Calvin Rowland - Tour at F5 Networks

Sign in to queue

Description

Now that Microsoft is investing a lot in Internet-based services we thought we'd go and visit a datacenter infrastructure company. So, off to F5 Networks, Inc. we went. After all, if your services don't stay up, and can't be served to your customers world-wide, you can't build a services-based business, right?

Anyway, this is a fun look into a partner of Microsoft's. We meet the geeks (er, architects) at F5 and get a look at how they are using services to add features to their products.

Embed

Download

Download this episode

The Discussion

  • User profile image
    ColinW
    Thanks for stopping by, Robert...it was great having you over.

    So, as an epilogue to this video story, Joe went and made the iControl RSS Proxy that you were asking about, in true Joe "let's see how that'd work" fashion. Wink

    The code is available, along with a video to describe the process on devcentral.f5.com, our developer community.

    You can check it out here.

    Thanks again,
    -Colin
  • User profile image
    Manip
    I know this question is a little redundant for a network-appliance but what OS do they run?

    And also how fine can you set a user's access to the API set? I mean call by call? And can you do things like custom encryption (e.g. expand the built-in encryption)?
  • User profile image
    joepruitt
    We don't disclose the operating system that our platforms run on. As you say, it really is not relevant as we provide a closed box system which is transparent to the users using it.  Let's just say that we've written our own, highly optimized, intelligent, modular and scalable architecture that we call TMOS that runs the core of our processing.  Do a web search on "TMOS" and "F5" and you'll find more information.

    As for access control, currently our iControl interfaces are tied to the user policies that govern our Administrative GUI.  We currently allow admin (full access), operator (read + partial write), and guest (read-only).  We are currently working on expanding the features with a more extensive authorization model in one of our upcoming releases.

    As for custom encryption, I'm not quite sure what you mean.  Is this in regards to our management interfaces, or traffic level encryption.  For our management interfaces, we transport everything over SSL and there really is no option to customize this.  As for traffic level encryption, we offer full extensibility in how you configure and deploy.  Our devices are a full proxy so we can proxy client-to-device and device-to-server.  Also, this is configurable at runtime by making use of our iRules scripting language.  And, since you have full control of all traffic content (including the payload), you can decide to partially encrypt the content in full or parially.  A good example of this would be if you wanted to not allow credit card numbers outside of your enterprise.  You could write an iRule that scanned all traffic for patterns matching valid credit card numbers and either mask out, encode, or encrypt the numbers.  It's very flexible stuff.

    Hope that answers your questions Cool

    -Joe
  • User profile image
    Manip
    Sounds to me like your management system has some problems, in so much that you can't set the sufficient granularity of access required by the user but instead have to rely on broad templates.

    What, I believe, will happen is that your clients will hire lazy developers who will write the front end as an admin on the appliance, relying only on their local application to screen out settings they wish the user not to touch (or simply not list them to begin with).

    Until of course some smart-* writes their own app, or modifies the companies one in order to change or sabotage the appliance at their whim.


    The OS you picked, which I'm guessing is a BSD, is very relevant primarily because such appliances handle thousands if not millions of dollars per day, and any kind of security hole could cause companies, or you guys large financial hardship.


    I was actually asking about encryption models for the management system... Now I'm wondering, just how expandable is the appliance in general? Can it run other people's code?
  • User profile image
    Steve411
    ColinW wrote:
    Thanks for stopping by, Robert...it was great having you over.

    So, as an epilogue to this video story, Joe went and made the iControl RSS Proxy that you were asking about, in true Joe "let's see how that'd work" fashion.

    The code is available, along with a video to describe the process on devcentral.f5.com, our developer community.

    You can check it out here.

    Thanks again,
    -Colin


    http://devcentral.f5.com/weblogs/cwalker/archive/2005/08/05/Admin/Vendors/BannerClickThrough.aspx?BannerId=1&VendorId=1

    http://devcentral.f5.com/weblogs/cwalker/
    ^^ Search doesn't work.

    - Steve
  • User profile image
    joepruitt
    Manip,I respect your opinions on management issues.  Trust me, I do not believe that any of our customers hire "lazy developers" to write front ends for our devices.  Our API's allow their admins to build value-add solutions on top of the device and for the most part make use of existing in-house specialists (whether from the ops or apps side of the staff).

    As for your point about the "smart-(I need to watch my language)", that is true for any product.  If you give access to a system (whether admin, or guest), that user could cause havoc that they have access to.  I've witnessed that first hand when my kids get access to my windows machine at home Cool.  That is why auditing and logging is very important.  It's also important to have a staging system setup for development so that you keep the authentication information for your production system away from those who don't need it.

    If you are really concerned about what OS we are running on, I'd suggest you get in touch with our Sales department.  I'm sure that they can give you whatever info you need if you are considering buying from us.  Believe me, we take security very seriously...

    As for expandability, our systems are highly tuned for our software and don't support the device for hosting customer-supplied application code.  I'd suggest going to Dell, it'll cost you much less Cool.

    Cheers!

    -Joe
  • User profile image
    CRPietschma​nn
    Did F5 pay to get this publicity on Channel9? If not, then why were they specifically chosen?
  • User profile image
    Charles
    CRPietschmann wrote:
    Did F5 pay to get this publicity on Channel9? If not, then why were they specifically chosen?


    This is not a commercial for F5. If you watch the video, you will learn about some incredible work F5 has done with web services-based device management, a platform for developers to interact with F5 hardware using managed code and scripting language they've created, all of this using Visual Studio as the primary dev environment. We love this stuff.

    We want to talk to more companies this year that are doing innovative work with our technologies. Microsoft is not the only place where cool engineering using Microsoft technologies is going on...

    Using web services as a means to control and monitor hardware is rather innovative stuff, not to mention the platform they've created to make it easier for developers and network admin types to work together productively.

    C
  • User profile image
    scobleizer
    CRPietschmann wrote:
    Did F5 pay to get this publicity on Channel9? If not, then why were they specifically chosen?


    Random selection. Someone I knew said "you want to go over and meet the folks from F5 and see what they are doing?" and I said "OK, can I bring my camcorder?"

    It's how Douglas Engelbart is on here and how most of our videos are done.
  • User profile image
    Boogie
    Great video...  and great products.  We use F5's in our labs for customer testing where customers specifically ask for hardware loadbalancing.  In fact I have two customer engagements currently underway in our facility (Charlotte, NC location) and they are both using an F5 in their testing(one just one week, and the other is on thier 4th week) . 

    We have 6 or 7 devices (540, 2400, etc) all running 4.5 or 9.1.1 (currently).

    We have been very pleased with our boxes and the support recieved by F5.  Big Smile

    <<no..  they did not pay me to say so Wink >>

    --Boogie...  aka Labrat

    https://blogs.technet.com/labrat

  • User profile image
    n00dles
    That is easily one of the best videos I have seen on Channel9 since it's inception. I thought I had worked in fairly respectable enterprise environments (smallest company I've worked for had 10,000+ employees), but I've never seen any infrastructure technology ike that!

    n1 scoble Smiley
  • User profile image
    BuckyBit
    Swordfish - bad bad movie, I say...
  • User profile image
    tzachk
    Just wondering why in the movie the man with the camera says that he was invited over, and then you write that you invited yourslelf to F5
  • User profile image
    Jahbulon
    hmm i smell PR...

Add Your 2 Cents