In this Lightboard Post of the Week, I answer a question about being able to do SAML IdP and SP on a single BIG-IP VE. Thanks to DevCentral Members hpr and Daniel Varela for the question and answer. +25 DC points for ya!
Posted Question on DevCentral: https://devcentral.f5.com/questions/apm-ltm-121-saml-idp-and-sp-possible-in-one-ve-58114
If you got an answer you'd like lit up on the Lightboard, let us know in the comments!
ps
Thursday, March 22, 2018
Tuesday, March 6, 2018
DevCentral's Featured Member for March - Hannes Rapp
Hannes Rapp is an Independent F5 Engineering
Consultant focusing on BIG-IP ASM and LTM. According to Hannes, 'if you
combine these two modules, you have the best of F5 product portfolio. One
without another is incomplete BIG-IP.' He's also interested in Python,
building tools to automate routine administrative tasks on BIG-IP and he sends
special thanks to REST API developers and F5-sdk project team who make this task
easier.
Hannes is a 2018 DevCentral MVP and our Featured Member for March!
DevCentral: First, please explain to the DC community a little about yourself, what you do and why it’s important.
If there is a DevCentral member you think should be featured, let us know in the comments section!
Hannes is a 2018 DevCentral MVP and our Featured Member for March!
DevCentral: First, please explain to the DC community a little about yourself, what you do and why it’s important.
Hannes: A crook from Eastern Europe, as I like to introduce myself. A guy from Estonia with a track record in online gambling industry. Given the background, potential customers are sure to raise an eyebrow. What if he spies for Russia and drinks vodka with his lunch instead of Cola?
Before my departure from online gambling, I worked as Network and Security Specialist for Playtech. This was the most impactful role for my career progression. There were days we had lots of work to do, and there were days we had insane amounts of work to do. These ever-growing work queues created a situation where some "safe" changes could sneak past Change Management procedures. But what safe is is debatable. So occasionally, some production iRules were modified on the fly without any prior notice. Sometimes customers reported their issues were "magically resolved", and sometimes they reported new issues. I don't know who did those changes. Trust me, I always ask for permissions and not move an inch before the green light.
Anyone just getting started in IT should seek a busy place. If you want to become good at what you do, it's best to be buried under actual work but not under formalities. If you work at a conservative bank where every minor step must be measured and documented, you will not gain much experience. Banks are good when you're a bit older. They ask you to use a fork and a knife when eating. They help uncivil barbarians evolve into humans by giving lessons in ITIL.DC: You are a very active contributor in the DevCentral community. What keeps you involved?
HR: My participation here is a learning experience. Most of my F5 knowledge comes from here. In particular, I like how official resources blend together with solutions and ideas from users not employed by F5 Networks. A closed echo chamber with one source of information would not be as interesting. Presence of bug complaints and negative remarks about the product drive the credibility of DevCentral and F5 as a vendor. With the addition of light board lessons, learning has been made even easier. It's always worth coming back here.DC: Tell us a little about the areas of BIG-IP expertise you have.
HR: Anything but BIG-IP APM, SWG, GCNAT and WebSafe/MobileSafe. No matter what needs to be done, there's probably someone else that already had me do the exact same thing. I'm interested in adding WebSafe/MobileSafe to my portfolio but haven't had the opportunity.DC: You are an Independent F5 Engineering Consultant focusing on BIG-IP LTM & ASM. Can you describe your typical workday and how you manage work/life balance?
HR: Something that is never missing from my typical workday is an argument with somebody. There's a famous quote that applies: "Arguing with an engineer is a lot like wrestling a pig in the mud. After a couple of hours, you realize the pig likes it."
When I'm not arguing, I create optimized WAF policies for online banking frontends and mobile apps. Most BIG-IP ASM configurations I have looked at are needlessly cumbersome and feature bulk not relevant for the application. Among other projects, I work on major BIG-IP upgrades. Large corporations with a lot at stake often want BIG-IP upgrades done so that all existing functionality is retained without alterations. Only, and only when the upgrade is deemed successful should any modifications or new features come in effect. Any forceful configuration changes that are applied must either be denied or made redundant with trickery. For example, the event where default values in base profiles are updated to defaults of a new version must be segregated into a separate change. Segregation into bits and pieces helps with damage control. If an incident occurs, all troubleshooting efforts can be focused on a smaller area of surface.
My last two customers have given me the opportunity to enjoy a better work-life balance. They let me work remotely. Since my area of expertise is so narrow, isolated to F5 BIG-IP, finding projects can be a challenge. Not that long ago I had to travel to another country to be accepted for a project. As far as I'm concerned, work should be about work. If a project is delivered as expected, the place of work is of secondary importance. I appreciate there are corporations who are on the same page in that regard. It's already in the best interest of engineers and consultants to do their job because every new client asks for a recent recommendation.DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.
HR: The challenge was about converting nearly a hundred BIG-IP ASM policies from Case-Sensitive matching to Case-Insensitive. There's no supported way of changing this once your choice is locked in. After some testing, I found that it's possible to accomplish this by working with raw XML files. There's plenty of room for error but after a few days of scripting and testing, I got a solution I was happy with. From DevCentral, I found information about iControl API and instructions for use. This later proved very helpful for mass policy export and import functions. This was the old SOAP iControl API. Now I'm using iControlREST and would like to give a special mention to F5-sdk project team who work on a fabulous tool that eases automation with Python.DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?
HR: The only job that made sense to me as a kid was to be a basketball player in NBA! As we were walking around our neighborhood in a group of 3, someone always came up with a rhetorical statement: "We need 1 more to play 2v2". And someone always expanded the scope: "or maybe we can find 3 more so we can play 3v3". This was the end of 90s in Estonia. Basketball was immensely more popular than soccer aka football, a dumb ball game. Now it's the other way around.Thanks Hannes! Check out all of Hannes' DevCentral contributions and connect with him on LinkedIn.
