The DevCentral Chronicles June Edition 1(6)

Heading into the summer months is always a nice time of year – school is out, warmer weather, BBQs, beaches, baseball and maybe some vacation time. And hopefully all the Dads had a nice Father’s Day as we dive into our 6^th installment of the DC Chronicles. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed since the last issue and you can always catch up with the links at the bottom. Welcome!

We had 20 new articles published since Volume 1, Issue 5, including 5 new Lightboard Lessons! We really enjoy making these and you, the audience, certainly express your enjoyment in watching. John Wagnon lit some cool security related topics like, Explaining TLS 1.3, What Are AEAD Ciphers? and The TLS 1.3 Handshake while Jason Rahm drew up the F5 software lifecycle and BIG-IP Cloud Edition Overview. Since we’re on Cloud, Chris Zhang also wrote up how to Achieve firewall high-availability in Azure with F5.

We also published a bunch of materials about our new BIG-IP Cloud Edition. BIG-IP Cloud Edition is designed to enable easy to use and fast self-serve deployments of application services in private and public clouds and is composed of BIG-IP Per-App VEs and BIG-IQ CM 6.0. To get the scoop, you can check out the BIG-IP Cloud Edition FAQ, Building Applications For The Rest Of Us With BIG-IQ 6 and Skies Never Looked So Good With BIG-IP Cloud Edition. DevCentral’s Chase Abbott lays out the details.

Moving from Cloud to Security, several vulnerability mitigations from our SIRT team dropped recently. You got coverage for Remote Code Execution with Spring OAuth Extension (CVE-2018-1260), a New BIG-IP ASM v13 Drupal v8 Ready Template, and a New BIG-IP ASM v13 WordPress v4.9 Ready Template. Also filed under Security, Steve Lyons showed how to Configure Smart Card Authentication to BIG-IP Management Interface.

Other highlights include Lori MacVittie’s Three HTTP Routing Patterns You Should Know with Eric Chen’s follow on, SNI Routing with BIG-IP. Chen also gives us Clone Pool Across L3 explaining how you can use the “clone pool” feature to copy traffic to an IDS and/or network monitoring device. Jason continues his Getting started with the Python SDK series covering Working with Statistics and Working with Request Parameters and finally, Jie Gao was DevCentral's Featured Member for June.

As always, You can stay engaged with @DevCentral by following us on Twitter, joining our LinkedIn Group or subscribing to our YouTube Channel. Look forward to hearing about your BIG-IP adventures.

The Chronicles:

• Volume 1, Issue 1
• Volume 1, Issue 2
• Volume 1, Issue 3
• Volume 1, Issue 4
• Volume 1, Issue 5

DevCentral's Featured Member for June - Jie Gao

Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and our Featured Series gives you some insight on some of our most active folks.

Jie Gao is a very active contributor on DevCentral since 2012 and has been on a roll recently answering questions about monitoring, URI redirects, SSL and many others. We're excited to name Jie as our Featured Member for June!

Let's learn a bit more about Jai.

DevCentral: please explain to the DC community a little about yourself, what you do and why it’s important.

Jie Gao: I am a system administrator in the University of Sydney and have been in the IT profession for over 20 years. I became an F5 administrator from "the other side" with a background in the open source, *nix system administration, system integration, Web application development, etc., some 7 years ago. I wanted to help bridge the great divide between networking and application through the use of F5. Upon reflection, I'm not sure I made much of a difference. :-(  Off work, I immerse myself listening to music on my Hi-Fi.

DC: You are very active contributor in the DevCentral community. What keeps you involved?

JG: Like many others here, I got on DevCentral initially to find a solution to a specific problem. I stayed on to learn more, to find out what more I can do and do better in my work. It is beneficial to know what issues other people are encountering, issues that might potentially affect my work later as well. If there is a software issue, then I could learn about it here early before it hits us, saving us from pulling our hairs out trying to figure out the puzzle. There are also solutions there that we could be asked to provide at work at the drop of a hat.

It feels good to be able to help people out. Sometimes it is even easier and more satisfying to help a total stranger than someone you already know. At the same time, it is also a good opportunity to learn how to answer a question properly - there are great minds and hands on DevCentral and I have learnt a great deal from them. I hope I have not provided too many incorrect/half-cooked answers! F5 staff tend to provide a complete, authoritative answer citing official documentation. Sometimes it might also be better to help people help themselves if they are not in a great hurry. Through answering questions, I have also learnt how to ask questions properly as well. 

