big-iq and big-ip cloud edition

| ©2019 F5 NETWORKS1

BIG-IQ and BIG-IP Cloud EditionKyle Oliver,

Principal Product Manager

Date: March 20, 2019


Agenda and Table of Contents

BIG-IQ

1

2

3

4

5

APIs

Device

Management

Operational

Management

Policy

Management

Application Centric

Management

Overview and Challenges

Holistic Application Services Management

Analytics

Security Management

BIG-IP Cloud Edition

6 What is new in 6.1


ORGANIZATIONS ARE EMBRACING DIGITIZATION TO DRIVE BUSINESS PERFORMANCE

The Digital Economy

69%

Organizations with, or

planning to start, a

digital transformation

initiative

| ©2019 F5 NETWORKS SOURCE: STATE OF APPLICATION SERVICES, F5 NETWORKS, JANUARY 2019

n = 850

Q: What benefits do you want from your digital transformation projects? Select all that apply.

DESIRED BENEFITS OF DIGITAL TRANSFORMATION

45%

IT OPTIMIZATION BUSINESS PROCESS

OPTIMIZATION

EMPLOYEE

PRODUCTIVITY

NEW BUSINESS

OPPORTUNITIES

New digital technologies help organizations create competitive advantage

and deliver value through new offerings, new business models, and new

customer relationships

69% 57%62%


Digital TransformationREALIZING THE BENEFITS REQUIRES CHANGE ACROSS PEOPLE, PROCESS AND SYSTEMS

CHALLENGES

• Lack of skillset for automation (46%)

• Lack of skillset for multi-cloud (26%)

PEOPLE

Embrace modern, DevOps-influenced,

cross-functional teams

48% operate beyond silo’ed functions

43% have automated app services

35% offering self-service provisioning

CHALLENGES

• Need for consistent security

policies and governance (40%)

• Need to protect apps (39%)

• Visibility into app health (39%)

SYSTEMS

Applications themselves are the

foundation of our new digital economy

42% exploring new architectures

56% now use containers

58% cloud decisions, by or with, LOB

CHALLENGES

• Desire for still greater automation

(62% already automating)

• Resistance to automation (28%)

PROCESS

Change how applications are developed,

deployed and delivered

52% change how they develop apps

62% change how they deploy apps

48% change how they deliver apps

SOURCE: STATE OF APPLICATION SERVICES, F5 NETWORKS, JANUARY 2019| ©2019 F5 NETWORKS


A Multi-Cloud WorldMULTI-CLOUD IS NO LONGER AN EXPERIMENT, BUT AN INTENTIONAL AND DECISIVE STRATEGY

44%

42%

29%

15%

47%

Case by case, per application

Business unit directive (stakeholder)

Type of application

Consultant recommendation

Type of end user of the application

Determined by IT

44%

Criteria for deciding which type of cloud to use for each application

% respondents

87%… of organizations

use multiple clouds

SOURCE: STATE OF APPLICATION SERVICES, F5 NETWORKS, JANUARY 2019

n = 1,066

Q: As you think about managing applications in a multi -cloud

environment, what part of managing the application do you find the most

challenging, frustrating, or difficult? “Multi -cloud” in this case refers to

multiple forms of cloud (private, public, or SaaS). Select all that apply.

n = 1,070

Q: How does your organization decide which type of cloud is best for each application? Select all that apply.


Security ChallengesSECURITY IS AN EVEN MORE ACUTE ISSUE IN PUBLIC AND MULTI-CLOUD ENVIRONMENTS

8%

11%

6%

15%

15%

13%

32%

34%

37%

36%

44%

30%

29%

26%

27%

24%

15%

13%

23%

Applications off-premises co-location

9%6%Applications on-premises

Applications in public clouds

(IaaS and PaaS)12%15%

9%Applications from SaaS providers

13%All applications

Level of confidence to withstand an application-level security attack

53%

44%

38%

40%

37%

Top 2

31 42 5

Not at all confident Very confident

Only 53% of all

organizations are

confident they can

secure applications

on-premises, and the

confidence further

erodes to only 38% in

public cloud


n = 861

Q: On a scale of 1 to 5, please rate your confidence in your company’s ability to withstand an application level security thr eat.


