infrastructures.

ps

Related:

 

Watch Now:



F5 Access for Your Chromebook

Posted in security, f5, big-ip, ssl vpn, cloud, silva, application delivery, mobile, devcentral by psilva on October 12th, 2016

My 5th grader has a Chromebook for school. She loves it and it allows her access to school applications and educational tools where she can complete her assignments and check her grades. But if 5th grade is a tiny dot in your rear-view and you’re looking to deploy Chromebooks in the enterprise, BIG-IP v12 can secure and encrypt ChromeOS device access to enterprise networks and applications. With network access, Chromebook users can run applications such as RDP, SSH, Citrix, VMware View, and other enterprise applications on their Chrome OS devices.

From an employee’s perspective, it is very easy to get the SSLVPN configured. Log on to a Chromebook, open Chrome Web Store, search for ‘F5 Access’ and press the +ADD TO CHROME button. Add app when the dialogue box pops and F5 Access will appear in your ‘All Apps’ window.

f5_access.jpg

Next, when launched, you’ll need to accept the license agreement and then add a server from the Configuration tab:

add_server.jpg 

Next, give it a unique name, enter the BIG-IP APM server URL and optionally add your username and password. Your password will not be cached unless that’s allowed by the APM Access Policy. You can also select a client certificate if required. Once configured, it’ll appear in the list. You can also have multiple server configurations if needed:

added_server.jpg 

To connect, click the bottom tray bar and select the tile that says, ‘VPN Disconnected.’

f5access_tile.jpg

And select the server configured when setting up the app. Depending on the configuration, you’ll either get the native login window or the WebTop version:

f5access_login.jpg 

Once connected, there won’t be any indication in the tray but if you click it, you’ll see the connection status in the same VPN area as above and it’ll show ‘connected’ within the F5 Access app:

f5access_connected.jpg 

As you can see in the above image, you can also check Statistics and Diagnostics if those are of interest. To end the connection, click the tray again, select the VPN tile and click Disconnect.

For administrators, it’s as simple as adding a ‘ChromeOS’ branch off the ClientOS VPE action:

f5access_clientos.jpg

Then add a Connectivity Profile to BIG-IP:

f5access_connectivity_profile.jpg 

In addition to generic session variables, client session variables are also available. Check out the release notes and BIG-IP Access Policy Manager and F5 Access for Chrome OS v1.0.0 manual for more info.

ps

Related:




Your Applications Deserve iApps

Posted in f5, big-ip, cloud, saml, federation, saas, office 365 by psilva on June 21st, 2016

enterprise-cloud-secureappsanywhere.png

F5iApps are user-customizable frameworks for deploying applications that enablesyou to ‘templatize’ sets of functionality on your F5 gear. You can automate theprocess of adding virtual servers or build a custom iApp to manage your iRulesinventory.

Applicationready templates were introduced in BIG-IP v10 and the goal was to provide awizard for the often deployed applications like Exchange, SharePoint, Citrix,Oracle, VMware and so forth. This allowed the abstraction some of theconfiguration details and reduced the human error when following the pages ofthe thick deployment guides for those applications. Application templates weregreat but there was no way to customize the template either during thedeployment or adjust it after.

Then came iApps®.

Introducedin TMOS v11, iApps is the current BIG-IP system framework for deployingservices-based, template-driven configurations on BIG-IP systems. iApps bundlesall of the configuration options for a particular application together.

Roughly athird of F5 customers use iApps and they are especially popular for morecomplex configurations, like Microsoft Exchange, for example, which requires upto 1200 mouse clicks to configure manually and only 50 mouse clicks toconfigure with the iApp. iApps are also often used to roll out similarconfigurations to multiple BIG-IP's. Some customers run hundreds of iApps, somerun none--the choice is yours.

Hereis one example of iApp customization and its evolution. When we released SAMLsupport in v11.3, many customers wanted to use BIG-IP APM as a SAML IdentityProvider (IdP) for Office365 but there are a few steps to configure that inBIG-IP. Configure Active Directory, then SAML, then the access policy and soforth. One of our very smart Security Architects, Michael Koyfman, wanted tomake that task simple, repeatable and accurate.

o365-logo.jpg

He decidedto write an O365 iApp and posted it to DevCentral where there was immediateinterest from the community. From that, Product Development engineers rewroteit to follow their libraries and best practices and then moved to the supportedstatus.  You can now use this F5supported iApp template to configure the BIG-IP system as a SAML IdP toMicrosoft Office 365 applications, such as Exchange and SharePoint. Thistemplate configures the BIG-IP APM system as an IdP for Office 365 to performsingle sign-on (SSO) between the local Active Directory user accounts andOffice 365-based resources such as Microsoft Outlook Web App and MicrosoftSharePoint.

