The DevCentral Chronicles July Edition 1(7)

July is my favorite month due to it being both the middle of summer and I was born in July. This month I’ll drip of perspiration and celebrate another twist in the odometer of life. It’s also time for our monthly Chronicles where we keep you updated on DevCentral happenings and highlight some of the cool content you may have missed since the last issue. You can always catch up with the links at the bottom. Welcome!

With #F5Agility18 right around the corner August 13-16, 2018, let’s kick off this edition with John Wagnon‘s Capture The Flag at Agility 2018. Happening Tuesday night Aug 14, block your calendar for our #Geekfest event, Hack to the Future! This year, for the first time ever during our Agility conference, we will host a Capture The Flag game.  The game is designed for eight teams (4 people per team) to compete against one another to see who can capture the most flags, earn the most virtual money, and keep their web application safe from attack.  The teams will be chosen prior to the event, so if you want to be included in one of the teams, make sure you reach out to your SE and get the invitation.  DevCentral MVP’s Kai, Stan, Leonardo & Nathan with Bart as Pit Boss will also participate. The entire evening will be themed with tons of cool 80s stuff related to the classic movie series.

Next, we’d like to recognize F5 Systems Engineer, Steve Lyons for his prowess over the last month. First, Steve is one of our most engaged SE’s amplifying our social channel at every tweet; he published three, in-depth articles Configuring the BIG-IP as an SSH Jump Server using Smart Card Authentication and WebSSH Client, Configuring Certificate Based Authentication and Kerberos Constrained Delegation in F5 Access Policy Manager (APM) and Configuring Endpoint Security (Client-Side) Using F5 Access Policy Manager (APM); in addition to answering 5 questions from members. He’s highly active and has the technical know-how to help. Follow Steve @SteveLyonsF5

Jason Rahm and his infinite knowledge continued his python series with Getting started with the python SDK part 5: request parameters revisited and also replied to a twitter question from @CISCO_World with a full article about Duplicating BIG-IP Objects about how to copy a virtual server.

For the developer crowd, ENE Satoshi Toyosawa added his iControl REST Cookbook - Virtual Server Profile (LTM Virtual Profiles). For cloud folks, Chase Abbott shows off Application Auto Scaling Through BIG-IP Cloud Edition and for security, John lit up Introducing F5 DataSafe in his #LightboardLesson.

And in closing, Rhazi Youssef from e-xpert Solutions is our Featured Member for July and is the third engineer we've featured from e-Xpert Solutions SA.

We look forward to seeing you in Boston for Agility and as always, you can stay engaged with @DevCentral by following us on Twitter, joining our new LinkedIn Showcase page or subscribing to our YouTube Channel. Look forward to hearing about your BIG-IP adventures.

The Chronicles:

• Volume 1, Issue 1
• Volume 1, Issue 2
• Volume 1, Issue 3
• Volume 1, Issue 4
• Volume 1, Issue 5

DevCentral's Featured Member for July - Rhazi Youssef

Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and our Featured Series gives you some insight on some of our most active folks.

Rhazi Youssef has been a very active DevCentral member since 2012 and the third engineer we've featured from e-Xpert Solutions SA. Initially Rhazi was a bit reluctant to participate as he's a quiet, humble guy and we're thrilled that he's DevCentral's Featured Member for July!
Let's learn a bit more about Rhazi.

DevCentral: Please explain to the DevCentral community a little about yourself, what you do and why it’s important.

Rhazi: I’m a security engineer since 2009 working in Geneva (Switzerland), a region with several security projects involving F5 BIG-IP (GTM, LTM, ASM, APM). My interest began early when I started and installed several security equipment like Mail relay, FW, SIEM&SEM, web proxy… 

But I admit that my job became more interesting when I started to approach the application part. I am talking about WAF (ASM), perimeter security (APM), LTM (LB, optimization,)… 

I immediately bonded with this product since it is very rich, complete and scalable with its time. It is for this reason that I invested heavily on this product by passing for example all my certificates which gives me today the title of “Security Solution Expert” (401).

DC: You are a very active contributor in the DevCentral community. What keeps you involved?

RY: First off, like everyone else I admit that Devcentral has already allowed me to get out of trouble and not just once, and I thank the community for this. The DevCentral community is very much involved in sharing, helping and informing members. This work done by the community helped me a lot in my work (I upgraded my skills) so I think it is normal for me to give back to the community that helped me...and offer advice that will help with experience and knowledge the community to move forward.
My investment in the community is even easier since F5 is a product that is very important to me. 

