Calvin Rowland - Tour at F5 Networks

Posted: Dec 12, 2005 at 3:38 PM

By: scobleizer

44,740 Views

14 Comments

Download

Right click “Save as…”

Mid Quality WMV (Lo-band, Mobile)
WMV (WMV Video)

format
< > embed
+ queue

Sign In first to access your queue.
Close

Sorry, video was not added to the queue, an error occurred. Please Contact Us and let us know.
Close

Embed code for this video

Copy the code above to embed our video on your website/blog.

Video format

Auto
Use our suggested format for this video.
Smooth Streaming
Adaptive bitrate streaming - little buffering but lower video quality at times of low bandwidth.
Progressive
Traditional buffered video format.
HTML5
For browsers that support h264 MP4 or WebM video playback such as:
IE9+, Chrome 5+, or Safari 4+.

Note: These selections will fall back to the next best format depending upon browser capability.

Now that Microsoft is investing a lot in Internet-based services we thought we'd go and visit a datacenter infrastructure company. So, off to F5 Networks, Inc. we went. After all, if your services don't stay up, and can't be served to your customers world-wide, you can't build a services-based business, right?

Anyway, this is a fun look into a partner of Microsoft's. We meet the geeks (er, architects) at F5 and get a look at how they are using services to add features to their products.

We don't disclose the operating system that our platforms run on. As you say, it really is not relevant as we provide a closed box system which is transparent to the users using it. Let's just say that we've written our own, highly optimized, intelligent, modular and scalable architecture that we call TMOS that runs the core of our processing. Do a web search on "TMOS" and "F5" and you'll find more information.

As for access control, currently our iControl interfaces are tied to the user policies that govern our Administrative GUI. We currently allow admin (full access), operator (read + partial write), and guest (read-only). We are currently working on expanding the features with a more extensive authorization model in one of our upcoming releases.

As for custom encryption, I'm not quite sure what you mean. Is this in regards to our management interfaces, or traffic level encryption. For our management interfaces, we transport everything over SSL and there really is no option to customize this. As for traffic level encryption, we offer full extensibility in how you configure and deploy. Our devices are a full proxy so we can proxy client-to-device and device-to-server. Also, this is configurable at runtime by making use of our iRules scripting language. And, since you have full control of all traffic content (including the payload), you can decide to partially encrypt the content in full or parially. A good example of this would be if you wanted to not allow credit card numbers outside of your enterprise. You could write an iRule that scanned all traffic for patterns matching valid credit card numbers and either mask out, encode, or encrypt the numbers. It's very flexible stuff.

Hope that answers your questions Cool

-Joe

Follow the Discussion

Subscribe to these comments

ColinW Just one of the good guys...

Dec 12, 2005 at 5:30 PM quote reply

Thanks for stopping by, Robert...it was great having you over.

So, as an epilogue to this video story, Joe went and made the iControl RSS Proxy that you were asking about, in true Joe "let's see how that'd work" fashion.

The code is available, along with a video to describe the process on devcentral.f5.com, our developer community.

You can check it out here.

Thanks again,
-Colin
Manip

Dec 12, 2005 at 10:40 PM quote reply

I know this question is a little redundant for a network-appliance but what OS do they run?

And also how fine can you set a user's access to the API set? I mean call by call? And can you do things like custom encryption (e.g. expand the built-in encryption)?
joepruitt Joe

Dec 12, 2005 at 11:35 PM quote reply

We don't disclose the operating system that our platforms run on. As you say, it really is not relevant as we provide a closed box system which is transparent to the users using it. Let's just say that we've written our own, highly optimized, intelligent, modular and scalable architecture that we call TMOS that runs the core of our processing. Do a web search on "TMOS" and "F5" and you'll find more information.

As for access control, currently our iControl interfaces are tied to the user policies that govern our Administrative GUI. We currently allow admin (full access), operator (read + partial write), and guest (read-only). We are currently working on expanding the features with a more extensive authorization model in one of our upcoming releases.

As for custom encryption, I'm not quite sure what you mean. Is this in regards to our management interfaces, or traffic level encryption. For our management interfaces, we transport everything over SSL and there really is no option to customize this. As for traffic level encryption, we offer full extensibility in how you configure and deploy. Our devices are a full proxy so we can proxy client-to-device and device-to-server. Also, this is configurable at runtime by making use of our iRules scripting language. And, since you have full control of all traffic content (including the payload), you can decide to partially encrypt the content in full or parially. A good example of this would be if you wanted to not allow credit card numbers outside of your enterprise. You could write an iRule that scanned all traffic for patterns matching valid credit card numbers and either mask out, encode, or encrypt the numbers. It's very flexible stuff.

Hope that answers your questions

-Joe
Manip

Dec 13, 2005 at 2:39 AM quote reply

Sounds to me like your management system has some problems, in so much that you can't set the sufficient granularity of access required by the user but instead have to rely on broad templates.

