Calvin Rowland - Tour at F5 Networks

The Discussion

• 

  Thanks for stopping by, Robert...it was great having you over.
  
  So, as an epilogue to this video story, Joe went and made the iControl RSS Proxy that you were asking about, in true Joe "let's see how that'd work" fashion.
  
  The code is available, along with a video to describe the process on devcentral.f5.com, our developer community.
  
  You can check it out here.
  
  Thanks again,
  -Colin
  

• 

  I know this question is a little redundant for a network-appliance but what OS do they run?
  
  And also how fine can you set a user's access to the API set? I mean call by call? And can you do things like custom encryption (e.g. expand the built-in encryption)?

• 

  We don't disclose the operating system that our platforms run on. As you say, it really is not relevant as we provide a closed box system which is transparent to the users using it.  Let's just say that we've written our own, highly optimized, intelligent, modular and scalable architecture that we call TMOS that runs the core of our processing.  Do a web search on "TMOS" and "F5" and you'll find more information.
  
  As for access control, currently our iControl interfaces are tied to the user policies that govern our Administrative GUI.  We currently allow admin (full access), operator (read + partial write), and guest (read-only).  We are currently working on expanding the features with a more extensive authorization model in one of our upcoming releases.
  
  As for custom encryption, I'm not quite sure what you mean.  Is this in regards to our management interfaces, or traffic level encryption.  For our management interfaces, we transport everything over SSL and there really is no option to customize this.  As for traffic level encryption, we offer full extensibility in how you configure and deploy.  Our devices are a full proxy so we can proxy client-to-device and device-to-server.  Also, this is configurable at runtime by making use of our iRules scripting language.  And, since you have full control of all traffic content (including the payload), you can decide to partially encrypt the content in full or parially.  A good example of this would be if you wanted to not allow credit card numbers outside of your enterprise.  You could write an iRule that scanned all traffic for patterns matching valid credit card numbers and either mask out, encode, or encrypt the numbers.  It's very flexible stuff.
  
  Hope that answers your questions
  
  -Joe

• 

  Sounds to me like your management system has some problems, in so much that you can't set the sufficient granularity of access required by the user but instead have to rely on broad templates.
  
  What, I believe, will happen is that your clients will hire lazy developers who will write the front end as an admin on the appliance, relying only on their local application to screen out settings they wish the user not to touch (or simply not list them to begin with).
  
  Until of course some smart-* writes their own app, or modifies the companies one in order to change or sabotage the appliance at their whim.
  
  
  The OS you picked, which I'm guessing is a BSD, is very relevant primarily because such appliances handle thousands if not millions of dollars per day, and any kind of security hole could cause companies, or you guys large financial hardship.
  
  
  I was actually asking about encryption models for the management system... Now I'm wondering, just how expandable is the appliance in general? Can it run other people's code?

• 

  ColinW wrote:

  Thanks for stopping by, Robert...it was great having you over.
  
  So, as an epilogue to this video story, Joe went and made the iControl RSS Proxy that you were asking about, in true Joe "let's see how that'd work" fashion.
  
  The code is available, along with a video to describe the process on devcentral.f5.com, our developer community.
  
  You can check it out here.
  
  Thanks again,
  -Colin
  

  
  
  http://devcentral.f5.com/weblogs/cwalker/archive/2005/08/05/Admin/Vendors/BannerClickThrough.aspx?BannerId=1&VendorId=1
  
  http://devcentral.f5.com/weblogs/cwalker/
  ^^ Search doesn't work.
  
  - Steve

• 

  Manip,I respect your opinions on management issues.  Trust me, I do not believe that any of our customers hire "lazy developers" to write front ends for our devices.  Our API's allow their admins to build value-add solutions on top of the device and for the most part make use of existing in-house specialists (whether from the ops or apps side of the staff).
  
  As for your point about the "smart-(I need to watch my language)", that is true for any product.  If you give access to a system (whether admin, or guest), that user could cause havoc that they have access to.  I've witnessed that first hand when my kids get access to my windows machine at home .  That is why auditing and logging is very important.  It's also important to have a staging system setup for development so that you keep the authentication information for your production system away from those who don't need it.
  
  If you are really concerned about what OS we are running on, I'd suggest you get in touch with our Sales department.  I'm sure that they can give you whatever info you need if you are considering buying from us.  Believe me, we take security very seriously...
  
  As for expandability, our systems are highly tuned for our software and don't support the device for hosting customer-supplied application code.  I'd suggest going to Dell, it'll cost you much less .
  
  Cheers!
  
  -Joe

• 

  Did F5 pay to get this publicity on Channel9? If not, then why were they specifically chosen?

• 

  CRPietschmann wrote:

  Did F5 pay to get this publicity on Channel9? If not, then why were they specifically chosen?

  
  
  This is not a commercial for F5. If you watch the video, you will learn about some incredible work F5 has done with web services-based device management, a platform for developers to interact with F5 hardware using managed code and scripting language they've created, all of this using Visual Studio as the primary dev environment. We love this stuff.
  
  We want to talk to more companies this year that are doing innovative work with our technologies. Microsoft is not the only place where cool engineering using Microsoft technologies is going on...
  
  Using web services as a means to control and monitor hardware is rather innovative stuff, not to mention the platform they've created to make it easier for developers and network admin types to work together productively.
  
  C

• 

  CRPietschmann wrote:

  Did F5 pay to get this publicity on Channel9? If not, then why were they specifically chosen?

  
  
  Random selection. Someone I knew said "you want to go over and meet the folks from F5 and see what they are doing?" and I said "OK, can I bring my camcorder?"
  
  It's how Douglas Engelbart is on here and how most of our videos are done.

• 

  Great video...  and great products.  We use F5's in our labs for customer testing where customers specifically ask for hardware loadbalancing.  In fact I have two customer engagements currently underway in our facility (Charlotte, NC location) and they are both using an F5 in their testing(one just one week, and the other is on thier 4th week) . 
  
  We have 6 or 7 devices (540, 2400, etc) all running 4.5 or 9.1.1 (currently).
  
  We have been very pleased with our boxes and the support recieved by F5. 
  
  <<no..  they did not pay me to say so >>
  
  --Boogie...  aka Labrat
  
  http://blogs.technet.com/labrat
  
  

• 

  That is easily one of the best videos I have seen on Channel9 since it's inception. I thought I had worked in fairly respectable enterprise environments (smallest company I've worked for had 10,000+ employees), but I've never seen any infrastructure technology ike that!
  
  n1 scoble
  

• 

  Swordfish - bad bad movie, I say...

• 

  Just wondering why in the movie the man with the camera says that he was invited over, and then you write that you invited yourslelf to F5

• 

  hmm i smell PR...