All said, DevCentral is an invaluable site of knowledge, solutions, and advice (and silly questions - including mine), where F5 administrators and solution designers, or really anyone, can find a quick answer to an F5-related issue in hand, or a pointer to a resource for further exploration. Great resource.

DC: Tell us a little about the areas of BIG-IP expertise you have.

JG: The University has been using the BIG-IP LTM/APM/GTM/ASM modules for various application services for many years, and I have been with it all along. However, I prefer to regard myself a generalist, although I spent most of my time on F5 at work. I like programming and code in a few languages, and I did my first Ruby script while answering a question about iControlREST on DevCentral. :-)

DC: You are a Senior Network Designer at University of Sydney. Can you describe your typical workday and how you manage work/life balance?

JG: My typical workday starts with e-mail processing, browsing F5 Support's New Updates, and checking into DevCentral for a look, in that order. Home is wherever I am. All my hobbies/activities are suitably for a single soul. So I have got the balance holistically right. ;-)

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

JG: A few years ago I had a challenge, probably not the biggest but nonetheless an interesting one, to host a DNS split-view for a part of the organization as a matter of emergency. I found some useful code examples as well as relevant documentation on DevCentral and did it all in an iRule!

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

JG: The very first dream I recall I had as a toddler was to be a proud driver of a red-milky colored bus that thrummed through the center of Beijing. I have since had many other dreams, but I never did realize my first one.

Thanks Jie! Check out all of Jie's DevCentral contributions and follow The University of Sydney on Twitter.


If there is a DevCentral member you think should be featured, let us know in the comments section!

The DevCentral Chronicles Volume 1, Issue 5

Is it May already? Did you enjoy your ‘May the Fourth’ along with ‘Revenge of the Sixth’? For me, May is filled with a bunch of family holidays along with Mother’s Day, of course. May also falls perfectly for our 5^th installment of the #DC Chronicles. If you missed our initial issues of the DC Chronicles, you can catch up with the links at the bottom. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed since the last issue. Welcome!

We’re only 3 months away from #F5Agility18 in Boston, August 13-16! You can hang out with the DevCentral team and many MVPs will also be in attendance to share their expertise. Our team is prepping some sessions and look forward to socializing with the community. Get the details here and now's the time to register for F5 Agility 2018 and lock in your labs and sessions. Also, Early Birds get $300 off the registration fee Through May 18!

If you haven’t heard, BIG-IP Cloud Edition is will be available soon! BIG-IP Cloud Edition is built by tightly integrating BIG-IQ Centralized Management and BIG-IP Per-App VEs to deliver advanced application services and management. You can autoscale, offer self-service management for app owners, and per-app analytics. We got a couple cool pieces covering Cloud Edition: Chase’s Skies Never Looked So Good With BIG-IP Cloud Edition where he explains all the pieces of the pie and also check out Jason’s Lightboard Lessons: BIG-IP Cloud Edition Overview.

We also dropped a couple other #LightBoardLessons for your viewing pleasure covering some of our new Security solutions. John lights up the DDoS Hybrid Defender and introduces us to the new F5 Advanced WAF. DDoS Hybrid Defender offers comprehensive DDoS threat coverage in a simple, dedicated appliance with native, cloud-based scrubbing services and the awesome Advanced WAF protects against the latest attacks using behavioral analytics, proactive bot defense, and application-layer encryption of sensitive data. Couple of cool tools to help mitigate internet threats.

Mitigate threats you say? There will always be vulnerabilities in the wild and depending on the type of threat, we’ll typically have some mitigation techniques to share. Our SIRT (Security Incident Response Team) folks are always examining the murk out there and sharing insights. This past month is no different with mitigation techniques for Remote Code Execution with Spring Data Commons (CVE-2018-1273), Directory Traversal with Spring MVC on Windows (CVE-2018-1271) and the Drupal Core Remote Code Execution (CVE-2018-7602). In a few cases, BIG-IP ASM customers were already protected by the existing signatures!

As we wrap up this edition, we’d also like to point out @GrahamAlderson‘s new video series AppSec Made Easy with examples for Anti-Bot for Mobile APIs, Proactive Bot Defense, L7 Behavioral DoS and a couple more this week. And we’d be remiss if we didn’t call out Bank of America’s Jai Kumar as our Featured Member for May!