F5’s Perspective on the Application EcosystemTHREE INDUSTRY BELIEFS INFORM OUR STRATEGIC AGENDA

APPLICATION CAPITAL

Applications are our customers’ most valuable asset, and the number of apps is growing fast1

MULTI-CLOUD

Our customers choose the right public or private cloud for each application2

APPLICATION SECURITY

Application security becomes even more critical in multi-cloud, distributed environments3


Traffic

Management

WAF,

DDoS,

Identity

Security

Analytics

Application

Performance

Monitoring

DNS,

GSLB

(We make apps go faster, smarter, safer)

ROLE

RE

AC

H

(Every

App, A

nyw

here

)

Software

as a Service

Infrastructure

as a Service

Platform

as a Service

On-premises

Private cloud

TODAY

OUR

FUTURE

Leader in

Multi-Cloud

Application

Services

Function

as a Service

Container

& as a Service

Container

Visibility &

Security

| ©2019 F5 NETWORKS


Multi-Cloud ChallengesADOPTION OF MULTI-CLOUD INTRODUCES NEW CHALLENGES

CHALLENGES TO MANAGING MULTI-CLOUD APPLICATIONS

F5’s Application Services portfolio addresses these challenges

Protecting applications from existing and emerging threats

39%

Applying consistent security policy across enterprise

applications

40%

Optimizing performance of applications

39%

Gaining visibility into application health

39%


n = 1,066

Q: As you think about managing applications in a multi -cloud environment, what part of managing the application do you find the most challenging,

frustrating, or difficult? “Multi -cloud” in this case refers to multiple forms of cloud (private, public, or SaaS). Select all t hat apply.


Universe of Enterprise ApplicationsUNLOCKING MILLIONS OF NEW APPLICATIONS THAT CAN BE ADDRESSED

BIG-IP Hardware &

Virtual Edition

BIG-IP

Cloud Edition

F5 Cloud SoftwareF5 Cloud Services

# of applications,

2017, millions

# of applications,

2022, millions

33 M 36 M 191 M

44 M 198 M 1,452 M+ +

APPLICATIONS 100%0%

More complex,

higher TCO

Cloud-native

AP

PLIC

AT

ION

AR

CH

ITE

CT

UR

E



Enterprise ApplicationsTHE MODERN ENTERPRISE IS HIGHLY DEPENDENT UPON APPLICATIONS

SharePoint

Concur

Workday

CRM

Inbox

Business Intelligence


Think App Security First


The Foundation of App-centered SecuritySECURING APPLICATIONS REQUIRES VISIBILITY, CONTROL AND RELIABILITY

Control ReliabilityVisibility


ADC is a Key Control Point for SecurityKEY STRATEGIC CONTROL POINT FOR IMPLEMENTING SECURITY VISIBILITY AND CONTROL

PUBLIC / PRIVATE CLOUD DATA CENTER

For On-Prem | Off-Prem | Co-location | Public Cloud

F5 STRATEGIC CONTROL POINT FOR SECURITY

✓ Proxy ─ Unique Inline Insertion Point

✓ App Decomposition / Rich Context

✓ Integrated Service Chaining & Management

VIRTUAL ADC EXTENDS F5’s STRATEGIC POSITION


The Changing Face of IT—Traditional Roles

Network Performance and Security

Provide network and security services to

app teams and users via service request tickets

NetOps SecOps

Application Availability and Performance

Consume app services and often lack unified visibility

into application health, performance, and security

App Owner DevOps


Problems with the Status Quo

Trying to be strategic and pro-active• Want to focus on the big picture—overall network

health and security—not ticket fulfillment

• Drowning in endless change/resourcing tickets

• Desire to avoid being perceived as roadblocks

NetOps SecOps

Need empowerment, autonomy & speed• Desire to self-serve

• Responsible for app health but lack required tools

• Frustrated by need to constantly submit trouble

tickets and “hurry up & wait” for IT

App Owner DevOps


The app owners are considering to move to cloud

native tools as they complain we are too

slow to address their new needsNetOps

“I don’t want to lose control.”


My application doesn’t perform well. I have my

suspicions on where the problems may be, but

I need to wait for IT to investigate.App Owner

“I want more control.”


The IT team is too slow deploying my app services.

We are moving into the era of agile development and

CI/CD but the infrastructure cannot keep up.DevOps

“I want more speed, agility, AND control.”


The Solution:

