Tuesday, July 26, 2016

DevCentral at F5 Agility 2016

Four outta Five DevCentral members will appear in person at #F5Agility 2016.

That’s right! Jason, John, Chase and yours truly will be in Chicago next week for F5’s annual gathering of customers and partners. The DevCentral area will be in the heart of the Solution Expo and we’ll be offering some short technical presentations throughout the event. We’ll also have some t-shirts to give away along with a few other goodies.

Here is where we’ll be:

And here is our presentation schedule* to lock in to your mobile app.

If you will be at Agility 2016, please stop by to see us. 

And here are your Top 10 reasons to visit DevCentral at F5 Agility 2016:
  1. This is your F5 community
  2. Learn some new technical tips
  3. Ask your technical questions
  4. Watch a few technical presentations
  5. Our presentations are only 20 minutes
  6. Meet the team
  7. Grab a T-shirt
  8. Hang with other DC community members
  9. Relax and take a break
  10. Chase Abbott’s Session
Hope to see you there!


*Subject to change

Tuesday, July 19, 2016

Is 2016 Half Empty or Half Full?

Updating passwords is a huge trend in 2016

With 2016 crossing the half way point, let's take a look at some technology trends thus far.

Breaches: Well, many databases are half empty due to the continued rash of intrusions while the crooks are half full with our personal information. According to the Identity Theft Resource Center (ITRC), there have been 522 breaches thus far in 2016 exposing almost 13,000,000 records. Many are health care providers as our medical information is becoming the gold mine of stolen info. Not really surprising since the health care wearable market is set to explode in the coming years. Many of those wearables will be transmitting our health data back to providers. There were also a bunch of very recognizable names getting blasted in the media: IRS, Snapchat, Wendy’s and LinkedIn. And the best advice we got? Don’t use the same password across multiple sites. Updating passwords is a huge trend in 2016.

Cloud Computing: According to IDC, public cloud IaaS revenues are on pace to more than triple by 2020. From $12.6 billion in 2015 to $43.6 billion in 2020. The public cloud IaaS market grew 51% in 2015 but will slightly slow after 2017 as enterprises get past the wonder and move more towards cloud optimization rather than simply testing the waters. IDC also noted that four out of five IT organizations will be committed to hybrid architectures by 2018. While hybrid is the new normal remember, The Cloud is Still just a Datacenter Somewhere. Cloud seems to be more than half full and this comes at a time when ISO compliance in the cloud is becoming even more important.

DNS: I’ve said it before and I’ll say it again, DNS is one of the most important components of a functioning internet. With that, it presents unique challenges to organizations. Recently, Infoblox released its Q1 2016 Security Assessment Report and off the bat said, ‘In the first quarter of 2016, 519 files capturing DNS traffic were uploaded by 235 customers and prospects for security assessments by Infoblox. The results: 83% of all files uploaded showed evidence of suspicious activity (429 files).’ They list the specific threats from botnets to protocol anomalies to Zeus and DDoS. A 2014 vulnerability, Heartbleed, still appears around 11% of the time. DevOps is even in the DNS game. In half full news, VeriSign filed two patent applications describing the use of various DNS components to manage IoT devices. One is for systems and methods for establishing ownership and delegation of IoT devices using DNS services and the other is for systems and methods for registering, managing, and communicating with IoT devices using DNS processes. Find that half full smart mug...by name!

IoT: What can I say? The cup runneth over. Wearables are expected to close in on 215 million units shipped by 2020 with 102 million this year alone. I think that number is conservative with smart eyewear, watches and clothing grabbing consumer’s attention. Then there’s the whole realm of industrial solutions like smart tractors, HVAC systems and other sensors tied to smart offices, factories and cities. In fact, utilities are among the largest IoT spenders and will be the third-largest industry by expenditure in IoT products and services. Over $69 billion has already been spent worldwide, according to the IDC Energy Insights/Ericsson report. And we haven’t even touched on all the smart appliances, robots and media devices finding spots our homes. Get ready for Big Data regulations as more of our personal (and bodily) data gets pushed to the cloud. And we’re talking a lot of data.

Mobile: We are mobile, our devices are mobile and the applications we access are mobile. Mobility, in all its iterations, is a huge enabler and concern for enterprises and it'll only get worse as we start wearing our connected clothing to the office. The Digital Dress Code has emerged. With 5G on the way, mobile is certainly half full and there is no empting it now.

Of course, F5 has solutions to address many of these challenges whether you’re boiling over or bone dry. Our security solutions, including Silverline, can protect against malicious attacks; no matter the cloud -  private, public or hybrid - our Cloud solutions can get you there and back; BIG-IP DNS, particularly DNS Express, can handle the incredible name request boom as more ‘things’ get connected; and speaking of things, your data center will need to be agile enough to handle all the nouns requesting access; and check out how TCP Fast Open can optimize your mobile communications.

That's what I got so far and I'm sure 2016's second half will bring more amazement, questions and wonders. We'll do our year-end reviews and predictions for 2017 as we all lament, where did the Year of the Monkey go?

There's that old notion that if you see a glass half full, you're an optimist and if you see it half empty you are a pessimist. I think you need to understand what state the glass itself was before the question. Was it empty and filled half way or was it full and poured out? There's your answer!


Tuesday, July 12, 2016

The Road to F5 Certification

Over the last 4 months, the DevCentral team has been preparing for the F5 Certification exam. We’ve met a number of times for group study and for each session, we reviewed a particular section of the Exam 101 - Application Delivery Fundamentals Study Guide. We prepared and presented a certain topic and had open discussions about particular use cases, customer scenarios and even played some guessing games as to what might be asked on the exam for that section.

Now the time has come to take the test.