As always, You can stay engaged with @DevCentral by following us on Twitter, joining our LinkedIn Group or subscribing to our YouTube Channel. Look forward to hearing about your BIG-IP adventures.

ps

The Chronicles:

• Volume 1, Issue 1
• Volume 1, Issue 2
• Volume 1, Issue 3
• Volume 1, Issue 4

DevCentral's Featured Member for May - Jai Kumar

Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and our Featured Series gives you some insight on some of our most active folks.

Jai Kumar is a very active contributor on DevCentral and has been for a number of years amassing 4 #DC badges. We're excited to name Jai as our Featured Member for May.
Let's learn a bit more about Jai.

DevCentral: please explain to the DC community a little about yourself, what you do and why it’s important.

Jai Kumar: From my childhood (Kid born in 90's lol), I always thought and was eager to know how Internet and the entire network stuffs worked. That’s how my passion came - “I want to be a network engineer” and here I am a Network Engineer (Still lot to learn). I am Jai Kumar, living in Chennai (India). My close ones call me Jai. Got Married last November and have a loving spouse. Enjoy watching thriller/crime seasons and a big fan of G.O.T, Breaking Bad, Prison Break, Dexter. The list goes on… Now it’s Mr.Robot. An ardent reader of THN and I’m a workaholic!!!
I enjoy working for Bank of America providing Engineering and design of traffic management for consumers. This includes global traffic management, application load balancing, traffic routing and advanced health check services.
As a team we play a major role in providing architecture and high level design guidance for BOA. As well as oversight of design and engineering services provided by our partners. Work with business to understand future trends and roadmap emerging requirements.

DC: You are very active contributor in the DevCentral community. What keeps you involved?

JK: I don’t recall when I joined DevCentral, but I’m sure it would have been for an iRule or to do something with device hardware RMA/upgrade challenges I faced in my start of career. DevCentral has molded me in tremendous ways. I have learned so many technical things which I haven’t faced in my working place. That’s what special about DevCentral is. You cannot expect to know everything, things may run differently. 

Sometimes you’d be able to reproduce the other people’s issue and fix it – You gain knowledge, sometime you don’t – So you learn when someone answers. One of my favorite quotes of Benjamin Franklin:“Tell me and I forget, teach me and I may remember, involve me and I learn.” 

DevCentral is a great forum where great minds come to help out others issue. The involvement of every engineer out there to help the fellow F5 mate is what makes special of DC community. And with whatever knowledge I have, I’d love to give back to the community too. 

DC: Tell us a little about the areas of BIG-IP expertise you have. 

JK: I could be the youngest DC member holding less than 5 years of overall IT experience. I specialize in BIG-IP LTM and GTM. I started from the basics as I was in the monitoring team in my 1^st year. Happened to learn the metrics that were being monitored on F5 devices, how monitoring works, what action requires to be taken at such scenarios. Then moved to the next device level troubleshooting issues. Did 50 plus device replacements, HDD reseats, cable issues etc. Next comes the design of setups for applications. Over the last 3 years, have been engaging with application owners and creating LB environments. Had attended hands on virtual LAB trainings on BIG-IP ASM and AFM. Never got chance to learn deeper getting involved in real time practice, maybe in future, someday !!!

DC: You are a Senior Software Engineer/F5 Engineer at Bank of America. Can you describe your typical workday and how you manage work/life balance?

JK: At Bank of America, we live our values, deliver our purpose and drive responsible growth through our eight lines of business. 

Our values – “DART”• Deliver together • Act responsibly • Realize the power of our people • Trust the team

My work life style is simple, Mon – Fri, I have a general shift and a rotational on-call. We have a bunch of great minds in the team. Like every org, we do too have ticketing tools, accept tickets and troubleshoot, build environment for the application team. Get assigned with Projects and also implement changes required from GIS standpoint. Attend technical/management meeting, join TFG/brain storming sessions.

I involve myself in helping our Ops team on system level issues, being a primary POC for device level issues within the team. In the background, I see opportunities to automate things wherever I feel I can. Got awarded multiple times for automating. 

In BOA, we are encouraged to give back to the society, so I do participate in Bank of America Community Volunteering. Enjoying a good work/life balance overall. Maybe blessed or being lucky.

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

JK: One of our F5’s Configuration utility failed to display SSL certificates, same happened when you try to list all certificates through CLI. This really ate lot of my time. Then I happened to learn from F5 articles and DC to enable mcpd to find the actual single cert which was causing this issue. It was containing special chars in the subject. Because of which we were unable to install any of the certs at all. After fixing the particular cert, things got back normal.
Later we involved the right teams to let them know to avoid these scenarios in future. But I’m yet to face stronger challenges, after all I’m just 5 years in Industry now.

