The DevCentral Chronicles Volume 1, Issue 5

Is it May already? Did you enjoy your ‘May the Fourth’ along with ‘Revenge of the Sixth’? For me, May is filled with a bunch of family holidays along with Mother’s Day, of course. May also falls perfectly for our 5^th installment of the #DC Chronicles. If you missed our initial issues of the DC Chronicles, you can catch up with the links at the bottom. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed since the last issue. Welcome!

We’re only 3 months away from #F5Agility18 in Boston, August 13-16! You can hang out with the DevCentral team and many MVPs will also be in attendance to share their expertise. Our team is prepping some sessions and look forward to socializing with the community. Get the details here and now's the time to register for F5 Agility 2018 and lock in your labs and sessions. Also, Early Birds get $300 off the registration fee Through May 18!

If you haven’t heard, BIG-IP Cloud Edition is will be available soon! BIG-IP Cloud Edition is built by tightly integrating BIG-IQ Centralized Management and BIG-IP Per-App VEs to deliver advanced application services and management. You can autoscale, offer self-service management for app owners, and per-app analytics. We got a couple cool pieces covering Cloud Edition: Chase’s Skies Never Looked So Good With BIG-IP Cloud Edition where he explains all the pieces of the pie and also check out Jason’s Lightboard Lessons: BIG-IP Cloud Edition Overview.

We also dropped a couple other #LightBoardLessons for your viewing pleasure covering some of our new Security solutions. John lights up the DDoS Hybrid Defender and introduces us to the new F5 Advanced WAF. DDoS Hybrid Defender offers comprehensive DDoS threat coverage in a simple, dedicated appliance with native, cloud-based scrubbing services and the awesome Advanced WAF protects against the latest attacks using behavioral analytics, proactive bot defense, and application-layer encryption of sensitive data. Couple of cool tools to help mitigate internet threats.

Mitigate threats you say? There will always be vulnerabilities in the wild and depending on the type of threat, we’ll typically have some mitigation techniques to share. Our SIRT (Security Incident Response Team) folks are always examining the murk out there and sharing insights. This past month is no different with mitigation techniques for Remote Code Execution with Spring Data Commons (CVE-2018-1273), Directory Traversal with Spring MVC on Windows (CVE-2018-1271) and the Drupal Core Remote Code Execution (CVE-2018-7602). In a few cases, BIG-IP ASM customers were already protected by the existing signatures!

As we wrap up this edition, we’d also like to point out @GrahamAlderson‘s new video series AppSec Made Easy with examples for Anti-Bot for Mobile APIs, Proactive Bot Defense, L7 Behavioral DoS and a couple more this week. And we’d be remiss if we didn’t call out Bank of America’s Jai Kumar as our Featured Member for May!

As always, You can stay engaged with @DevCentral by following us on Twitter, joining our LinkedIn Group or subscribing to our YouTube Channel. Look forward to hearing about your BIG-IP adventures.

ps

The Chronicles:

• Volume 1, Issue 1
• Volume 1, Issue 2
• Volume 1, Issue 3
• Volume 1, Issue 4

DevCentral's Featured Member for May - Jai Kumar

Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and our Featured Series gives you some insight on some of our most active folks.

Jai Kumar is a very active contributor on DevCentral and has been for a number of years amassing 4 #DC badges. We're excited to name Jai as our Featured Member for May.
Let's learn a bit more about Jai.

DevCentral: please explain to the DC community a little about yourself, what you do and why it’s important.

Jai Kumar: From my childhood (Kid born in 90's lol), I always thought and was eager to know how Internet and the entire network stuffs worked. That’s how my passion came - “I want to be a network engineer” and here I am a Network Engineer (Still lot to learn). I am Jai Kumar, living in Chennai (India). My close ones call me Jai. Got Married last November and have a loving spouse. Enjoy watching thriller/crime seasons and a big fan of G.O.T, Breaking Bad, Prison Break, Dexter. The list goes on… Now it’s Mr.Robot. An ardent reader of THN and I’m a workaholic!!!
I enjoy working for Bank of America providing Engineering and design of traffic management for consumers. This includes global traffic management, application load balancing, traffic routing and advanced health check services.
As a team we play a major role in providing architecture and high level design guidance for BOA. As well as oversight of design and engineering services provided by our partners. Work with business to understand future trends and roadmap emerging requirements.

DC: You are very active contributor in the DevCentral community. What keeps you involved?