Since the DevCentral team will be at Agility 2016 in Chicago this year, we decided to take advantage of the Certification Team’s mobile testing center. While you can certainly go to one of Pearson Vue’s test centers, the Certification Team will be on hand at F5 Agility to administer their various exams for those looking to get F5 Certified. It’s a pretty cool set up – almost like a band on a mini regional tour. They’ll have everything you need to take the test.

I gotta tell you, I’m a little nervous.

I’m sure I’ll be able to nail sections 2-5 since those are the areas I’ve focused on for the past decade…it’s the first part, OSI, that I’m a little weary. Not that I don’t know my 7 layers – All People Seem To Need Data Processing – but maybe some of nuances or lack of recent real world subnetting that concerns me. I’ll use this last month before the exam to keep prepping to make sure I don’t embarrass myself.

But let's look at the stats.

Recently Ken Salchow, F5’s Sr. Manager Professional Certifications, has posted some interesting statistics about the program, particularly pass rates and certification by region. Ken notes about the pass rate graph, ‘I am also often asked about exam pass rates ... which is not an easy thing to really post. Below is a graph that shows ALL TIME pass rates by exam. It is important to note that these pass rates encompass thousands of exams and even different versions of exams. As such, take these with a grain of salt and realize that if I did a 12-month average, 24-month average and last month average, they would all differ from the below. Oh ... and have I mentioned how much I distrust data coming from our candidate management system?? Yeah ... so ... you've been warned.

And the graph:

So there's a 70% pass rate on the 101. Fairly decent.

Ken also posted another chart which shows the breakdown of certification by region as a percentage of the whole.

Nice mix of global certifications.

We - the DevCentral team - will take some pictures and let you know how we did. If you are at Agility and taking a Certification exam this year, let's compare notes for the final wrap. Pass or Fail.

My energy says, 'Success!'



Tuesday, July 5, 2016

Q/A with Yann Desmarest - DevCentral's Featured Member for July

Yann Desmarest is the Innovation Center Manager at e-Xpert Solutions SA and one of DevCentral’s top contributors. e-Xpert Solutions SA is a F5 Gold Partner, Unity Partner Support and a Guardian Partner. Yann has been a BIG-IP administrator for 6 years and enjoys basketball, table tennis, hacking, cinema and manga (especially Naruto).

And one of his favorite activities is developing complex iRules and that’s why he is DevCentral's Featured Member for July!

We got a chance to chat with Yann about his work, his life and why he enjoys participating in the DevCentral Community.

DevCentral: Hi Yann. Thanks for your time. You’ve been a tremendous contributor to the DevCentral community over the years and wondered what keeps you involved?
Yann: I’m always looking for new challenges and DevCentral is a really good place to solve complex issues and to share knowledge and experiences with peers. It’s also a place that I can find useful information on iControl, iRules and iApps code.
DC: Tell us a little about the areas of BIG-IP expertise you have.
YD: At my earliest stage in the business world, I was involved on basic BIG-IP LTM projects. After some successful experiences, I wondered if I could rise up to another level and decided to learn BIG-IP ASM, APM and GTM modules as well.
Now, I think I’m pretty comfortable with all F5 BIG-IP modules but I’m clearly specialized in security and more precisely the authentication and WebSSO part delivered by BIG-IP APM.
I also acquired some development skills using iRules and iControl.
DC: You often participate and post in the Codeshare area – tell us about some of your favorite submitted iRules/iApps and how they work.
YD: I've had several requests to protect Microsoft Skype for Business Edge services against NTLM brute force and dos attacks. I decided to develop an iRule to intercept the encrypted traffic and identify NTLM authentication attempts on the SIP flow. Then, suspicious IPs and users are blacklisted for a duration that you can define in the RULE_INIT event.
I had also requirements to provide Client certificate authentication on Microsoft Exchange ActiveSync for Apple iOS devices. The main issue is that this kind of authentication requires a Mobile Device Management or Apple Configurator system. Deploying a full MDM for that need may be overkill so we developed an iRule that provisions the Exchange payload to the iOS device. The client certificate is retrieved using SCEP protocol. Now, with the availability of iRulesLX, I will be able to extend this feature to retrieve a certificate using third party APIs.
And finally my favorite is the APM Full Step Up Authentication iRule and Access profile that we published on DevCentral. I had a look at the Step-Up authentication feature on the APM v12.1.0 and found that it’s currently limited. I decided to develop my own configuration to make it more flexible and mainly to have this feature available for older BIG-IP versions. No doubt that my configuration will be deprecated in future releases because APM will enhance its own feature set.
I have many more iRules, iApps and iControl scripts to share with the community in the future.
DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.
YD: I had a requirement to integrate APM with an iOS and Android mobile application. The application use SOAP body to POST credentials and a second factor was required for external users. I had to intercept the SOAP body to retrieve the username and password, then play those credentials through an external REST API web service and if the user is connecting from a public IP address, prompt the end user for a second factor that I send to a third party web gateway. This is a lot of peers and exchanges to integrate in the authentication process. I had also to implement full SOAP responses and handle errors. I consulted DevCentral and the iRules wiki to find how to use sideband connections, ifiles, ACCESS events and some crypto commands. Without the DevCentral community, I would not have been able to face this challenge.
DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?
YD: Computer science was part of my life since the very beginning. Later, I decided to be an IT expert, to solve complex challenges and to help people securing their environments. Now, I’m following my dreams and work hard to be a computer expert.
Just few words to thank all my colleagues and our F5 Field System Engineers that help me a lot to acquire more skills and experience on F5 technologies.

DC: Thanks Yann! Check out all of Yann’s DevCentral contributions and follow him @expertsolch