Tuesday, January 16, 2018

Get Social with DevCentral

That title sounds so 2009 but let’s go with it anyway. #Flashback…no, #Throwback…no, how about #TinkerTuesday? Is there such a thing? (There is.)

#DevCentral will be ramping up our social activities in 2018 and we wanted to share some of the media channels you can join to stay connected and engaged with the community.

Did you know that the Twitter bird has a name? It’s Larry. And while dc’s blue ball logo doesn’t have a name, you can find your @devcentral team members @psilvas, @jasonrahm, and @JohnWagnon on twitter sharing their technology insights along with some personal daily happenings and thoughts. Stay connected for new articles, iRules, videos, the Agility Conference and earn additional DevCentral points for answering the question of the day!

Don’t feel like reading anything and prefer to watch stuff? Then head on over to our YouTube channel for hours of instructional videos from our ‘Make it Work’ series, cool tech tips along with the awesome Lightboard Lessons. Lightboard Lessons are one of our most popular pieces of content and by subscribing to our channel, you’ll get the first alerts via email that a new video has published. You’ll probably even get to watch the video before it even posts to DevCentral. That’s right, early access.

Prefer to hang out with the LinkedIn crowd? While the F5 Certified! Professionals LinkedIn group is very active, the F5 DevCentral LinkedIn Group has been a little dormant recently so we’re looking to gear that up again also. With a little over a 1000 members, it’s a great way to converse with other members as we march toward the 12,000+ participants in Ken’s group.

When DevCentral started back in 2003, it was one of the original ‘social’ community sites when social media was still in its infancy. Members range from beginning to advanced devs, industry thought leaders, and F5 MVPs.

I’m also aware that there are BIG-IP discussions on Stack overflow, repos on github, the F5 Facebook page, MVP Kevin Davies’ Telegram F5 Announce and others. Where else should we engage with you and where should we be more active? Hit us up with the hash, #whereisdevcentral and we'll meet you there.


ps

Wednesday, January 10, 2018

The DevCentral Chronicles Volume 1, Issue 1

Welcome to 2018! If the kids in the back seat have been chanting, ‘Are we there yet?, Are we there yet?’ you can tell them, ‘Yes! Now, Get out the car!

If, like me, you’ve taken a couple weeks off to enjoy the holidays and New Year, you might be wondering where to start again or what to catch up on. Let me help you.

First, the biggest ‘industry’ news so far in this early 2018 has got to be the Spectre and Meltdown vulnerabilities found in computer processors and affects almost every chip (mostly Intel) in the world. From operating systems to chip makers to cloud providers, there’s been a massive effort to get the word out and patch things up. Want to understand the situation better? Check out John Wagnon’s Lightboard Lesson Explaining the Spectre and Meltdown Vulnerabilities. And probably one of the best tweets about the vulnerabilities comes from @infosecgoon


According to F5’s David Holmes, Everything old is new again in 2018. And in Return of Bleichenbacher - the ROBOT Attack CVE-2017-6168, David explains the attack, how it affects BIG-IP, how to tell if you are vulnerable and how to mitigate. So, what is the real impact of ROBOT? David notes that the Bleichenbacher attack only affects RSA sessions not protected with the ephemeral keys offered by forward secrecy. All modern browsers and mobile clients have preferred ephemeral keys for several years.

As more organizations migrate to the cloud – a hybrid one at that - in 2018, you’ll want to bookmark Chase Abbott’s Welcome to the F5 BIG-IP Migration Assistant. The F5® BIG-IP® Migration Assistant is a tool freely distributed by F5 to facilitate migrating BIG-IP configurations between different platforms. You can use Migration Assistant when you have an existing BIG-IP instance and you want to replace the current hardware with new hardware. Chase gives a great overview of the tool including What can go wrong. Lots of engaging comments on this one and Chase always tells it like it is!

Lastly, as we open 2018, DevCentral wants to recognize our 2017 MVPs! The DevCentral MVP Program shines a spotlight on the best, brightest and most active members of our community. We got some new contributors mixed with some old favorites and they are always willing to help with expertise, examples and war stories. Many of the new faces were Featured Members last year so check out their stories like December's Kevin Davies.

