|By Peter Silva||
|July 5, 2016 12:20 PM EDT|
Yann Desmarest is the Innovation Center Manager at e-Xpert Solutions SA and one of DevCentral’s top contributors. e-Xpert Solutions SA is a F5 Gold Partner, Unity Partner Support and a Guardian Partner. Yann has been a BIG-IP administrator for 6 years and enjoys basketball, table tennis, hacking, cinema and manga (especially Naruto).
And one of his favorite activities is developing complex iRules and that’s why he is DevCentral’s Featured Member for July!
We got a chance to chat with Yann about his work, his life and why he enjoys participating in the DevCentral Community.
DevCentral: Hi Yann. Thanks for your time. You’ve been a tremendous contributor to the DevCentral community over the years and wondered what keeps you involved?
Yann: I’m always looking for new challenges and DevCentral is a really good place to solve complex issues and to share knowledge and experiences with peers. It’s also a place that I can find useful information on iControl, iRules and iApps code.
DC: Tell us a little about the areas of BIG-IP expertise you have.
YD: At my earliest stage in the business world, I was involved on basic BIG-IP LTM projects. After some successful experiences, I wondered if I could rise up to another level and decided to learn BIG-IP ASM, APM and GTM modules as well.
Now, I think I’m pretty comfortable with all F5 BIG-IP modules but I’m clearly specialized in security and more precisely the authentication and WebSSO part delivered by BIG-IP APM.
I also acquired some development skills using iRules and iControl.
DC: You often participate and post in the Codeshare area – tell us about some of your favorite submitted iRules/iApps and how they work.
YD: I’ve had several requests to protect Microsoft Skype for Business Edge services against NTLM brute force and dos attacks. I decided to develop an iRule to intercept the encrypted traffic and identify NTLM authentication attempts on the SIP flow. Then, suspicious IPs and users are blacklisted for a duration that you can define in the RULE_INIT event.
I had also requirements to provide Client certificate authentication on Microsoft Exchange ActiveSync for Apple iOS devices. The main issue is that this kind of authentication requires a Mobile Device Management or Apple Configurator system. Deploying a full MDM for that need may be overkill so we developed an iRule that provisions the Exchange payload to the iOS device. The client certificate is retrieved using SCEP protocol. Now, with the availability of iRulesLX, I will be able to extend this feature to retrieve a certificate using third party APIs.
And finally my favorite is the APM Full Step Up Authentication iRule and Access profile that we published on DevCentral. I had a look at the Step-Up authentication feature on the APM v12.1.0 and found that it’s currently limited. I decided to develop my own configuration to make it more flexible and mainly to have this feature available for older BIG-IP versions. No doubt that my configuration will be deprecated in future releases because APM will enhance its own feature set.
I have many more iRules, iApps and iControl scripts to share with the community in the future.
DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.
YD: I had a requirement to integrate APM with an iOS and Android mobile application. The application use SOAP body to POST credentials and a second factor was required for external users. I had to intercept the SOAP body to retrieve the username and password, then play those credentials through an external REST API web service and if the user is connecting from a public IP address, prompt the end user for a second factor that I send to a third party web gateway. This is a lot of peers and exchanges to integrate in the authentication process. I had also to implement full SOAP responses and handle errors. I consulted DevCentral and the iRules wiki to find how to use sideband connections, ifiles, ACCESS events and some crypto commands. Without the DevCentral community, I would not have been able to face this challenge.
DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?
YD: Computer science was part of my life since the very beginning. Later, I decided to be an IT expert, to solve complex challenges and to help people securing their environments. Now, I’m following my dreams and work hard to be a computer expert.
Just few words to thank all my colleagues and our F5 Field System Engineers that help me a lot to acquire more skills and experience on F5 technologies.
- What Is #MQTT? | @ThingsExpo #IoT #M2M #RTC #DigitalTransformation
- What to Expect in 2017: Mobile Device Security | @ThingsExpo #IoT #M2M #Mobile
- What Is Virtual Desktop Infrastructure | @CloudExpo #VDI #Cloud #DataCenter
- What Is a Proxy? | @DevOpsSummit #Agile #DevOps #ContinuousDelivery
- Lightboard Lessons: What is a Proxy?
- Social Login to Enterprise Apps using BIG-IP & OAuth 2.0
- Q/A with Admiral Group’s Jinshu Peethambaran – DevCentral’s Featured Member for March
- Protecting API Access with BIG-IP using OAuth
- Lightboard Lessons: Service Consolidation on BIG-IP
- Q/A with Betsson’s Patrik Jonsson – DevCentral’s Featured Member for April
- Cloud Computing Making Waves
- Bit.ly, Twitter, Security & You
- Global Distributed Service in the Cloud with F5 And VMware
- Lori MacVittie Interview at Cloud Connect
- Working with One of the Top Ten Women in the Cloud
- Create a Smarter Storage Strategy
- The Threat Behind the Firewall
- Will Open Source Open Doors for Cloud Computing?
- Oracle Data Guard Sync Over the WAN with F5 BIG-IP
- 2010 Year End Security Wrap