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

JK: It was always to be a Network Security Engineer. Well during my final year in college, I got 2 job offers for a CORE company (Embedded Systems electronics) and a voice process company. But I had not much of a real interest. So I looked for openings outside and was interviewed by Vodafone Enterprise and got selected. That’s where my carrier started and I’m thankful for that.

Thanks Jai! Check out all of Jai's DevCentral contributions and connect with him on LinkedIn and follow Bank of America on Twitter.

If there is a DevCentral member you think should be featured, let us know in the comments section!

The DevCentral Chronicles Volume 1, Issue 4

If you missed our initial issues of the DC Chronicles, you can catch up with the links at the bottom. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed since the last issue. Welcome!

Like last month, we’re digging the OWASP Top 10 #Lightboard series from @JohnWagnon. He wrapped it up this month with numbers 9 & 10 - Using Components With Known Vulnerabilities and Insufficient Logging and Monitoring. To give you a sense of how these have been received, YouTube viewer Sanket Kamath says, ‘Thank you for the excellent overview for all of the OWASP Top 10 2017! John made it really easy to understand each of the 10 attacks with his explanation!’ Check out the entire playlist!

Speaking of LightBoard Lessons, we had a few fantastic ones this past month. John took on lighting up the GitHub DDoS Attack and Explaining the Spectre and Meltdown Vulnerabilities while Jason gave us the OSI and TCP/IP Models and What Are Containers? I added SAML IdP and SP on One BIG-IP to round out our videos.

On the Security front, we had a bunch of great articles covering a mess, and I mean a mess of stuff. The mess was some new vulnerabilities and our Security Researchers had the mitigations for many including Spring Framework Spring-Messaging Remote Code Execution (CVE-2018-1270), Drupal Core SA-CORE-2018-002 Remote Code Execution Vulnerability and Jackson-Databind - A Story of Blacklisting Java Deserialization Gadgets.

We also learned how to Protect your AWS API Gateway with F5 BIG-IP WAF, how to configure F5 BIG-IP as an Explicit Forward Web Proxy Using Secure Web Gateway (SWG) and how to set up ADFS Proxy Replacement on F5 BIG-IP.

The Cloud folks will love Lori’s Three Types of Load Balancing You Meet in the Cloud, DNS Admins will dig Eric’s Unbreaking the Internet and Converting Protocols and Coders will enjoy Jason’s Debugging API calls with the python sdk and Satoshi’s iControl REST Fine-Grained Role Based Access Control.

And, we couldn’t let this Chronicle pass without mentioning an awesome @haveibeenpwned #Pwned Passwords Check #CodeShare from MVP Niels van Sluis. This snippet makes it possible to use @troyhunt ‘Pwned Passwords’ API to check if the password has been exposed. See it here: http://bit.ly/2GOhi1y
And wrapping up, a wonderful contributor Daniel Varela is DevCentral's Featured Member for April and F5 Agility is coming to Boston, MA this August!

As always, You can stay engaged with @DevCentral by following us on Twitter, joining our LinkedIn Group or subscribing to our YouTube Channel. Look forward to hearing about your BIG-IP adventures.

ps

Previous

• Volume 1, Issue 1
• Volume 1, Issue 2
• Volume 1, Issue 3

F5 Agility is coming to Boston, MA this August!

The DevCentral team will be at F5’s largest user conference to date! Will you?

Now's the time to register for F5 Agility 2018 in Boston, MA August 13-16. Early Bird registration knocks $300 off your registration fee!

What's F5 Agility all about?

Besides an opportunity to meet fellow community peers, solution partners, and F5 experts, we’ll have

Breakouts!
Breakout sessions at Agility focus on the latest technologies, applications, and architecture strategies. The technical breakout sessions at Agility range from beginner to advanced, enabling you to select classes that best meet your needs. Additionally, you can choose from sessions in multiple tracks or use the recommended learning paths to focus on specific areas that matter most to you. Last year we had 62 hours, this year we’re expanding to 150+ hours of technical breakouts, including dedicated Spanish-language sessions.

Sample learning paths:

• Application Security
• Application Delivery
• Access Management
• Service Provider
• Programmability
• Cloud Solutions
• Automation and Orchestration
• Super-NetOps

Labs!
We have expanded lab offerings to a total of 80 hands-on lab sessions. Our comprehensive 4- or 8-hour labs will address a wide variety of installation, troubleshooting, and networking technologies across a variety of environments. The instructor-led classes also provide an opportunity to gain valuable knowledge in preparation for F5 Certification exams.