Holistic Application Services Management


Central Management with BIG-IQ

APIs

Device

Management

Operational

Management

Policy

Management

Application Centric

Management


BIG-IQ Key Functions

APIs

Device

Management

Operational

Management

Policy

Management

Application Centric

Management

Per-App Dashboards

Advanced Analytics

Automate Deployments

Empower App Teams

Manage F5 Devices

Manage F5 Software

Manage Certs,

Licenses, Templates …

Manage Policies


BIG-IQ Use CasesUNIFIED MANAGEMENT, VISIBILITY, AUTOMATION & ORCHESTRATION OF F5 APPLICATION SERVICES

Holistic, Role-Based App

Services Management

• Provide app owners autonomy

with self-service app services

templates

• Focus on improvement and

innovation, not service tickets

• Stop worrying about narrow

change/upgrade windows

• Simplify backups and restores

• Manage applications services

on-premises or in your preferred

cloud

Reduced Mean Time-To-

Innocence

• Gain deep, app-level visibility

into health metrics and security

alerts

• Quickly discover root causes

and solutions to application

problems

• Get a granular, per-app view

across operating environments

and F5 devices

• Foster collaboration between

app owners, SecOps, and

NetOps

On Demand Scalability of

Application Services

• Respond to increased load

quickly and easily

• Scale-out manually or based on

threshold templates—whatever

makes the most business sense

• Automatically spin resources

back down when demand

subsides

• Upgrade to new software

versions automatically

Centralized Management of App Services & Devices

Deep Visibility and Simplified Troubleshooting

Intelligent, Dynamic Autoscaling

360-Degree View of Your

Application Security

• Set fine-grained, per-app

security policies

• Gain one view into application

security from a single console

• Manage every F5 security

solution—L4-L7—from one

dashboard

• Improve compliance and

reporting with detailed audit logs

for security events

Centralized Security Dashboarding and Alerting


Use Case: Centralized Management of App Services and Devices

Public cloud On-premises / PhysicalPrivate cloud & Colocation

App

TemplatesBIG-IQ

Service catalog

GUI-based(click-of-a-button)

App Owner

VIPRION or

BIG-IP

NetOps SecOps

REST API(infrastructure-as-code)

CI/CD tools

DevOps


Align NetOps and SecOps Priorities with BIG-IQ

• Manage physical and virtual F5

devices

• Manage certificates

• Manage licenses

• Backup & restore devices and

configurations

• Integrate with iHealth

• Unify monitoring, alerting, and

reporting

• Define roles, permissions, & workflows

• Create service catalogs for app owners

and DevOps teams

• Enforce consistent security policies

• Centralize security dashboards

ADC DNS, GSLB

Network

Security

DoS

Protection

Web App

Security

Access Web Fraud

Protection

SecOps

NetOps


Provide App Owners & DevOps with the Services They Need

AppOwners

Roles-Based Functions

Roles-Based Workflows

Application Dashboards

Self-service Catalog for app

deployment

Integration into CI/CD pipelines

Rich set of APIs

Declarative technology

ProvisioningTroubleshooting/

Analytics

DevOps


"Any" cloud

Automate BIG-IQ via REST

BIG-IQ

App & AS3templates

Virtual Editions

VIPRION

BIG-IP

Public cloud

VE

VE


Reports AuditEvents

Use Case: Deep Visibility and Simplified Troubleshooting

• Device Changes

• LTM

• APM

• ASM (WAF)

• AFM

• Fraud Protection

• System

• Aggregated/

searchable iHealth

reports

• Upgrade Advisor

• Network Security

• Web Application

Security

• DDoS Events


Service Alerts

• IPsec

• Web Application

Security (L7)

• Network Security (L4)

Dashboards

• F5 Devices

• Traffic Mgmt. (LTM)

• APM (Access)

• SWG

• DNS

• DNS DDoS

• L7 Security

• AFM

New

!


Application Analytics – Summary View


Application Analytics – Detailed View


Problems that Keep App Owners Up at NightEASILY SOLVED WITH BIG-IP CLOUD EDITION

App

Landscape

View

App

Drill-Down

View

404 Errors

Missing Pool Members

Slow Application Response Time

Browser Issues

Security—Single Attacks

Security—Massive Attack

503 Errors


Quickly Identify Problems (and Solutions)REDUCE OVERALL MEAN TIME-TO-INNOCENCE

Gain single-pane-of-glass visibility into your

entire application estate

Get deeper, per-app insight into app health,

performance, and security

Pinpoint problems and their resolutions

faster

Manage and troubleshoot apps deployed in

multi-app VE, per-app VE, and hardware


Quickly Identify Problems (and Solutions)TROUBLESHOOTING A 404 ERROR

Gain deeper

analytics at

the click of a

buttonApplication

Performance

Response

codes



Narrow

down the

problem to

404 errors



See when the

404 errors

occurred

Narrow down

the problem to

404 errors and

a specific URL


“BIG-IQ simplifies management, helps ensure compliance, and gives us the tools we need to deliver our applications securely and effectively.”

Key benefits of F5 BIG-IQ Centralized Management• Increased productivity

• Delivers self-service workflows

• Enables focus on core business, not IT

• Simplifies management

• Ensures compliance

F5 Reference Architectures• Application Services

-Edgar Palamarchuk, Senior Network Engineer, Enterprise Networking, MAXIMUS

LTM BIG-IQ

View on F5.com

https://www.f5.com/customer-stories/maximus-streamlines-operations-with-f5-on-aws


Use Case: Autoscaling of App ServicesON DEMAND SCALABILITY WITH NO NEED TO OVERPROVISION

L7 Traffic Mgmt.