But we didn’tstop there.

Since it isthe same framework and easily extensible to add more services to an iApp, theytook it a step further. With the O365 iApp as the basis, the team then built a SaaS FederationiApp which allows you to configure BIG-IP APM as SAML IdP to 11 commonlyused SaaS applications including Salesforce, Concur, WebEx, O365 and others.Now, with a single iApp, you can federate your employees to many SaaSapplications easily, efficiently and securely. This iApp also went through abeta period on DevCentral and was recently released as a F5 supported iApp.

ui_saas_iapp.png 

UI configurations for the SaaS iApp

 

saas_iapp_after.png 

Summary of configurations for the SaaSiApp

So if youneed quick and easy way to deploy your applications, look no further than F5iApps. You can use the F5 built iApps, you can customize F5 built iApps or youcan build your own iApps. Your applications, infrastructure and business willthank you.

ps




Would You Put Corporate Applications in the Cloud?

Posted in security, f5, big-ip, cloud, cloud computing, silva, application delivery, AAA, federation, access, saas by psilva on February 23rd, 2016

apmicon.png

There once was a time when organizations wouldn’t consider deploying critical applications in the cloud. It was too much of a business risk from both an access and an attack perspective—and for good reason, since 28 percent of enterprises have experienced more security breaches in the public cloud than with on-premises applications. This is changing, however. Over the last few years, cloud computing has emerged as a serious option for delivering enterprise applications quickly, efficiently, and securely. Today almost 70 percent of organizations are using some cloud technology. And that approach continues to grow. According to the latest Cisco Global Cloud Index report, global data center IP traffic will nearly triple over the next five years. Overall, data center IP traffic will grow at a compound annual growth rate of 25 percent from 2012 to 2017.

This growth is to support our on-demand, always connected lifestyle, where content and information must be accessible/available anytime, anywhere, and on any screen. Mobility is the new normal, and the cloud is the platform to deliver this content. No wonder enterprises are scrambling to add cloud components to their existing infrastructure to provide agility, flexibility, and secure access to support the overall business strategy. Applications that used to take months to launch now take minutes, and organizations can take advantage of innovations quickly. But most IT organizations want the cloud benefits without the risks. They want the economics and speed of the cloud without worrying about the security and integration challenges.

Use of the corporate network itself has become insecure, even with firewalls in place. Gone are the days of “trusted” and “untrusted,” as the internal network is now dangerous. It'll only get worse once all those IoT wearables hit the office. Even connecting to the corporate network via VPN can be risky due to the network challenges. Today, almost anything can pose a potential security risk, and unauthorized access is a top data security concern.

Going against the current trend, some organizations are now placing critical applications in the cloud and facing the challenge of providing secure user access. This authentication is typically handled by the application itself, so user credentials are often stored and managed in the cloud by the provider. Organizations, however, need to keep close control over user credentials, and for global organizations, the number of identity systems can be in the thousands, scattered across geographies, markets, brands, or acquisitions. It becomes a significant challenge for IT to properly authenticate the person (whether located inside or outside the corporate network) to a highly available identity provider (such as Active Directory) and then direct them to the proper resources. The goal is to allow access to corporate data from anywhere with the right device and credentials. Speed and productivity are key.

Authentication, authorization, and encryption help provide the fine-grained access, regardless of the user’s location and network. Employee access is treated the same whether the user is at a corporate office, at home, or connected to an open, unsecured Wi-Fi network at a bookstore. This eliminates the traditional VPN connection to the corporate network and also encrypts all connections to corporate information, even from the internal network.

In this scenario, an organization can deploy the BIG-IP platform, especially virtual editions, in both the primary and cloud data centers. BIG-IP intelligently manages all traffic across the servers. One pair of BIG-IP devices sits in front of the servers in the core network; another pair sits in front of the directory servers in the perimeter network. By managing traffic to and from both the primary and directory servers, the F5 devices ensure the availability and security of cloud resources—for both internal and external (federated) employees. In addition, directory services can stay put as the BIG-IP will simply query those to determine appropriate access.

While there are some skeptics, organizations like GE and Google are already transitioning their corporate applications to cloud deployments and more are following. As Jamie Miller, President & CEO at GE Transportation, says, 'Start Small, Start Now.'

ps

Related:

Technorati Tags: cloud,big-ip,authentication,saas,f5
Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



The Top 10, Top 10 Predictions for 2016

Posted in security, cloud, silva, research, mobile, infrastructure, people, humans, big-iq, predictions, top 10, iot, sensors by psilva on December 9th, 2015

The time of year when crystal balls get a viewing and many pundits put out their annual predictions for the coming year. Rather than thinking up my own, I figured I’d regurgitate what many others are expecting to happen.