JK: I don’t recall when I joined DevCentral, but I’m sure it would have been for an iRule or to do something with device hardware RMA/upgrade challenges I faced in my start of career. DevCentral has molded me in tremendous ways. I have learned so many technical things which I haven’t faced in my working place. That’s what special about DevCentral is. You cannot expect to know everything, things may run differently. 

Sometimes you’d be able to reproduce the other people’s issue and fix it – You gain knowledge, sometime you don’t – So you learn when someone answers. One of my favorite quotes of Benjamin Franklin:“Tell me and I forget, teach me and I may remember, involve me and I learn.” 

DevCentral is a great forum where great minds come to help out others issue. The involvement of every engineer out there to help the fellow F5 mate is what makes special of DC community. And with whatever knowledge I have, I’d love to give back to the community too. 

DC: Tell us a little about the areas of BIG-IP expertise you have. 

JK: I could be the youngest DC member holding less than 5 years of overall IT experience. I specialize in BIG-IP LTM and GTM. I started from the basics as I was in the monitoring team in my 1^st year. Happened to learn the metrics that were being monitored on F5 devices, how monitoring works, what action requires to be taken at such scenarios. Then moved to the next device level troubleshooting issues. Did 50 plus device replacements, HDD reseats, cable issues etc. Next comes the design of setups for applications. Over the last 3 years, have been engaging with application owners and creating LB environments. Had attended hands on virtual LAB trainings on BIG-IP ASM and AFM. Never got chance to learn deeper getting involved in real time practice, maybe in future, someday !!!

DC: You are a Senior Software Engineer/F5 Engineer at Bank of America. Can you describe your typical workday and how you manage work/life balance?

JK: At Bank of America, we live our values, deliver our purpose and drive responsible growth through our eight lines of business. 

Our values – “DART”• Deliver together • Act responsibly • Realize the power of our people • Trust the team

My work life style is simple, Mon – Fri, I have a general shift and a rotational on-call. We have a bunch of great minds in the team. Like every org, we do too have ticketing tools, accept tickets and troubleshoot, build environment for the application team. Get assigned with Projects and also implement changes required from GIS standpoint. Attend technical/management meeting, join TFG/brain storming sessions.

I involve myself in helping our Ops team on system level issues, being a primary POC for device level issues within the team. In the background, I see opportunities to automate things wherever I feel I can. Got awarded multiple times for automating. 

In BOA, we are encouraged to give back to the society, so I do participate in Bank of America Community Volunteering. Enjoying a good work/life balance overall. Maybe blessed or being lucky.

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

JK: One of our F5’s Configuration utility failed to display SSL certificates, same happened when you try to list all certificates through CLI. This really ate lot of my time. Then I happened to learn from F5 articles and DC to enable mcpd to find the actual single cert which was causing this issue. It was containing special chars in the subject. Because of which we were unable to install any of the certs at all. After fixing the particular cert, things got back normal.
Later we involved the right teams to let them know to avoid these scenarios in future. But I’m yet to face stronger challenges, after all I’m just 5 years in Industry now.

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

JK: It was always to be a Network Security Engineer. Well during my final year in college, I got 2 job offers for a CORE company (Embedded Systems electronics) and a voice process company. But I had not much of a real interest. So I looked for openings outside and was interviewed by Vodafone Enterprise and got selected. That’s where my carrier started and I’m thankful for that.

Thanks Jai! Check out all of Jai's DevCentral contributions and connect with him on LinkedIn and follow Bank of America on Twitter.

If there is a DevCentral member you think should be featured, let us know in the comments section!

The DevCentral Chronicles Volume 1, Issue 4

If you missed our initial issues of the DC Chronicles, you can catch up with the links at the bottom. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed since the last issue. Welcome!

Like last month, we’re digging the OWASP Top 10 #Lightboard series from @JohnWagnon. He wrapped it up this month with numbers 9 & 10 - Using Components With Known Vulnerabilities and Insufficient Logging and Monitoring. To give you a sense of how these have been received, YouTube viewer Sanket Kamath says, ‘Thank you for the excellent overview for all of the OWASP Top 10 2017! John made it really easy to understand each of the 10 attacks with his explanation!’ Check out the entire playlist!

Speaking of LightBoard Lessons, we had a few fantastic ones this past month. John took on lighting up the GitHub DDoS Attack and Explaining the Spectre and Meltdown Vulnerabilities while Jason gave us the OSI and TCP/IP Models and What Are Containers? I added SAML IdP and SP on One BIG-IP to round out our videos.

