Thursday, May 30, 2013

iRules - Is There Anything You Can't Do?

Ex·ten·si·ble (in programming): Said of a system (e.g., program, file format, programming language, protocol, etc.) designed to easily allow the addition of new features at a later date. (from Dictionary.com)

Whenever I attend a F5 customer or partner gathering, I always ask of those who use iRules, 'Do you deploy iRules due to BIG-IP not having a particular feature or because you need to solve a specific issue within your unique architecture?'  Overwhelmingly, the answer is to address something exclusive to the environment. 

An iRule is a powerful and flexible feature of BIG-IP devices based on F5's exclusive TMOS architecture. iRules provide customers with unprecedented control to directly manipulate and manage any IP application traffic and enables administrators to customize how you intercept, inspect, transform, and direct inbound or outbound application traffic.  iRules is an Event Driven scripting language which means that you'll be writing code based off of specific Events that occur within the context of the connections being passed through the Virtual IP your iRule is applied to. 

There are many cool iRule examples on our DevCentral Community site like Routing traffic by URI and even instances where an iRule helped patch an Apache Zero-Day Exploit (Apache Killer) within hours of it being made public and well before the official Apache patch.  An iRule was able to mitigate the vulnerability and BIG-IP customers who have Apache web servers were protected.  Risk of exploit greatly diminished.

Recently our own Joe Pruitt, Sr. Strategic Architect with the DevCentral team, wrote a cool iRule (and Tech Tip) to Automate Web Analytics.  Analysis on the usage patterns of site visitors is critical for many organizations.  It helps them determine how their website is being utilized and what adjustments are needed to make the experience as best as possible...among many other things.  Joe's article discusses how to use an iRule to inject analytics code into HTML responses to enable the automation of analytics into your website software.  Adding a certain piece of JavaScript code into each web page that you would like monitored is one option but what happens if the release criteria for application code requires testing and adding content to pages in production is not allowed or multiple products from multiple application groups reside on a given server or even when 3rd party code is present where you don't have access to all the source that controls page generation.

If you have BIG-IP fronting your web application servers, then you can add Joe's iRule to inject client side JavaScript into the application stream without the application knowing about it.  Joe uses Google Analytics as an example, but, according to Joe, it is fairly easy to replace the content of the "analytics" variable with the replacement code for any other service you might be using.  Very cool indeed.

So while iRules might not be able to make your coffee in the morning - unless of course it is a slew of IP enabled coffee machines - they can help organizations create extremely agile, flexible and secure environments.  Like Oreos and Reese's, there have been a bunch of imitators but nothing is as good as the original.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, May 28, 2013

FedRAMP Federates Further

FedRAMP (Federal Risk and Authorization Management Program), the government’s cloud security assessment plan, announced late last week that Amazon Web Services (AWS) is the first agency-approved cloud service provider.  The accreditation covers all AWS data centers in the United States.  Amazon becomes the third vendor to meet the security requirements detailed by FedRAMP.  FedRAMP is the result of the US Government’s work to address security concerns related to the growing practice of cloud computing and establishes a standardized approach to security assessment, authorizations and continuous monitoring for cloud services and products.  By creating industry-wide security standards and focusing more on risk management, as opposed to strict compliance with reporting metrics, officials expect to improve data security as well as simplify the processes agencies use to purchase cloud services.  FedRAMP is looking toward full operational capability later this year.

As both the cloud and the government’s use of cloud services grow, officials found that there were many inconsistencies to requirements and approaches as each agency began to adopt the cloud.  Launched in 2012, FedRAMP’s goal is to bring consistency to the process but also give cloud vendors a standard way of providing services to the government.  And with the government’s cloud-first policy, which requires agencies to consider moving applications to the cloud as a first option for new IT projects, this should streamline the process of deploying to the cloud.  This is an ‘approve once, and use many’ approach, reducing the cost and time required to conduct redundant, individual agency security assessment.  AWS's certification is for 3 years.

FedRAMP provides an overall checklist for handling risks associated with Web services that would have a limited, or serious impact on government operations if disrupted.  Cloud providers must implement these security controls to be authorized to provide cloud services to federal agencies.  The government will forbid federal agencies from using a cloud service provider unless the vendor can prove that a FedRAMP-accredited third-party organization has verified and validated the security controls.  Once approved, the cloud vendor would not need to be ‘re-evaluated’ by every government entity that might be interested in their solution.  There may be instances where additional controls are added by agencies to address specific needs.