If there is a DevCentral member you think should be featured, let us know in the comments section!
Friday, March 2, 2018
DevCentral's Featured Member for March - Hannes Rapp
Hannes Rapp is an Independent F5 Engineering
Consultant focusing on BIG-IP ASM and LTM. According to Hannes, 'if you
combine these two modules, you have the best of F5 product portfolio. One
without another is incomplete BIG-IP.' He's also interested in Python,
building tools to automate routine administrative tasks on BIG-IP and he sends
special thanks to REST API developers and F5-sdk project team who make this task
easier.
Hannes is a 2018 DevCentral MVP and our Featured Member for March!
DevCentral: First, please explain to the DC community a little about yourself, what you do and why it’s important.
If there is a DevCentral member you think should be featured, let us know in the comments section!
Hannes is a 2018 DevCentral MVP and our Featured Member for March!
DevCentral: First, please explain to the DC community a little about yourself, what you do and why it’s important.
Hannes: A crook from Eastern Europe, as I like to introduce myself. A guy from Estonia with a track record in online gambling industry. Given the background, potential customers are sure to raise an eyebrow. What if he spies for Russia and drinks vodka with his lunch instead of Cola?
Before my departure from online gambling, I worked as Network and Security Specialist for Playtech. This was the most impactful role for my career progression. There were days we had lots of work to do, and there were days we had insane amounts of work to do. These ever-growing work queues created a situation where some "safe" changes could sneak past Change Management procedures. But what safe is is debatable. So occasionally, some production iRules were modified on the fly without any prior notice. Sometimes customers reported their issues were "magically resolved", and sometimes they reported new issues. I don't know who did those changes. Trust me, I always ask for permissions and not move an inch before the green light.
Anyone just getting started in IT should seek a busy place. If you want to become good at what you do, it's best to be buried under actual work but not under formalities. If you work at a conservative bank where every minor step must be measured and documented, you will not gain much experience. Banks are good when you're a bit older. They ask you to use a fork and a knife when eating. They help uncivil barbarians evolve into humans by giving lessons in ITIL.DC: You are a very active contributor in the DevCentral community. What keeps you involved?
HR: My participation here is a learning experience. Most of my F5 knowledge comes from here. In particular, I like how official resources blend together with solutions and ideas from users not employed by F5 Networks. A closed echo chamber with one source of information would not be as interesting. Presence of bug complaints and negative remarks about the product drive the credibility of DevCentral and F5 as a vendor. With the addition of light board lessons, learning has been made even easier. It's always worth coming back here.DC: Tell us a little about the areas of BIG-IP expertise you have.
HR: Anything but BIG-IP APM, SWG, GCNAT and WebSafe/MobileSafe. No matter what needs to be done, there's probably someone else that already had me do the exact same thing. I'm interested in adding WebSafe/MobileSafe to my portfolio but haven't had the opportunity.DC: You are an Independent F5 Engineering Consultant focusing on BIG-IP LTM & ASM. Can you describe your typical workday and how you manage work/life balance?
HR: Something that is never missing from my typical workday is an argument with somebody. There's a famous quote that applies: "Arguing with an engineer is a lot like wrestling a pig in the mud. After a couple of hours, you realize the pig likes it."
When I'm not arguing, I create optimized WAF policies for online banking frontends and mobile apps. Most BIG-IP ASM configurations I have looked at are needlessly cumbersome and feature bulk not relevant for the application.
Among other projects, I work on major BIG-IP upgrades. Large corporations with a lot at stake often want BIG-IP upgrades done so that all existing functionality is retained without alterations. Only, and only when the upgrade is deemed successful should any modifications or new features come in effect. Any forceful configuration changes that are applied must either be denied or made redundant with trickery. For example, the event where default values in base profiles are updated to defaults of a new version must be segregated into a separate change. Segregation into bits and pieces helps with damage control. If an incident occurs, all troubleshooting efforts can be focused on a smaller area of surface.
My last two customers have given me the opportunity to enjoy a better work-life balance. They let me work remotely. Since my area of expertise is so narrow, isolated to F5 BIG-IP, finding projects can be a challenge. Not that long ago I had to travel to another country to be accepted for a project. As far as I'm concerned, work should be about work.
If a project is delivered as expected, the place of work is of secondary importance. I appreciate there are corporations who are on the same page in that regard. It's already in the best interest of engineers and consultants to do their job because every new client asks for a recent recommendation.DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.
HR: The challenge was about converting nearly a hundred BIG-IP ASM policies from Case-Sensitive matching to Case-Insensitive. There's no supported way of changing this once your choice is locked in. After some testing, I found that it's possible to accomplish this by working with raw XML files. There's plenty of room for error but after a few days of scripting and testing, I got a solution I was happy with. From DevCentral, I found information about iControl API and instructions for use. This later proved very helpful for mass policy export and import functions. This was the old SOAP iControl API. Now I'm using iControlREST and would like to give a special mention to F5-sdk project team who work on a fabulous tool that eases automation with Python.DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?
HR: The only job that made sense to me as a kid was to be a basketball player in NBA! As we were walking around our neighborhood in a group of 3, someone always came up with a rhetorical statement: "We need 1 more to play 2v2". And someone always expanded the scope: "or maybe we can find 3 more so we can play 3v3". This was the end of 90s in Estonia. Basketball was immensely more popular than soccer aka football, a dumb ball game. Now it's the other way around.Thanks Hannes! Check out all of Hannes' DevCentral contributions and connect with him on LinkedIn.
If there is a DevCentral member you think should be featured, let us know in the comments section!
Subscribe to:
Posts (Atom)