Today I work primarily on F5 BIG-IP (APM, ASM, LTM, GTM, WebSafe) which allows me to have an important experience on the potential problems that one can meet during a deployment, so it's the least of the things to help the community when I can.

DC: Tell us a little about the areas of BIG-IP expertise you have.

RY: These last 6 years I worked mainly on F5, I had the chance to work with some very great customers that I cannot mention :-). I deployed all types of hardware until VIPRION. And today I work on almost all of the BIG-IP modules (ASM, APM, LTM, GTM, VCMP, LC, WebSafe). 

The advantage with F5 is that you cannot get tired of this product. It is rich, complete and scalable. For example the APM that allowed me to meet the needs of our customers by going from the identity federation (SAML) to Oauth&OpenID connect. But still it's the same thing for ASM and other modules. We do not say it often enough but this product allows us to be up to date in terms of security; I'm talking about authentication protocols that the APM offers, different security methods carried by the ASM ... all these aspects allow us to maintain our level and to learn ...

DC: You are a Sr. Security Engineer with e-Xpert Solutions SA. Can you describe your typical workday, how you manage work/life balance and the strong support of F5 solutions?

RY: As everyone knows the job of Security Engineer is not easy. We must manage several clients, several projects, manage customer support, communicate with clients (vulnerabilities, news), schedule management, project tracking,... 

So every morning I spend quite some time to manage my emails, my calendar and answer to my customers. I am registered to F5 RSS feed, which keep me updated on CVE, I also follow many f5 webinars (I usually watch them later when they are online).
At e-Xpert solutions I am product manager of F5 solution, so I have to inform my colleagues about vulnerabilities or any new features, I must also regularly write news that we publish on our website. The other PMs do the same thing with their own products which also allows me to be informed about the other products of our portfolio. 

During my working day I connect regularly to DevCentral when I have some time to help or learn about some interesting topics. For me, helping the community is not binding. On the contrary, certain questions allow us to update ourselves on certain subjects and to exchange on our different points of view. 

I finished my work day in the evening by doing a small check of my mails and a pass on my usual information sites which included DevCentral. I almost forgot I work out every 3 days and I try to run at least every 2 days (no excuse for gym time!). 

If you are interested, here is the website of the company in which I evolve: https://www.e-xpertsolutions.com/

DC: You have a number of F5 Certifications. Why are these important to you and how have they helped with your career?

RY: 8 months ago I had my last certification “Security Solution Expert” (401). Having all these certifications was very important to me. First of all in order to guarantee a high level of expertise to our customer. Moreover this certification process obliges us to study and consequently to update us on the different modules. 

These certifications are like a quality label, our customers appreciate when the engineers who intervene has the higher level of certification. 

Moreover with the experience that I have, I think that the passage of these certifications allow us to have a richer view of the product and consequently to propose to our customers the best possible alternatives according to their needs.

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

RY: DC allowed me several times to solve the different problems I encountered. Things that seem simple to me today but that was not at the time I posted them and caused me quite some problems (Kerberos delegation, Kerberos authentication, Sideband, DDOS using iRule with session table …). 

I remember that I had to set up a perimeter of security to protect an application using the APM (I know it looks pretty simple). But I realized that the application was contextual (Web and JNLP) and that the APM session cookies were not propagated on to other contexts, so JNLP part could not connect. 

I will not go into the technical details but I had to create an iRule that used a table of correspondence between the cookie APM and the JNLP JSessionID that I stocked in a table session. Later I made an SSO on the backend application using the sideband (SSO profiles APM was not suitable). DC allowed me to build my iRule and sincerely without DC I would have had a lot of trouble and it would have taken me took a lot of time. And lastly DC allowed me to set up a fakeadfs using iRulesLX (and without DC, I do not think I could have done it alone).

DC: Finally, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

RY: When I was little and did not have school I spent my whole day on the football fields. I could play for 6 hours of suites without stopping. I loved football and I still do. So as you guessed I wanted to become a professional. But reality has taken over the dreams. Growing up I discovered computer science I started to build/dismantle my pc to add ram, change the hard drive, buy new graphics card for games... and little by little, I ended up in IT and I really do not regret it, but I admit that if I could have had the career of Ronaldo and also his salary I would not have mind either.

Thanks Rhazi!
Check out all of Rhazi's DevCentral contributions, connect on LinkedIn and follow e-xpert Solutions on LinkedIn.

If there is a DevCentral member you think should be featured, let us know in the comments section!