New for 2018, Agility will have a room dedicated to self-paced labs that are shorter and/or more targeted. Attendees will have the opportunity to go through these labs at their own pace, with instructors available to assist with any questions. All self-paced labs will be available on a first-come, first-served basis.

Certifications!
Are you getting started? Already F5 Certified? We’ll have F5 Certification exams running throughout the week. Be sure to sign up in advance in order to guarantee your seat.

And you can Meet the Experts

If the structured programs still leave you wanting more, we will have experts available to answer questions at the DevCentral booth during the Solutions Expo hours, as well as two breakout rooms dedicated to walk-in help for iRules and all things Programmability. If you are not yet a member of DevCentral, you can sign up on-site.

Also at Agility 2018

Solutions Expo
The core of the conference, our Solutions Expo brings together the various aspects of the F5 ecosystem. Learn what works where with whom, and meet solutions experts from all avenues.

Geek Fest
Lab attendees get a chance to rub elbows with each other and presenters over food, drinks, and (sometimes unconventional) activities.

F5 Connects Women
Women leaders from both F5 and our partners join to discuss the perspectives women bring to tech, as well as the influence we can have when our potential is realized.

5K Fun Run
Grab your runners and discover Boston by foot on a beautiful, urban run through the city with fellow attendees. DevCentral’s own John Wagnon leads this one!

For more information on reserving your place, go to F5 Agility 2018

We look forward to seeing you in Boston!

DevCentral's Featured Member for April - Daniel Varela

Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and our Featured Series gives you some insight on some of our most active folks.

Daniel Varela has been one of those engaged members and amassed 374 points in February alone! Answering bunches of questions about SAML, SSO, Cookies and more, we're proud to name Daniel as our Featured Member for April.

DevCentral: Hi Daniel and thanks for helping many of our members! Please explain to the DC community a little about yourself, what you do and why it’s important.

Daniel: I am an ADC/GSLB/WAF SME currently working for Centrica PLC. My job entails load balancing applications, availability and security. My work experience is mainly around network security. I chose to work in security because you never get bored of it, there is always something new to learn which is what I love. I have been actively working with F5 devices for the last 10 years. I still remember when I first heard about iRules, I was really impressed with the possibilities it provided. Additionally, with a BIG-IP you can learn about a lot of technologies: HTTP, TLS, DNS, SAML, OAuth, Web acceleration, Web Application Firewall… I am probably missing technologies here but you get the idea. This is one of the reasons I am working with F5, fun is guaranteed.

DC: You are a former F5 employee (2014-17) and continue to be a very active contributor in the DevCentral community. What keeps you involved?

DV: I have always thought (and I always say to my customers) that DevCentral makes a difference in respect to any other vendor. The amount of information someone can find there is incredible and if what you are looking for is not there you just have to ask, people from all around the world will help you to do whatever you want to do (event the craziest things), there is always an iRule for that 😊. For this reason I like to participate as much as I can, I have found a lot of help there and I feel like I have to return the favor (and it is also fun to see what people are trying to do with F5).

DC: Tell us a little about the areas of BIG-IP expertise you have and your F5 Certifications. Why are these important and how have they helped with your career?  

DV: My experience with F5 has been pretty much with all the modules: LTM, ASM, APM, GTM, AFM, Silverline and a bit of WebSafe. I was an F5 consultant for 3 years meaning it gave me a great opportunity to learn a lot about all those modules. This provided me with a lot of knowledge and helped me to get the F5 Certification F5-CSE Security. I would recommend to everyone to make an effort and get it, in my experience companies really value this accreditation.

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

DV: The biggest challenges for me have always been around BIG-IP APM. APM is probably the module which you can expand on the most, some things are not there by default but with the help of iRules you always find a way to get what you need. The last challenge was to expand SAML IDP capabilities by providing step-up authentication using authentication contexts available in the protocol itself. It may sound simple but just because how APM and SAML is designed it was tricky.

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

DV: Finally, I have always wanted to work in IT but if I wasn’t doing this I think I would be a fireman. I love sports and being active so I think it’s a job I could do.

Thanks Daniel! Check out all of Daniel's DevCentral contributions and connect with him on LinkedIn.

If there is a DevCentral member you think should be featured, let us know in the comments section!