We got a lot coming in 2018 including more #Basics, Lightboards, Posts of the Week, articles and our always active Q/A forums and Code Share. If you’re a DevCentral member, we appreciate the contributions, if not a DevCentral member, sign up and join one of the most active communities in tech.

Welcome to the DC Chronicles and btw, 2018 will be the Year of the Dog, in case you were wondering.


ps

Friday, December 29, 2017

Blog Roll 2017

It’s that time of year when we gift and re-gift, just like this text from last year. And the perfect opportunity to re-post, re-purpose and re-use all my 2017 entries.

If you missed any of the 64 attempts including 16 videos, here they are wrapped in one simple entry. I read somewhere that lists in articles are good. I broke it out by month to see what was happening at the time and let's be honest, pure self-promotion. Check out our Featured Members for the year, dig into June's Cloud Month, catch up on some #Basics or sit back and watch some cool Lightboard videos.

I truly appreciate your engagement throughout 2017 and Have a Safe and Happy New Year!

​​​January 2017
February
March
April
May
June
July
August
September
October
November
December
ps

The History

Thursday, December 28, 2017

The Top 10, Top 10 Predictions for 2018

The time of year when crystal balls get a viewing and many pundits put out their annual predictions for the coming year. Copying off since 2012, rather than thinking up my own, I figured I’d regurgitate what many others expect to happen.

Top 10 Cyber Security Predictions for 2018 – Infosec Institute kicks off this year’s Top 10, Top 10 list with a look back at their 2017 predictions (AI, IoT, etc.) and dives head first into 2018 noting that Ransomware will be the most dangerous threat to organizations worldwide; cryptocurrency will attract fraudsters looking to mine; cloud security will (again) be a top priority; cyber insurance will explode and cyber-bullying, especially for teenagers, is at the emergency stage.

Cyber security predictions for 2018 – Information Age taps Mike McKee, CEO of insider threat management company ObserveIT, to offer his insight. Lack of security talent will lead to the outsourcing of security services. Approximately 350,000 infosec jobs are currently unfilled in the U.S. and will continue to grow. Add to that, only 11% of the world’s information security workforce are women which offers a huge opportunity according to Mike. Social engineering and human error should encourage organizations to train folks on the basics of self-preservation on the internet.

Cybersecurity trends for 2018 - For the love of ‘cyber’…or not. CSOonline reviews McAfee Inc.’s recent threats predictions report and identified five key cyber security trends to watch in 2018. There will be a machine learning arms race between attackers and defenders with IoT ransomware causing major disruptions. EU’s General Data Protection Regulation (GDPR) comes into effect in May so that could have some regulatory impact.

Five predictions for the hybrid cloud market in 2018 – Hyped for Hybrid? Then NetworkWorld has you covered with, ‘Public cloud gets all the attention, but private and hybrid clouds are set for big growth in 2018.’ As hybrid cloud strategies get clearer, 2018 could be a huge year for adoption with containers and PaaS as hybrid cloud platforms. They also note that Public cloud services come on-prem and there needs to be optimized connections from organizations to cloud providers.

Experts Reveal Predictions for Cloud Services in 2018 – eWeek queries a number of cloud experts for their predictions. Partnerships and consolidation of the cloud market is coming; they, like NetworkWorld, also see a huge increase in hybrid usage; workload portability will become critical; IoT metrics will need storage and SaaS will keep growing as organizations try to avoid large hardware investments.

IDC 2018 Predictions: If You’re Not In The Cloud, You’re Isolated From Innovation – In this interesting article, IDC also goes long term with some 2020 and 2021 predictions. For instance, by 2021, at least 50% of global GDP will be digitized, with growth driven by digitally-enhanced offerings, operations and relationships. By 2021, spend on cloud services and cloud enabling hardware, software and services doubles to over $530 billion. They also touch on areas like human-digital interfaces; blockchain services and even no-code development tools. This is a good list.

