nginx application platform - carahsoftnginx app protect performance 0 0.5 1 1.5 2 2.5 throughput...
TRANSCRIPT
![Page 1: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/1.jpg)
NGINX Application Platform Jesse GoodierNGINX Solutions Architect
November 3, 2020
![Page 2: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/2.jpg)
2
Agenda1. NGINX Overview
2. Demo and overview of lab
3. Hands-on lab
![Page 3: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/3.jpg)
![Page 4: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/4.jpg)
NGINX Application Platform
A suite of technologies to develop and deliver digital experiences that span from legacy, monolithic apps to modern, microservices apps.
![Page 5: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/5.jpg)
![Page 6: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/6.jpg)
ENTERPRISE SOLUTIONS WITH DYNAMIC MODULES
• Enterprise class visibility with 90+ additional metrics
• JWT Authentication• Native OpenID Connect support• Active health checks on status code
and response body• Service discovery using DNS• Key value store (dynamic IP black-listing,
blue/green deployments)• Dynamic reconfiguration—zero downtime• Session persistence based on cookie
NGINX Plus
![Page 7: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/7.jpg)
New From F5!NGINX App Protect
High performing Security protection beyond signatures Trusted Signatures from F5
Simple CI/CD integration Designed for modern infrastructures Rapid feedback loop for security remediations
Unified F5 declarative interface Security statistics via syslog Backed by F5 Support
Manage
CI/CD Friendly
Secure
![Page 8: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/8.jpg)
Deployment options
![Page 9: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/9.jpg)
Declarative Policy Helps CI/CD MotionINFRASTRUCTURE AND SECURITY AS CODE
Source Code Repository CI/CD Pipeline Tool IT Automation
Application code/config for App Xsecurity policy/config for App X Pipeline for build/test/deploy of App X Ansible playbook for deployment
of App X with its app services
Owned by SecOps Operated by DevOps
{"entityChanges": {"type": "explicit"
},"entity": {"name": "bak"
},"entityKind":
"tm:asm:policies:filetypes:filetypestate","action": "delete","description": "Delete Disallowed File Type"
}
![Page 10: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/10.jpg)
NGINX App Protect Performance
0
0.5
1
1.5
2
2.5
Throughput (MB/sec)
No Protection NGINX App Protect ModSec0
2000
4000
6000
8000
10000
12000
14000
Requests/sec
No Protection NGINX App Protect ModSec0
100
200
300
400
500
600
700
800
Latency (ms)
No Protection NGINX App Protect ModSec
Comprehensive security policy has no impact on latency, and offers better throughput and requests/second when compared to ModSec
• ModSec Configuration: OWASP Top 10 (enable all CRS 3v rules)• NGINX App Protect Configuration: OWASP Top 10 (Enable signatures), Evasion technique, Data Guard, Disallowed file types,
HTTP protocol compliance
![Page 11: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/11.jpg)
11
• NGINX commonly used as Ingress Controller
• Dynamic reconfiguration of endpoints (no configuration reloading)
• Additional metrics, provided by a streamlined Prometheus exporter
• Dedicated Helm chart repository
• Support for Custom resources to expose more (all) NGINX Plus features as an Ingress
An advanced Layer 7 load-balancing solution for exposing Kubernetes services to the Internet
Kubernetes Ingress Controller
![Page 12: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/12.jpg)
CONFIDENTIAL
Kubernetes Ingress Controllers
https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/nginx-ingress-controllers.md
![Page 13: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/13.jpg)
13
Workshop Overview
![Page 14: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/14.jpg)
14
Hands-On WorkshopTo launch the lab, go to https://udf.f5.com and look for NGINX Workshop.
Use chat or come off mute if you have any questions and we can help you in a breakout room.
If you do not see the workshop listed on UDF, please send us your email and the system will sendyou an invitation.
We are here to help.
Login to windows jump host as user/useruse web shellsu ubuntucd<ctrl><shift>v to paste on windows
![Page 15: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/15.jpg)
15
What is NGINX Plus?