The BIG-IP Virtual Edition for AWS includes options for traffic management, global server load balancing, application firewall, web application acceleration, and other advanced application delivery functions.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, May 21, 2013

50/50 Odds for BYOD

According to a ComputerWorld article citing a recent Gartner survey, about half the world's companies will stop providing computing devices to employees and embrace some form of BYOD by 2017.  They also noted that about 40% will offer a choice between employee owned or company issued while 15% say they will never support BYOD.  While most surveyed felt there were benefits to BYOD, only about a quarter (22%) felt they have made a strong business case for it.  This might have to do with the fact that many organizations are still in the exploratory process for BYOD and are looking for a mobile strategy.  In addition, many are still trying to figure out a reimbursement plan.  Employees often expense business travel and mileage, and personal smartphone use for work also falls into that category.  About half the companies provide some reimbursement with only 2% covering all costs associated with BYOD.  While removing the initial capital outlay for IT issued devices, there are still costs like security and management tools along with the support headcount for BYOD. 

In another survey, Lumension’s BYOD and Mobility Security Report conducted on LinkedIn, BYOD is widely supported in 20% of organizations with another 35% saying they are evaluating it and 40% still supporting company owned mobile devices.  70% said 'security' was a big concern and a top criteria for success.  They worry about loss of and unauthorized access to corporate data.  Almost in line with the Gartner results and interestingly, sounds a lot like the attitudes over cloud computing the past several years. 

Employee satisfaction and productivity were cited in both surveys as a direct benefit of BYOD and although not perfect, encryption, is the most used risk control measure.  Productivity tools like email, calendar and contact management are the most used by employees and some sort of centralized mobile management is the most used by IT.  Anywhere from a quarter to a third of respondents have no BYOD policy nor any tools to mange and govern mobile access.

Without digging deeply into the numbers, these BYOD feelings sound similar to the cloud adoption trends over the last few years.  It's happening and organizations see benefits but there is hesitancy over things like security and data protection.  Once the risk is assessed and policies are in place, organizations can manage and mitigate the potential damage of allowing personal mobile devices on the sensitive corporate network.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Thursday, May 9, 2013

Interop2013: That's a Wrap

I wrap it up from Interop 2013. Special thanks to F5ers Ken Bocchino, Ken Salchow, Dan Kim, Sam Richman along with Christine, Courtney and Jeff for camera work. Also thanks to Brian Monkman of ICSA and Aaron Edwards of Big Switch Networks. Reporting from Vegas - thanks for watching.

 

ps

Related:

Technorati Tags: ,,,,,,

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Interop2013: DDoS'ing Interop Follow Up

I grab F5ers Ken Bocchino and Sam Richman to talk about DDoS’ing the Interop Infrastructure, the F5 gear used to protect the network and some of the mind blowing stats gathered over the last couple days of running Interop Net.

 

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Interop2013: Partner Spotlight – ICSA Labs

I catch up with Brian Monkman, ICSA Perimeter Security Program Manager, to discuss certifications and testing along with how ICSA is adjusting some of their testing methodology to match some of the changes occurring in the industry…like application delivery controllers doing much more than simply load balancing or remote access.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Interop2013: Partner Spotlight - Big Switch Networks

Earlier this week, F5 and Big Switch Networks announced a joint solution that brings together F5 BIG-IP Local Traffic Manager (LTM), F5 iApps functionality, and the Big Virtual Switch network virtualization application. Peter Silva meets with Aaron Edwards, Big Switch Technical Marketing Engineer to learn more about this solution that enables organizations to deploy complex cloud applications while Big Virtual Switch and BIG-IP LTM transparently manage network configuration in the background.

Leveraging integrations with popular orchestration platforms such as OpenStack, Big Switch and F5 together can fully manage all layers of the networking stack to dramatically simplify application deployment in cloud environments.

 

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, May 8, 2013

Interop2013: BIG-IQ Cloud

I meet with Dan Kim, F5 Product Manager for Management Solutions, to learn more about BIG-IQ, BIG-IQ Cloud and the benefits of a management system that can span multiple cloud environments. BIG-IQ Cloud automates and orchestrates the deployment of application delivery services across both traditional and cloud infrastructures.

 

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]