Deloitte’s tech predictions for 2018: More AI, digital subscriptions, AR, and live events – VentureBeat digs into Deloitte’s predictions as part of their 17th annual Technology, Media, & Telecommunications report. Mobile predictions include interesting nuggets like a fifth of North American homes will get all of their Internet data access via cellular mobile networks and adults actually worrying that they are on phones too much. We will try to limit usage. Yea-Right. All while 5 million phones a day are being sold worldwide. TV viewing will continue to decline while more than a billion smartphone users will be creating augmented reality content at least once during 2018, with 300 million doing so monthly and tens of millions weekly.

10 Enterprise IoT Predictions for 2018 – With endless partnerships & collaboration tied to IoT, ‘co-everything’ will drive the co-economy with customers becoming co-innovators. With that, open standards, open architectures and interoperability will be key…with government regulation not far behind. Agriculture and Healthcare will emerge as the leading adopters of IoT due to innovative use cases. IoT will shift from driving efficiencies to creating new business value. AI, fog and blockchain will become important for broad adoption.

2018 Predictions For The Data Center Industry – Applications live in data centers and as I’ve said before, the Cloud is just a Data Center somewhere. Mission Critical Magazine taps into some data center trends with the biggest being, ‘IT and data center managers around the globe will become the backbone for advanced cloud infrastructure tools that provide them with a high level of flexibility and visibility into their new mixed cloud environment – adding another layer of complexity to their role.’  It’s also become less of a ‘what if’ and more of a ‘when’ in terms of unforeseen events causing outages. With that, we’ll begin to see less of a reactive approach to one that is more proactive according to Jeff Klaus, GM Data Center Management Solutions for Intel.

Predictions As A Service – If you thought the acronym PaaS was taken, then Networking Nerd will open your eyes since he thinks the prediction business is a house of cards built on quicksand. He has his safe bet layups like - Whitebox switching will grow in revenue; Software will continue to transform networking and Cisco is going to buy companies without even stepping into 2018. And then moves on to his out-on-a-limb, far out predictions like ‘HPE will go out of business’ among others. His closing take is that he’d rather try to figure out how to use what he already has today and build that toward the future because, that’s a headline you’ll never live down.

Maybe we should heed his advice.

Are you ready for 2018?

ps

Interested to see if any of the previous year’s prognoses came true?


This article originally appeared on F5.com

Friday, December 22, 2017

Post of the Week: SSL on a Virtual Server

In this Lightboard Post of the Week, I answer a few questions about SSL/https on Virtual Servers. BIG-IP being a default deny, full proxy device, it's important to configure specific ports, like 443, to accept https traffic along with client and server side profiles and include your SSL certificates. We cover things like SAN/SNI certificates but I failed to mention that self-signed certificates are bad anywhere except for testing or on the server side of the connection.



Thanks to DevCentral members, testimony, Only1masterblaster, Faruk AYDIN, MrPlastic, Tyler G, Prince, and dward for their Q/A engagement.

Posted Questions on DevCentral:
ps

Tuesday, December 12, 2017

F5 Certified Practice Exams

Thinking of taking the F5 Certified 101 or 201 exams but not sure if you are ready? Ease the anxiety by taking a F5 Practice Exam!

That’s what I did, and it sure helped.

If you remember, back in August I attempted the 201-TMOS Administrator exam and successfully failed, missing by a few questions. I’ve been wanting to try again and had an opportunity last week but I hadn’t studied since that initial attempt at Agility. If I failed again, I’d have to wait another 45 days to give it another go.

So instead, I decided to take a practice exam.

Practice exams provide candidates with an accurate prediction of their performance for the live, production exams. Other than the section-level score reports, they are not intended to be used for study or learning purposes. Their entire value is based on their similarity to the production exams and their validity in predicting your performance. If you think you’re getting a sneak peek to real questions, think again. They use entirely different questions on the live exams, so unless you actually learn the underlying knowledge, "knowing" the practice questions is completely useless and becomes waste of time.

The Practice Exams are designed to mimic the real tests with 80 questions timed to 90 minutes. There are exhibits to consider, you can flag questions to review and you get instant feedback on your results. You can complete on your own device and you can ‘alt-tab’ to look up the answers if you so desire. Not that you should – defeats the purpose. While you do not get an actual score, you do get an indication if you Passed or Failed and insight (Below/Borderline/Meets) on how you did on the sections.