![Page 16: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/16.jpg)
CONFIDENTIAL
NGINX Controller 3.0+ Built for Modern App Teams
Respond with Intelligent Insights
Simplify Code to Customer Delivery
Empower with Self-ServiceNGINX Controller
![Page 17: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/17.jpg)
NGINX Controller
![Page 18: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/18.jpg)
NGINX Controller
![Page 19: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/19.jpg)
NGINX Controller
![Page 20: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/20.jpg)
20
Customers have several services along the application data path
Code Load balancer
DNSAPI gateway
App security
DDoS CDNIngress controller
App / webserver
Customer
![Page 21: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/21.jpg)
21
Different vendors for each application architecture
Code Load balancer
DNSAPI gateway
App security
DDoS CDNIngress controller
App / webserver
Customer
Monolithic
3-tier
Microservice
Visibility and Analytics
![Page 22: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/22.jpg)
22
Limited orchestration across the data path
Code Load balancer
DNSAPI gateway
App security
DDoS CDNIngress controller
App / webserver
Customer
Management Automation
Management Automation
Management Automation
Management Automation
Management Automation
Management Automation
Management Automation
Management Automation
App Developers App Architects DevOps Cloud Architects NetOps SecOps IT Leadership Support Customer Experience
Visibility and Analytics
![Page 23: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/23.jpg)
23
And unable to easily pinpoint issues
Code Load balancer
DNSAPI gateway
App security
DDoS CDNIngress controller
App / webserver
Customer
+? ms +? ms +? ms +? ms +? ms +? ms +? ms
+500 ms
+? msLatency
![Page 24: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/24.jpg)
24
NGINX Plus• Reverse proxy• L4-7 LB• API gateway• Per-app WAF
F5 BIG IP• Local L4-7 LB• Global L4-7 LB• SSL offload• Advanced WAF• Access mgmt.• L4 firewall• SSL orchestration• Anti-DDoS• Bot detection• CGNAT• Kubernetes CIS
CODE CUSTOMER
Scale ADCs Across Multi-Cloud
Consistent, Secure and Portable Apps
Modern ApplicationArchitecture
Perimeter
CDN
![Page 25: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/25.jpg)
25
MICR
OSER
VICE
S AP
PS
NGINX Plus• Reverse proxy• L4-7 LB• API gateway• Per-app WAF
NGINX PlusSidecar proxy
F5 BIG IP• Local L4-7 LB• Global L4-7 LB• SSL offload• Advanced WAF• Access mgmt.• L4 firewall• SSL orchestration• Anti-DDoS• Bot detection• CGNAT• Kubernetes CIS
CODE CUSTOMER
Scale ADCs Across Multi-Cloud
Consistent, Secure and Portable Apps
NGINX Plus K8Ingress Controller
Modern ApplicationArchitecture
Perimeter
CDN
![Page 26: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/26.jpg)
26
MICR
OSER
VICE
S AP
PS
NGINX Plus• Reverse proxy• L4-7 LB• API gateway• Per-app WAF
NGINX PlusSidecar proxy
F5 BIG IP• Local L4-7 LB• Global L4-7 LB• SSL offload• Advanced WAF• Access mgmt.• L4 firewall• SSL orchestration• Anti-DDoS• Bot detection• CGNAT
CODE CUSTOMER
Scale ADCs Across Multi-Cloud
Consistent, Secure and Portable Apps
NGINX Plus K8Ingress Controller
Modern ApplicationArchitecture
Perimeter
CDN
![Page 27: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/27.jpg)
27
Workshop Overview
![Page 28: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/28.jpg)
28
Hands-On WorkshopTo launch the lab, go to https://udf.f5.com and look for NGINX 101 Workshop.
Use chat or come off mute if you have any questions and we can help you in a breakout room.
If you do not see the workshop listed on UDF, please send us your email and the system will sendyou an invitation.
We are here to help.
Login to windows jump host as user/useruse web shellsu ubuntucd<ctrl><shift>v to paste on windows
![Page 29: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/29.jpg)
Thank You
![Page 30: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/30.jpg)
30
![Page 31: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/31.jpg)
31
What is an API?CONNECTIVE TISSUE OF THE DIGITAL WORLD
API: – Application Programming Interface
API clients or consumers such as a mobile app invoke API calls to deliver functionality.
Examples:
• Uber uses Google Maps APIshttps://maps.googleapis.com/maps/api/directions/json?origin=Disneyland&destination=Universal+Studios+HollywoodUber spent $58 million on it over three years
• Dropbox:https://api.dropboxapi.com/2/file_requests/count: Returns the total number of file requests owned by this user. Includes both open and closed file requests.{ "file_request_count": 15 }
![Page 32: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/32.jpg)
32
Data Plane
Control Plane<scripts>
<API’s>
Request Response
Data PlaneC
ontrol Plane
Request Response
Manages and Monitors all of
your API’s
Routes Incoming API Calls
Traditional API Management NGINX API Management
Manages and Monitors all of
your API’s
Routes Incoming API Calls
A B C
NGINX API Management under the covers
![Page 33: NGINX Application Platform - CarahsoftNGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000](https://reader033.vdocument.in/reader033/viewer/2022060902/609eabc468e139743a337242/html5/thumbnails/33.jpg)
33
NGINX Controller, NGINX Plus, and F5
Environment Collection of Apps; RBAC
App Collection of Components
Gateway FQDN; TLS; HTTP Methods
Component server; Virtual Server• URI location; iRule Path• Backend Workload Group upstream; Pool• Backend Workload URI upstream server; Pool Member
NGINX Controller Terminology