Psilva's Prophecies

Peter Silva

Subscribe to Peter Silva: eMailAlertsEmail Alerts
Get Peter Silva: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Security Journal, IT Strategy, Secure Cloud Computing, F5 Networks, Internet of Things Journal

Cloud Computing: Blog Feed Post

F5 Application Connector Overview

Today, let’s take a look at Application Connector. Application Connector connects public clouds to your application service infrastructure within cloud interconnects or data centers. This enables the use of public cloud resources as part of your compute infrastructure while also performing workload discovery and deploying consistent app services across your multi-cloud environments.

ac1

The idea behind Application Connector is to have your applications in the cloud but have them considered local to BIG-IP so they don’t have any internet access. BIG-IP gets traffic from the nodes via secure web sockets connection. You can use Application Connector across multiple clouds and you can keep the same virtual server address that you use now. If you’ve been hesitant about moving your applications to the cloud due to worries about security, this is a way to move to the cloud while still using your BIG-IP.

This diagram shows a basic Application Connector set up. You can see it is made up of two components – the Service Center which runs on BIG-IP and the Proxy which runs on a Docker container in the cloud with your application.

ac2

This is what a running version of the Proxy looks like. This webpage is running on a Docker container which is running on a lightweight Linux instance in this example on Amazon Web Services. In the top right, you can see we got authentication set up with AWS. Under Proxy Stats, you can also see some details about aggregate traffic passing through the Proxy to the application servers. And under Service Center Connections, notice the BIG-IP that is associated with the Proxy.

ac3

And below that under Published Nodes, you can see the list of Published Nodes. Published means that BIG-IP has these nodes available.

ac4

Let’s take a quick look at a few possibilities for adding and removing nodes.

Let’s say that these nodes are used in BIG-IP as pool members, so traffic is going to them. If I want to stop sending traffic to one of the nodes, we can simply disable it temporarily and if we’re done with a node, we can delete it completely. This is useful if you are on the Dev Team and you have access to the Proxy but you don’t have access to the BIG-IP. Without contacting IT, you can start and stop traffic to the application.

ac5

What happens if I delete a node? If we scroll down a bit more, there are three options: we can auto-publish nodes to BIG-IP or we can easily auto discover them. This means the Proxy will show you the nodes and you can choose whether to publish to BIG-IP.

ac6

We went ahead and deleted one of the nodes and now that node appears under the Auto Discovery selection.

ac7

And we can decide if we want to publish to BIG-IP.

ac8

You also have the option to manually add nodes so no matter where your nodes live, in Azure, Google, AWS or your data center, you can add them here and they’ll communicate with BIG-IP via secure web sockets connection.

ac81

Now let’s turn to the BIG-IP. Here is the Service Center and it’s in the iApps section under Application Services>Applications LX. Here, we can see a visual representation of my active Proxy and its related nodes.

ac82

If we click Proxies, we can see the Proxy here and if we want to stop authorizing this Proxy we can. This will stop traffic going to these nodes.

ac83

If others in the organization add Proxies, we can go in and authorize them.

ac84

In addition, if we click API, we get a list of all the programmatic ways we can interact with Application Connector.

ac85

ac851

Now, on the BIG-IP, if we go to Local Traffic>Pools>Pool List we can look at the pool associated with this deployment. Let’s click Members and we can see that the nodes we’ve been working with are available for us to add to a Pool.

ac87

You’d use Application Connector if you’re multi-cloud since it doesn’t matter where you nodes are, BIG-IP considers them local. From a security perspective, no public IPs need to be associated with your applications and keep your encryption keys on BIG-IP and share them across clouds. And the consistency to have BIG-IP services like load balancing, WAF, traffic manipulation and authentication are all centrally managed on BIG-IP. After your initial configuration, no real management needed for low maintenance.

The licensing is included with the iSeries appliance and available as an add-on for other platforms. You can watch the Application Connector – Part 1: Overview video from our TechPubs team.

ps

Read the original blog entry...

More Stories By Peter Silva

Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.