As you can see, 4 months of not studying doomed my fate. The 201 is no fly-by and really requires daily hands on experience. If I had done well, I could have taken the real exam the following day. This way, I know exactly where I need to focus and what I need to do to finally pass the 201.

They don't allow unlimited access to the practice exams and recommend using the practice exams no more than two, at most three, times as part of your preparation. Once you become familiar with the questions, the practice exam loses its value.

Practice exams are delivered via their Zoomorphix Exam Studio system and only available to registered candidates. They have 101 and 201 rehearsals with 301a, 302 and 303 practice exams coming soon.

If you’re preparing for a @F5Certified exam, you can review some of the F5 Certification study materials that are available.

Good luck!


ps

Friday, December 1, 2017

DevCentral's Featured Member for December - Kevin Davies

When we prepare for our Featured Member series, I typically send out a questionnaire and the DevCentral member writes out their answers. With the opening question I'll do a bit of editing and use that for the intro. This month however, airloom's Kevin Davies did such a great job with the opening, I decided to simply let him tell his story. A long-time DevCentral member and always engaged with the community, Kevin Davies is DevCentral's Featured Member to close out 2017. Congrats Kevin!

DevCentral: First, please explain to the DevCentral community a little about yourself, what you do and why it’s important.
Kevin: I suppose my interest in technology came from a desire to know how things work. My first job in computers was doing exactly that, building them at a small computer store in Brisbane. I have always been technical, being the pioneer in my family I immediately saw the potential they would bring and how it might shape the world…

I remember a quiet night alone in the office struggling to understand SCO Unix, as I’d come from a MS-DOS background. Yet I persisted, and using the SLIP protocol with static IP addressing, I successfully connected our business to the University, so we could receive email. This was back when Universities were connected globally and world wide web as we know it today, did not exist… yet.

My next role was to join an ISP as a help desk guy. Always in search of more knowledge, I figured the quickest way to get it was to immerse myself. Dealing with 10,000 users you rapidly discover the problems people are faced with as they try to get a handle on these things called modems! It was a great experience, and I attained my CCNA certification there. By the time I left three and a half years later, I was literally running the network.
Then I joined Unisys in a security role, to further expand my knowledge of firewalls and the way they operated. This required a deeper understanding of protocols, there were some very interesting problems you would come across. I lived for those moments and always found troubleshooting something I really enjoyed. During this job I transitioned from a Brisbane country town to Sydney the big city.
After various contracts and the GFC, I ended up at CSC doing more security, this time Checkpoint firewalls. It was here that I worked with my first BIG-IP. A load balancer, I mean what’s there to learn I thought? You send traffic here, you send traffic there… how little did I know. It wasn’t until I joined Red Education doing professional services that I came to understand the true capability of the device. Where I learned iRules provide customers with tremendous flexibility and iApps, API and automation toolsets make these devices scale and deploy in hybrid environments.
Now I work for airloom, the #1 F5 engineering partner in A/NZ, APJ and joint #1 globally providing solutions that no-one else could deliver. My first week at airloom I sat my 401 exams. My second week I was learning a completely new product. The third was sitting down with customers. They have a consistently high level of expertise that is not found elsewhere in Australia. They recruit and maintain the best, to deliver the outcomes customers need. After eight years F5 experience I thought would arrive here at least on par with the guys within the team. I was wrong.
DC: You are a very active contributor in the DevCentral community. What keeps you involved?
KD: I’ve always enjoyed helping others, it’s part of my DNA being a consultant. It is why I have enjoyed being an instructor as well as doing professional services for the last eight years. I’ve found that giving back to the community that has helped me is my way of saying thank you. From an airloom perspective the team is entirely focused on helping customers being successful so giving is what we do day in and day out.
DC:Tell us a little about the areas of BIG-IP expertise you have.
KD: I have enjoyed making the BIG-IP do magic for customers. It really is a powerful integration toolset in the right hands. Everyone needs to get traffic from A to B. With one of these the capability to add world class protection at any layer, multiple layers of authentication or even inspection becomes possible. That’s on top of providing high availability and redundancy for any application. Its level of detail and control is quite astonishing.