On the Security front, we had a bunch of great articles covering a mess, and I mean a mess of stuff. The mess was some new vulnerabilities and our Security Researchers had the mitigations for many including Spring Framework Spring-Messaging Remote Code Execution (CVE-2018-1270), Drupal Core SA-CORE-2018-002 Remote Code Execution Vulnerability and Jackson-Databind - A Story of Blacklisting Java Deserialization Gadgets.

We also learned how to Protect your AWS API Gateway with F5 BIG-IP WAF, how to configure F5 BIG-IP as an Explicit Forward Web Proxy Using Secure Web Gateway (SWG) and how to set up ADFS Proxy Replacement on F5 BIG-IP.

The Cloud folks will love Lori’s Three Types of Load Balancing You Meet in the Cloud, DNS Admins will dig Eric’s Unbreaking the Internet and Converting Protocols and Coders will enjoy Jason’s Debugging API calls with the python sdk and Satoshi’s iControl REST Fine-Grained Role Based Access Control.

And, we couldn’t let this Chronicle pass without mentioning an awesome @haveibeenpwned #Pwned Passwords Check #CodeShare from MVP Niels van Sluis. This snippet makes it possible to use @troyhunt ‘Pwned Passwords’ API to check if the password has been exposed. See it here: http://bit.ly/2GOhi1y
And wrapping up, a wonderful contributor Daniel Varela is DevCentral's Featured Member for April and F5 Agility is coming to Boston, MA this August!

As always, You can stay engaged with @DevCentral by following us on Twitter, joining our LinkedIn Group or subscribing to our YouTube Channel. Look forward to hearing about your BIG-IP adventures.

ps

Previous

• Volume 1, Issue 1
• Volume 1, Issue 2
• Volume 1, Issue 3

F5 Agility is coming to Boston, MA this August!

The DevCentral team will be at F5’s largest user conference to date! Will you?

Now's the time to register for F5 Agility 2018 in Boston, MA August 13-16. Early Bird registration knocks $300 off your registration fee!

What's F5 Agility all about?

Besides an opportunity to meet fellow community peers, solution partners, and F5 experts, we’ll have

Breakouts!
Breakout sessions at Agility focus on the latest technologies, applications, and architecture strategies. The technical breakout sessions at Agility range from beginner to advanced, enabling you to select classes that best meet your needs. Additionally, you can choose from sessions in multiple tracks or use the recommended learning paths to focus on specific areas that matter most to you. Last year we had 62 hours, this year we’re expanding to 150+ hours of technical breakouts, including dedicated Spanish-language sessions.

Sample learning paths:

• Application Security
• Application Delivery
• Access Management
• Service Provider
• Programmability
• Cloud Solutions
• Automation and Orchestration
• Super-NetOps

Labs!
We have expanded lab offerings to a total of 80 hands-on lab sessions. Our comprehensive 4- or 8-hour labs will address a wide variety of installation, troubleshooting, and networking technologies across a variety of environments. The instructor-led classes also provide an opportunity to gain valuable knowledge in preparation for F5 Certification exams.

New for 2018, Agility will have a room dedicated to self-paced labs that are shorter and/or more targeted. Attendees will have the opportunity to go through these labs at their own pace, with instructors available to assist with any questions. All self-paced labs will be available on a first-come, first-served basis.

Certifications!
Are you getting started? Already F5 Certified? We’ll have F5 Certification exams running throughout the week. Be sure to sign up in advance in order to guarantee your seat.

And you can Meet the Experts

If the structured programs still leave you wanting more, we will have experts available to answer questions at the DevCentral booth during the Solutions Expo hours, as well as two breakout rooms dedicated to walk-in help for iRules and all things Programmability. If you are not yet a member of DevCentral, you can sign up on-site.

Also at Agility 2018

Solutions Expo
The core of the conference, our Solutions Expo brings together the various aspects of the F5 ecosystem. Learn what works where with whom, and meet solutions experts from all avenues.

Geek Fest
Lab attendees get a chance to rub elbows with each other and presenters over food, drinks, and (sometimes unconventional) activities.

F5 Connects Women
Women leaders from both F5 and our partners join to discuss the perspectives women bring to tech, as well as the influence we can have when our potential is realized.