7 Future Predictions for the Internet of Things – IoT is one of the hottest terms and trends. From connected cars, homes, businesses and more, connected devices are becoming more prevalent in our lives. Stable Kernel looks at the future economic growth, development of smart cities, wearables, privacy challenges and how voice commands will become the norm.

Top 10 Humanoid Robots Designed To Match Human Capabilities And Emotions – While once a dream of The Jetsons, companion robots in the home will become as common as pets, even if the pet is a robot. WT VOX explores whether robots could fully replace humans by 2045 as some predict and takes a look at the top 10 that are starting to match human capability.

The top security threats of 2016 – ZDNet digs into McAfee's 2016 cybersecurity threat report covering areas like hardware, ransomware, cloud services, connected cars and the warehouses of stolen data. From the Ashley Madison hack, to Jeeps taken off-road and the TalkTalk breach, digital infiltration is now a daily occurrence and no one is immune.

Forrester’s top 10 predictions for business in 2016 — and what they mean for tech – Computerworld summarizes Forrester’s top 10 predictions and how 2016 will be the year that the companies that thrive will be those advancing down the customer obsession path. They look at critical business issues like loyalty, analytics, personalization and how privacy will become a value to which customers will respond. You need to live a customer-obsessed operating model to survive.

IBM predicts tech world of 2016 – At number 5, IBM has published its 6th annual Five in Five - where it predicts five innovations that will change all of our lives in the next five years, with mind-reading machines apparently set to be interpreting our thoughts by 2016. From generating our own energy to no more passwords to almost everyone having some sort of mobile technology, IBM Labs is exploring these emerging technologies.

DDoS Predictions for 2016, IBM Insights – Also from Big Blue, they are sharing insight into new types of DDoS attacks that are to be expected during the coming year. DDoS is no longer a nagging problem but a bona fide technique to disable a company’s resources. BitTorrent, malicious JavaScript and Temporal Lensing DDoS (pdf) attacks are all explained. As I’ve mentioned before, there have always been protesters and activists - some write letters, some picket on the sidewalk, some throw rocks and with the advent of the internet, now you can protest (and more) by creating digital havoc.

5 IT industry predictions for 2016 from Forrester and IDC – CIO.com hits on the 2016 predictions of IDC and Forrester, two of the largest analyst firms. In their distillation, there could be a bleak future for legacy vendors since according to IDC, ‘by 2020, more than 30 percent of the IT vendors will not exist as we know them today.’ There will also be some cloud consolidation, big data gets even bigger and traditional enterprises will turn into software companies. Software developers will become a scarce commodity.

IDC Software Licensing and Pricing Predictions 2016: Top 10 Predictions – And speaking of software, Amy Konary of IDC writes about focus areas like the growth of subscription and outcomes-based pricing, the real cost of licensing complexity, usage models in IoT, the business model impacts of the convergence of cloud, mobile, social, and big data technologies.

10+1 Commandments For Companies Developing Wearable Health Trackers – Many of us will be getting a wearable or two this holiday season so ScienceRoll rolled up it’s 10+1 commandments every company developing wearable health trackers should follow. Practical value, online communities, long live batteries and gamification are what user’s desire. We know you want to make money but focus on helping people live a healthier life.

In-depth: Top 10 Internet of Things companies to watch – We started with IoT and figured I’d caboose this with another. RCRWireless digs in to the top players in both Industrial IoT and Consumer IoT. Many of the names are familiar: Cisco, IBM, ATT, Google, GE, Samsung and a few others are already hedging their future on all these connected nouns. See what these organizations are doing both internally and externally to embrace IoT and take advantage of this proposed multi-trillion dollar market opportunity.

And if you want to see if any of the previous year’s predictions came true, here ya go:

ps

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



AWS re:Invent 2015 – Programmability in the Cloud (feat Applebaum)

Posted in f5, cloud, silva, video, aws by psilva on October 8th, 2015

Programmability and orchestration are critically important with cloud deployments and Alex Applebaum, Sr. Product Management Engineer, explains why and talks about ways organizations can use BIG-IP programmability in the cloud. Yet another critical F5 service, always available on the BIG-IP platform, now enabled for the cloud.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Watch Now:



IoT Ready Infrastructure

Posted in f5, cloud, silva, application delivery, infrastructure, iot, things by psilva on May 5th, 2015

IoT applications will come in all shapes and sizes but no matter the size, availability is paramount to support both customers and the business. The most basic high-availability architecture is the typical three-tier design. A pair of ADCs in the DMZ terminates the connection. They in turn intelligently distribute the client request to a pool (multiple) of IoT application servers which then query the database servers for the appropriate content. Each tier has redundant servers so in the event of a server outage, the others take the load and the system stays available.