I’ve made stateless applications stateful, one protocol talk to another, the list goes on. My favorite has been iRules, I used to have a motto on the wall when I worked in one place for a few months… “iRules for breakfast, how many do you do?” That stateful piece was all written using iRules and saved the business over a million dollars in project costs whilst delivering projects quicker and with less errors. 
I have deployed nearly every product, my most recent has been migrating customers from legacy F5 physical appliances into virtualized appliances running vCMP. Instead of just running one BIG-IP they can have eight of them on a mid-range appliance. F5’s zero contention virtualization platform means customers can have the speed and the flexibility to provision BIG-IP’s with N dedicated processing cores.

One of my favorite F5 product modules is APM. The visual policy editor is a brilliant tool for building your own custom security policy and provides incredibly flexibility. The authentication point to end all authentication points… SAML, OAUTH, OTP, AD, Radius, Tacacs, DIY. You can roll your own N factor auth with built-in/external MFA and have all of it layered using SSO. It really is the authentication cornerstone of the products and is a joy to work with.
DC: You are a Distinguished Engineer at airloom. Can you describe your typical workday and how you manage work/life balance?
KD: On Monday’s I prepare for the weekly briefing, check outcomes from the previous week and start planning the day. Then tee myself up a list of things to do, including client meetings and begin preparation for them. These continue till the end of the day. I might be in the office one day, working remotely or both. We have no local infra except for a printer and wireless access points, everything we do is in the cloud. This means we are free to work from any location be it at home, office or customer site.

The role of an airloom Distinguished Engineer is a pretty awesome one, we report to our CTO Adrian (Nobby) Noblett who was the former F5 Solution Architect for APJ. Our role as DE’s is to help our client’s get the most out of their technology investments, however we are also given the creative license to develop new solutions we believe will help our clients. We have several goals to work towards on a regular basis, and they are not just about projects but also coming up with industry leading solutions no one else is across so we stay ahead of the curve and ensure our clients have access to the best solutions ahead of the entire market.
DC: You have a number of F5 Certifications including Technology Specialist (LTM) certifications. Why are these important to you and how have they helped with your career?
KD: I am certified in LTM, GTM, ASM, APM. I also just recently attained the Security Solutions Expert. F5 certifications are serious business. They provide assessment and recognition of technical skillset. This is valuable to airloom & valuable to my career and on top of my experience shows that someone is serious about maintaining their knowledge level on a product. I appreciate F5 are diligent about detecting and eradicating shortcuts as this maintains the value of the certification. The blueprints and study guide provided with each exam are highly relevant and far more than many other vendors provide to help professionals prepare themselves. From an airloom perspective it is a requirement that all DE’s are 401 level certified to hold the DE title at airloom, and we actually have the equal most number of 401’s in the world in our team!
DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.
KD: There have been many. The biggest was an iRule solution that a customer refused to implement as a black box solution! The data flow was deemed mission critical so they required on going monitoring. This meant writing another iRule to collect statistics. Then another to display them. The solution itself used about 100 subtables, the statistics around 1000 as it tracked not only the success or failure but all possible execution outcomes, effectively profiling the solution behavior per transaction.

This was then output not only as a html web page showing the effectiveness of the solution, but also available in XML format to be polled by a 3rd party monitoring platform. Their monitoring dashboard had graphs for each transaction type showing its effectiveness over time. It seemed overkill at the time however over three weeks the effectiveness of the solution gradually tapered off from 98% to 0% and by that time we were furiously troubleshooting with F5 support. 
It turned out about 1 in 200,000 calls to a certain command would return an undocumented outcome. Once known the code was updated, the problem now was the BIG-IP contained hundreds of invalid table entries that never expire. Failing over was not a solution because the HA device maintained an identical copy through session table mirroring. The most effective solution involved a fourth and final iRule to iterate through every permutation and remove the invalid table entries.
DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?
KD: I think a tour guide. I love talking to people and seeing new things. I could probably travel for ten years and only see half what the world has to offer. Human beings are quite creative people and cultural differences produce an amazing diversity of ideas around the globe.

Thanks Kevin! Check out all of Kevin's DevCentral contributions, connect with him on LinkedIn and visit airloom or follow on Twitter.