5K Fun Run
Grab your runners and discover Boston by foot on a beautiful, urban run through the city with fellow attendees. DevCentral’s own John Wagnon leads this one!

For more information on reserving your place, go to F5 Agility 2018

We look forward to seeing you in Boston!

DevCentral's Featured Member for April - Daniel Varela

Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and our Featured Series gives you some insight on some of our most active folks.

Daniel Varela has been one of those engaged members and amassed 374 points in February alone! Answering bunches of questions about SAML, SSO, Cookies and more, we're proud to name Daniel as our Featured Member for April.

DevCentral: Hi Daniel and thanks for helping many of our members! Please explain to the DC community a little about yourself, what you do and why it’s important.

Daniel: I am an ADC/GSLB/WAF SME currently working for Centrica PLC. My job entails load balancing applications, availability and security. My work experience is mainly around network security. I chose to work in security because you never get bored of it, there is always something new to learn which is what I love. I have been actively working with F5 devices for the last 10 years. I still remember when I first heard about iRules, I was really impressed with the possibilities it provided. Additionally, with a BIG-IP you can learn about a lot of technologies: HTTP, TLS, DNS, SAML, OAuth, Web acceleration, Web Application Firewall… I am probably missing technologies here but you get the idea. This is one of the reasons I am working with F5, fun is guaranteed.

DC: You are a former F5 employee (2014-17) and continue to be a very active contributor in the DevCentral community. What keeps you involved?

DV: I have always thought (and I always say to my customers) that DevCentral makes a difference in respect to any other vendor. The amount of information someone can find there is incredible and if what you are looking for is not there you just have to ask, people from all around the world will help you to do whatever you want to do (event the craziest things), there is always an iRule for that 😊. For this reason I like to participate as much as I can, I have found a lot of help there and I feel like I have to return the favor (and it is also fun to see what people are trying to do with F5).

DC: Tell us a little about the areas of BIG-IP expertise you have and your F5 Certifications. Why are these important and how have they helped with your career?  

DV: My experience with F5 has been pretty much with all the modules: LTM, ASM, APM, GTM, AFM, Silverline and a bit of WebSafe. I was an F5 consultant for 3 years meaning it gave me a great opportunity to learn a lot about all those modules. This provided me with a lot of knowledge and helped me to get the F5 Certification F5-CSE Security. I would recommend to everyone to make an effort and get it, in my experience companies really value this accreditation.

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

DV: The biggest challenges for me have always been around BIG-IP APM. APM is probably the module which you can expand on the most, some things are not there by default but with the help of iRules you always find a way to get what you need. The last challenge was to expand SAML IDP capabilities by providing step-up authentication using authentication contexts available in the protocol itself. It may sound simple but just because how APM and SAML is designed it was tricky.

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

DV: Finally, I have always wanted to work in IT but if I wasn’t doing this I think I would be a fireman. I love sports and being active so I think it’s a job I could do.

Thanks Daniel! Check out all of Daniel's DevCentral contributions and connect with him on LinkedIn.

If there is a DevCentral member you think should be featured, let us know in the comments section!

Post of the Week: SAML IdP and SP on One BIG-IP

In this Lightboard Post of the Week, I answer a question about being able to do SAML IdP and SP on a single BIG-IP VE. Thanks to DevCentral Members hpr and Daniel Varela for the question and answer. +25 DC points for ya!

Posted Question on DevCentral: https://devcentral.f5.com/questions/apm-ltm-121-saml-idp-and-sp-possible-in-one-ve-58114



If you got an answer you'd like lit up on the Lightboard, let us know in the comments!

ps

DevCentral's Featured Member for March - Hannes Rapp

Hannes Rapp is an Independent F5 Engineering Consultant focusing on BIG-IP ASM and LTM. According to Hannes, 'if you combine these two modules, you have the best of F5 product portfolio. One without another is incomplete BIG-IP.' He's also interested in Python, building tools to automate routine administrative tasks on BIG-IP and he sends special thanks to REST API developers and F5-sdk project team who make this task easier.

Hannes is a 2018 DevCentral MVP and our Featured Member for March!

DevCentral: First, please explain to the DC community a little about yourself, what you do and why it’s important.

Hannes: A crook from Eastern Europe, as I like to introduce myself. A guy from Estonia with a track record in online gambling industry. Given the background, potential customers are sure to raise an eyebrow. What if he spies for Russia and drinks vodka with his lunch instead of Cola? 