+ App protection

(LTM, WAF)

BIG-IQ

VE App

VE

VEQuick response

to increased

load with

auto-scaling of

app services

and security

Auto-scale

based on

threshold

policies

Once traffic

peak subsides,

additional

instances are

spun down

Legend


Autoscaling of App Services

Select Trigger

Metric

Automatic

Scale Out

Set Manual

Scale Out

Template-based autoscaling policies

Trigger based on CPU, memory,

throughput - in/out

Manual scale-out for pre-planned

events

Supported in VMware, AWS, Azure


Seamless Update to New Software VersionTRADITIONAL IN-PLACE UPGRADES GO AWAY

L7 Traffic

Management.

+ App Protection

(LTM, WAF)

Per-App

App

Traffic

Distribution

VE

V13.1

VE

v14.1

Automated rolling upgrades

Eliminate manual upgrades

Supported in VMware, AWS, and Azure

BIG-IQ


Use Case: Centralized Security Management

Gain unified

security

dashboards,

reports, and alerts

Set centralized,

per-app security

policies across

operating

environments

Manage and

distribute

signatures from a

single location

Improve

compliance with

enterprise-wide

audit trails

and asset mgmt.

Use one console to

manage the F5 suite:• Advanced WAF

• ASM

• AFM

• DNS

• APM


• Cert Management

Build, distribute,

and improve

security policies in

ASM


ALIGN NETOPS AND SECOPS TO SECURE APPS

Comprehensive policies, threat visibility,

automation, and analytics enable agile

application protection

Build per-app automated security mgmt. and monitoring

DevOps, SecOps, and app developers work together

Delivers per-app security analytics/dashboards

Threat visibility across the security stack

Security Management & Monitoring


BIG-IQ for Advanced WAFPER APPLICATION SECURITY, AND BREACH MGMT. AND MONITORING

OWASP Top 10 Incident Detection and Response (IDR)

Malicious Bot IDRAnti-Bot Mobile SDK mgmt. Credential attack IDR

API’sSecOps meets DevOps App layer DoS signature mgmt.

Per-app analytics, logs,alerts, and usage


Introducing BIG-IP Cloud Edition


What is BIG-IP Cloud Edition?A SOLUTION COMPOSED OF BIG-IP PER-APP VIRTUAL EDITIONS AND THE ENHANCED

MANAGEABILITY OF BIG-IQ—DELIVERING DEDICATED, RIGHT-SIZED F5 APPLICATION SERVICES

Per-App Virtual Edition

Enhanced BIG-IQ Management

Supported cloudsDedicated

Right-sized

Industry-leading ADC and WAF

Ease of use and self-service

Application level analytics

Auto-scale and multi-cloud presence


Five Key Use Cases

Dedicated

services for Apps

Easiest to use

and operate

Cost Effective

services for

more Apps

Best Protection

for more Apps

AutoScale

when needed

On Demand

Scalability

Self-Service

for App team

Agile App Services

Simple,

App-focused

troubleshooting

Reduced mean

time to innocence

Same as BIG-IQ


Deliver Dedicated F5 App Services for each AppBREAK DOWN BARRIERS TO DEPLOYING EXISTING AND NEW APPS FASTER

L7 traffic management

and app protection

(LTM, Adv. WAF)

App 1

App 2

App N

VE

VE

VE

• Industry-leading dedicated traffic management and app

protection for existing apps

• Cost effective F5 app services for the next tier of apps

Proven F5 Per-App Services for NetOps & App Teams

• Right-sized to enable per-app deployment of services

• Isolation of service failure reduces impacts to business

operations

• Improved productivity with automated provisioning

• Advanced protection for all apps

Benefits

Per-App vADC


What’s New in 6.1


Application Services 3 Extension (AS3)

iControl LX Extension

Accepts declarative API

Runs on BIG-IP, BIG-IQ or in a

container

Minimizes need for BIG-IP

domain expertise

Minimizes deployment errors

BIG-IQ will create app

dashboards for monitoring and

alerting

API Call

BIG-IP

BIG-IP

BIG-IP

BIG-IP

One

Declarative

Statement

AS3 on BIG-IQ


New Security Dashboards and Reports

New DDoS dashboards - summary, HTTP, network

analysis, attach history and DNS activity

Layer 7 protection

ACL traffic

Security Analytics and Dashboards


Other New Features

BIG-IQ 6.1

APIs

Device

Management

Operational

Management

Policy

Management

Application Centric

Management

Auto-Scaling in Azure

Provide access to specific utility license offerings to a license manager

Schedule subscription license reports

Support for BIG-IP 14.1 WAF features

Add or import LTM policies and policy rules into service catalog templates

Improved Global Search

Threat Intelligence Menu for managing WAF signature, Server Technology, and Browser Challenge files

Author custom identifiers for utility pool license offerings

Verify hosts for secure encrypted SSL communication

Resolve conflicts when discovering and importing LTM profiles and default monitor for BIG-IP devices

Add multiple BIG-IP devices to BIG-IQ at the same time

big-iq and big-ip cloud edition

Documents