Technical Article F5 Friday: The Operational Consistency Proxy August 03, 2012 by Lori MacVittie 3176 article acceleration automation availability cloud design dev devops dynamic infrastructure f5 friday f5friday icontrol infrastructure load balancing management monitoring performance security us virtualization 0 #devops #management #webperf Cloud makes more urgent the need to consistently manage infrastructure and its policies regardless of where that infrastructure might reside While the potential for operational policy (performance, security, reliability, access, etc..) diaspora is often mentioned in conjunction with cloud, it remains a very real issue within the traditional data center as well. Introducing cloud-deployed resources and applications only serves to exacerbate the problem. F5 has long offered a single-pane of glass management solution for F5 systems with Enterprise Manager (EM) and recently introduced significant updates that increase its scope into the cloud and broaden its capabilities to simplify the increasingly complex operational tasks associated with managing security, performance, and reliability in a virtual world. AUTOMATE COMMON TASKS The latest release of F5 EM includes enhancements to its ability to automate common tasks such as configuring and managing SSL certificates, managing policies, and enabling/disabling resources which assists in automating provisioning and de-provisioning processes as well as automating what many might consider mundane – and yet critical - maintenance window operations. Updating policies, too, assists in maintaining operational consistency across all F5 solutions – whether in the data center or in the cloud. This is particularly important in the realm of security, where control over access to applications is often far less under the control of IT than even the business would like. Combining F5’s cloud-enabled solutions such as F5 Application Security Manager (ASM) and Access Policy Manager (APM) with the ability for F5 EM to manage such distributed instances in conjunction with data center deployed instances provides for consistent enforcement of security and access policies for applications regardless of their deployment location. For F5 ASM specifically, this extends to Live Signature updates, which can be downloaded by F5 EM and distributed to managed instances of F5 ASM to ensure the most up-to-date security across enterprise concerns. The combination of centralized management with automation also ensures rapid response to activities such as the publication of CERT advisories. Operators can quickly determine from the centralized inventory the impact of such a vulnerability and take action to redress the situation. INTEGRATED PERFORMANCE METRICS F5 EM also includes an option to provision a Centralized Analytics Module. This module builds on F5’s visibility into application performance based on its strategic location in the architecture – residing in front of the applications for which performance is a concern. Individual instances of F5 solutions can be directed to gather a plethora of application performance related statistics, which is then aggregated and reported on by application in EM’s Centralized Analytics Module. These metrics enable capacity planning, troubleshooting and can be used in conjunction with broader business intelligence efforts to understand the performance of applications and its related impact whether those applications are in the cloud or in the data center. This global monitoring extends to F5 device health and performance, to ensure infrastructure services scale along with demand. Monitoring includes: Device Level Visibility & Monitoring Capacity Planning Virtual Level & Pool Member Statistics Object Level Visibility Near Real-Time Graphics Reporting In addition to monitoring, F5 EM can collect actionable data upon which thresholds can be determined and alerts can be configured. Alerts include: Device status change SSL certificate expiration Software install complete Software copy failure Statistics data threshold Configuration synchronization Attack signature update Clock skew When thresholds are reached, triggers send an alert via email, SNMP trap or syslog event. More sophisticated alerting and inclusion in broader automated, operational systems can be achieved by taking advantage of F5’s control-plane API, iControl. F5 EM is further able to proxy iControl-based applications, eliminating the need to communicate directly with each BIG-IP deployed. OPERATIONAL CONSISTENCY PROXY By acting as a centralized management and operational console for BIG-IP devices, F5 EM effectively proxies operational consistency across the data center and into the cloud. Its ability to collect and aggregate metrics provides a comprehensive view of application and infrastructure performance across the breadth and depth of the application delivery chain, enabling more rapid response to incidents whether performance or security related. F5 EM ensures consistency in both infrastructure configuration and operational policies, and actively participates in automation and orchestration efforts that can significantly decrease the pressure on operations when managing the critical application delivery network component of a highly distributed, cross-environment architecture. Additional Resources: F5 Enterprise Manager Overview In 5 Minutes or Less - Enterprise Manager v3.0 Application Delivery Network Platform Management Happy Managing! Devops Proverb: Process Practice Makes Perfect Persistent Threat Management F5 Friday: ADN = SDN at Layer 4-7 Applying ‘Centralized Control, Decentralized Execution’ to Network Architecture F5 Friday: Avoiding the Operational Debt of Cloud last modified: August 03, 2012 0 Comment(s): You must be logged in to post comments.