This is a tried and true design for most operations and provides resilient application availability, IoT or not, within a typical data center. But fault tolerance between two data centers is even more reliable than multiple servers in a single location, simply because that one data center is a single point of failure.

Cloud: The Enabler of IoT

The cloud has become one of the primary enablers for IoT. Within the next five years, more than 90% of all IoT data will be hosted on service provider platforms as cloud computing reduces the complexity of supporting IoT “Data Blending”.

In order to achieve or even maintain continuous IoT application availability and keep up with the pace of new IoT application rollouts, organizations must explore expanding their data center options to the cloud, to ensure IoT applications are always available. Having access to cloud resources provides organizations with the agility and flexibility to quickly provision IoT services. The Cloud offers organizations a way to manage IoT services rather than boxes along with just-in-time provisioning. Cloud enables IT as a Service, just as IoT is a service, along with the flexibility to scale when needed.

Integrating cloud-based IoT resources into the architecture requires only a couple of pieces: connectivity, along with awareness of how those resources are being used.

buckle.jpg

Once a connection is established and network bridging capabilities are in place, resources provisioned in the cloud can be non-disruptively added to the data center-hosted pools. From there, load is distributed per the ADC platform’s configuration for the resource, such as an IoT application.The connectivity between a data center and the cloud is generally referred to as a cloud bridge. The cloud bridge connects the two data center worlds securely and provides a network compatibility layer that “bridges” the two networks. This provides a transparency that allows resources in either environment to communicate without concern for the underlying network topology.

By integrating your enterprise data center to external clouds, you make the cloud a secure extension of the enterprise’s IoT network. This enterprise-to-cloud network connection should be encrypted and optimized for performance and bandwidth, thereby reducing the risks and lowering the effort involved in migrating your IoT workloads to cloud.

Maintain seamless delivery

This hybrid infrastructure approach, including cloud resources, for IoT deployments not only allows organizations to distribute their IoT applications and services when it makes sense but also provides global fault tolerance to the overall system. Depending on how an organization’s disaster recovery infrastructure is designed, this can be an active site, a hot standby, a leased hosting space, a cloud provider, or some other contained compute location. As soon as that IoT server, application, or even location starts to have trouble, an organization can seamlessly maneuver around the issue and continue to deliver its services to the devices.

Advantages for a range of industries

The various combinations of hybrid infrastructure types can be as diverse as the IoT situations that use them.

Enterprises probably already have some level of hybrid, even if it is a mix of owned space plus SaaS. They typically prefer to keep sensitive assets in-house but have started to migrate workloads to hybrid data centers. Financial industries have different requirements than retail. Retail will certainly need a boost to their infrastructure as more customers will want to test IoT devices in the store.

The Service Provider industry is also well on their way to building out IoT ready infrastructures and services. A major service provider we are working with is in the process of deploying BIG-IP Virtual Editions to provide ADC functionality needed for the scale and flexibility of the carrier’s connected car project. Virtualized solutions are required for Network Functions Virtualization (NFV) to enable the agility and elasticity necessary to support the IoT infrastructure demands.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



Application Availability Between Hybrid Data Centers

Reliable access to mission-critical applications is a key success factor for enterprises. For many organizations, moving applications from physical data centers to the cloud can increase resource capacity and ensure availability while reducing system management and IT infrastructure costs. Achieving this hybrid data center model the right way requires healthy resource pools and the means to distribute them. The F5 Application Availability Between Hybrid Data Centers solution provides core load-balancing, DNS and acceleration services that result in non-disruptive, seamless migration between private and public cloud environments.

Check out the new Reference Architecture today along with a new video!

ps

Related:

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



AWS re:Invent 2014: That’s a Wrap!

Posted in f5, big-ip, cloud, aws by psilva on December 3rd, 2014

I wrap up a great week from AWS re:Invent. We really appreciate you taking the time to view these and hope they are helpful as you journey to the cloud. Plus, we have a lot of fun producing them. Special thanks to Jeff StathatosCyrus Rafii and Alex Rublowsky for guest spots along with Courtney, Natasha, Jeanette and Cyrus for holding the lens. Reporting from the SANS Convention Center in Las Vegas, thanks!


Watch Now:



AWS re:Invent 2014: F5 Licensing for the Cloud (feat Rublowsky)

Posted in f5, big-ip, cloud, data center by psilva on December 3rd, 2014

Alex Rublowsky, Dir. Licensing Business Models, gives a full overview of F5’s licensing models for the cloud, particularlyAWS Marketplace. He details our new Utility Licensing offering by the hour service (30 Day Free Trial Available), ourBring your Own License (BYOL) model which is available for customers with current licenses purchased via other channels and the Volume License program for those with large environments. Alex does a great job explaining each and the benefits for customers.


Watch Now:




« Older episodes · Newer episodes »