Before my departure from online gambling, I worked as Network and Security Specialist for Playtech. This was the most impactful role for my career progression. There were days we had lots of work to do, and there were days we had insane amounts of work to do. These ever-growing work queues created a situation where some "safe" changes could sneak past Change Management procedures. But what safe is is debatable. So occasionally, some production iRules were modified on the fly without any prior notice. Sometimes customers reported their issues were "magically resolved", and sometimes they reported new issues. I don't know who did those changes. Trust me, I always ask for permissions and not move an inch before the green light. 

Anyone just getting started in IT should seek a busy place. If you want to become good at what you do, it's best to be buried under actual work but not under formalities. If you work at a conservative bank where every minor step must be measured and documented, you will not gain much experience. Banks are good when you're a bit older. They ask you to use a fork and a knife when eating. They help uncivil barbarians evolve into humans by giving lessons in ITIL.

DC: You are a very active contributor in the DevCentral community. What keeps you involved?

HR: My participation here is a learning experience. Most of my F5 knowledge comes from here. In particular, I like how official resources blend together with solutions and ideas from users not employed by F5 Networks. A closed echo chamber with one source of information would not be as interesting. Presence of bug complaints and negative remarks about the product drive the credibility of DevCentral and F5 as a vendor. With the addition of light board lessons, learning has been made even easier. It's always worth coming back here.

DC: Tell us a little about the areas of BIG-IP expertise you have.

HR: Anything but BIG-IP APM, SWG, GCNAT and WebSafe/MobileSafe. No matter what needs to be done, there's probably someone else that already had me do the exact same thing. I'm interested in adding WebSafe/MobileSafe to my portfolio but haven't had the opportunity.

DC: You are an Independent F5 Engineering Consultant focusing on BIG-IP LTM & ASM. Can you describe your typical workday and how you manage work/life balance?

HR: Something that is never missing from my typical workday is an argument with somebody. There's a famous quote that applies: "Arguing with an engineer is a lot like wrestling a pig in the mud. After a couple of hours, you realize the pig likes it." 

When I'm not arguing, I create optimized WAF policies for online banking frontends and mobile apps. Most BIG-IP ASM configurations I have looked at are needlessly cumbersome and feature bulk not relevant for the application. Among other projects, I work on major BIG-IP upgrades. Large corporations with a lot at stake often want BIG-IP upgrades done so that all existing functionality is retained without alterations. Only, and only when the upgrade is deemed successful should any modifications or new features come in effect. Any forceful configuration changes that are applied must either be denied or made redundant with trickery. For example, the event where default values in base profiles are updated to defaults of a new version must be segregated into a separate change. Segregation into bits and pieces helps with damage control. If an incident occurs, all troubleshooting efforts can be focused on a smaller area of surface. 

My last two customers have given me the opportunity to enjoy a better work-life balance. They let me work remotely. Since my area of expertise is so narrow, isolated to F5 BIG-IP, finding projects can be a challenge. Not that long ago I had to travel to another country to be accepted for a project. As far as I'm concerned, work should be about work. If a project is delivered as expected, the place of work is of secondary importance. I appreciate there are corporations who are on the same page in that regard. It's already in the best interest of engineers and consultants to do their job because every new client asks for a recent recommendation.

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

HR: The challenge was about converting nearly a hundred BIG-IP ASM policies from Case-Sensitive matching to Case-Insensitive. There's no supported way of changing this once your choice is locked in. After some testing, I found that it's possible to accomplish this by working with raw XML files. There's plenty of room for error but after a few days of scripting and testing, I got a solution I was happy with. From DevCentral, I found information about iControl API and instructions for use. This later proved very helpful for mass policy export and import functions. This was the old SOAP iControl API. Now I'm using iControlREST and would like to give a special mention to F5-sdk project team who work on a fabulous tool that eases automation with Python.

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

HR: The only job that made sense to me as a kid was to be a basketball player in NBA! As we were walking around our neighborhood in a group of 3, someone always came up with a rhetorical statement: "We need 1 more to play 2v2". And someone always expanded the scope: "or maybe we can find 3 more so we can play 3v3". This was the end of 90s in Estonia. Basketball was immensely more popular than soccer aka football, a dumb ball game. Now it's the other way around.

Thanks Hannes! Check out all of Hannes' DevCentral contributions and connect with him on LinkedIn.
 

If there is a DevCentral member you think should be featured, let us know in the comments section!