Introduction

Welcome to the first class in iControl Basics 101 where we will discuss what the heck iControl is and how it can be used to help automate network based tasks such as server provisioning and application deployment.  I'm going to start with our standard marketing blurb on iControl, dissect it into it's pieces, and give relevant examples about the claims we are making.  So, here's the standard overview:

What is iControl?

"iControl is the first open API that enables applications to work in concert with the underlying network based on true software integration.

Utilizing SOAP/XML to ensure open communications between dissimilar systems, iControl helps F5 customers, leading independent software vendors ( ISVs ), and Solution Providers realize new levels of automation and configuration management efficiency. Whether monitoring network-level traffic statistics, automating network configuration and management, or facilitating next generation service-oriented architectures, iControl gives organizations the power and flexibility to ensure that applications and the network work together for increased reliability, security, and performance. Further, iControl has proven itself as a valuable technology that can help reduce the cost of managing complex environments."

Dissecting with examples...

That's how our marketing department likes to describe iControl.  While straight and to the point, it's helpful to provide some detailed examples as to each statement.  Let's begin with:

"iControl is the first open API"

We don't make this statement lightly.  iControl was introduced in 2001 which may not seem too long ago, but back then the only way to access a network device was via it's SNMP mib.  While that is great for using stock reporting tools like HP OpenView, but try telling a web developer to pull out his ASP.NET SNMP toolkit and write a deployment application...  Over the years, there have been several companies out there who have tried to follow our lead, but none to date has an interface that is as extensive and standards compliant as iControl.  Next comes:

"... that enables applications to work in concert with the underlying network based on true software integration".

Here's where the heart of iControl lies.  "Applications working in concert with the underlying network".  iControl is not only about automation, but real-time dynamic integration between the applications and the network.  Management interfaces are most often designed to allow for monitoring and manual configuration control. 

Imagine this scenario:  Your child is sick in bed with a 104 deg F temperature, and you were helpless to do anything about it until your child's doctor called you when his schedule permitted.  Not too good huh?  Well, that's what's going on with standard monitoring systems.  An outside entity is "polling" your servers on some interval and guessing based on a limited set of information how it's "health" is. 

iControl gives the server applications the tools to "call the doctor" (ie, to make a method call to the network device) and make an active change in it's health.

Utilizing SOAP/XML to ensure open communications between dissimilar systems, iControl helps F5 customers, leading independent software vendors ( ISVs ), and Solution Providers realize new levels of automation and configuration management efficiency.

This is where the fact that iControl is standards based plays in.  Since iControl was built on SOAP with the encoding options compatible with most platforms, it works with, as far as we know, all major Web Service based toolkits such as .Net, Java, perl, php, python, ruby, and many others.  I would venture to state that almost any company out there has at least one developer proficient in at least one of the above languages ensuring that there is already in-house staff that have the skills to build iControl applications.  Try to say the same thing for SNMP!

This one is a bit longer:

"Whether monitoring network-level traffic statistics, automating network configuration and management, or facilitating next generation service-oriented architectures, iControl gives organizations the power and flexibility to ensure that applications and the network work together for increased reliability, security, and performance."

We'll have to take this piece by piece.  For "monitoring network-level traffic", with the numerous Statistics interfaces in the iControl API, one can get very fine-tuned data on how the network objects are performing - from throughput rates to connection counts, the Statistics interfaces have it all.

As for "automating network configuration and management", nearly 100% of the features in the administration GUI is available from an iControl method, so tasks from adding users to uploading ssl certificates can be automated, thus allowing organizations to make better use of those network administrators.

"Facilitating next generation service oriented architectures" is directed at how we envision the DataCenter of the future.  Grid Networks, Dynamic Services and Service Oriented Architectures are going to become more prevalent and iControl's ability to dynamic manipulate the network makes this DataCenter of the future a feasible goal.

"... work together for increased reliability, security, and performance".  With regards to reliability, we have conducted surveys and it is generally agreed that organizations have errors due to "fat fingers" when managing network configurations - "Oh, you meant to take down node 10.10.10.10 and not 10.10.10.01 - oops...".  By Automating processes, the odds of typing in a wrong network address, or hitting "Delete" instead of "Enable" goes drastically down and network reliability goes up up and up.  As for Security, by limited the amount of users that have access to the network directly, one can mitigate the risk of admin accounts to your devices being leaked.  That as well as the fact that iControl is backed by 128bit SSL Encryption, will let you rest assured that your networks are strongly protected.  Lastly regarding performance, by allowing the network to "heal" itself, and by enabling systems to automate provisioning of network resources,  one can build a system that will be allowed to adapt to stresses at real time, leading to performance increases.

Conclusion

Hopefully this gives you some context as to the overview of the features that iControl can enable.  In the next edition of this series, I'll dig into the iControl architecture and how it works from the client application to the BIG-IP and back again.

Get the Flash Player to see this player.