What, I believe, will happen is that your clients will hire lazy developers who will write the front end as an admin on the appliance, relying only on their local application to screen out settings they wish the user not to touch (or simply not list them to begin with).

Until of course some smart-* writes their own app, or modifies the companies one in order to change or sabotage the appliance at their whim.

The OS you picked, which I'm guessing is a BSD, is very relevant primarily because such appliances handle thousands if not millions of dollars per day, and any kind of security hole could cause companies, or you guys large financial hardship.

I was actually asking about encryption models for the management system... Now I'm wondering, just how expandable is the appliance in general? Can it run other people's code?
Steve411 Me, all suited up!

Dec 13, 2005 at 6:07 AM quote reply

ColinW wrote:

Thanks for stopping by, Robert...it was great having you over.

So, as an epilogue to this video story, Joe went and made the iControl RSS Proxy that you were asking about, in true Joe "let's see how that'd work" fashion.

The code is available, along with a video to describe the process on devcentral.f5.com, our developer community.

You can check it out here.

Thanks again,
-Colin

http://devcentral.f5.com/weblogs/cwalker/archive/2005/08/05/Admin/Vendors/BannerClickThrough.aspx?BannerId=1&VendorId=1

http://devcentral.f5.com/weblogs/cwalker/
^^ Search doesn't work.

- Steve
joepruitt Joe

Dec 13, 2005 at 9:03 AM quote reply

Manip,I respect your opinions on management issues. Trust me, I do not believe that any of our customers hire "lazy developers" to write front ends for our devices. Our API's allow their admins to build value-add solutions on top of the device and for the most part make use of existing in-house specialists (whether from the ops or apps side of the staff).

As for your point about the "smart-(I need to watch my language)", that is true for any product. If you give access to a system (whether admin, or guest), that user could cause havoc that they have access to. I've witnessed that first hand when my kids get access to my windows machine at home . That is why auditing and logging is very important. It's also important to have a staging system setup for development so that you keep the authentication information for your production system away from those who don't need it.

If you are really concerned about what OS we are running on, I'd suggest you get in touch with our Sales department. I'm sure that they can give you whatever info you need if you are considering buying from us. Believe me, we take security very seriously...

As for expandability, our systems are highly tuned for our software and don't support the device for hosting customer-supplied application code. I'd suggest going to Dell, it'll cost you much less .

Cheers!

-Joe
CRPietschmann Chris Pietschmann

Dec 13, 2005 at 11:26 AM quote reply

Did F5 pay to get this publicity on Channel9? If not, then why were they specifically chosen?
Charles Welcome Change

Dec 13, 2005 at 12:11 PM quote reply

CRPietschmann wrote:

Did F5 pay to get this publicity on Channel9? If not, then why were they specifically chosen?

This is not a commercial for F5. If you watch the video, you will learn about some incredible work F5 has done with web services-based device management, a platform for developers to interact with F5 hardware using managed code and scripting language they've created, all of this using Visual Studio as the primary dev environment. We love this stuff.

We want to talk to more companies this year that are doing innovative work with our technologies. Microsoft is not the only place where cool engineering using Microsoft technologies is going on...

Using web services as a means to control and monitor hardware is rather innovative stuff, not to mention the platform they've created to make it easier for developers and network admin types to work together productively.

C
scobleizer I'm the video guy

Dec 13, 2005 at 1:32 PM quote reply

CRPietschmann wrote:

Did F5 pay to get this publicity on Channel9? If not, then why were they specifically chosen?

Random selection. Someone I knew said "you want to go over and meet the folks from F5 and see what they are doing?" and I said "OK, can I bring my camcorder?"

It's how Douglas Engelbart is on here and how most of our videos are done.
Boogie Marcus Barton - LabRat

Dec 14, 2005 at 5:34 AM quote reply

Great video... and great products. We use F5's in our labs for customer testing where customers specifically ask for hardware loadbalancing. In fact I have two customer engagements currently underway in our facility (Charlotte, NC location) and they are both using an F5 in their testing(one just one week, and the other is on thier 4th week) .

We have 6 or 7 devices (540, 2400, etc) all running 4.5 or 9.1.1 (currently).

We have been very pleased with our boxes and the support recieved by F5.

<<no.. they did not pay me to say so >>

--Boogie... aka Labrat

http://blogs.technet.com/labrat
n00dles

Dec 20, 2005 at 1:03 AM quote reply

That is easily one of the best videos I have seen on Channel9 since it's inception. I thought I had worked in fairly respectable enterprise environments (smallest company I've worked for had 10,000+ employees), but I've never seen any infrastructure technology ike that!

n1 scoble
BuckyBit

Jan 11, 2006 at 4:02 AM quote reply

Swordfish - bad bad movie, I say...
tzachk

Jan 22, 2006 at 3:59 AM quote reply

Just wondering why in the movie the man with the camera says that he was invited over, and then you write that you invited yourslelf to F5
Jahbulon

Jul 06, 2007 at 1:02 AM quote reply

hmm i smell PR...

Remove this comment

Remove this thread

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.