DevCentral Top 5: May 12, 2014
And here we are again...that fateful time of the week where we admire, and yes, celebrate the amazing accomplishments of our DevCentral contributors. The easy part is writing about all the great content; the hard part is picking just 5 articles to highlight. Nonetheless, here they are in no particular order...the DevCentral top 5:
Lori MacVittie is the "William Shakespeare of DevCentral" who invokes emotions in us all that we never knew we had. She's the "Mozart of Technology" who can't help but write masterpiece after masterpiece. Back in high school, I read Shakespeare's Romeo and Juliet and listened to Mozart's Requiem in D at the same time...I didn't shed a tear. This week, I read Lori's article on the synergistic relationship between F5 and VMware...I wept uncontrollably.
In her "Real Synergy" article, Lori talks about a recent study conducted by Principled Technologies where they tested different technologies for delivering VDI. It was a showdown between Citrix/Citrix and F5/VMware. One might assume that the best synergy would have been shown between Citrix and itself, but the results showed something different. The F5/VMware matchup delivered better results in installation time as well as per-user cost. The report highlighted the importance of the speed with which operations can deploy applications and how that directly contributes to effectiveness and cost. The measure of success is how well the load balancing service can optimize the architecture to use the least number of connection servers and support the highest number of concurrent users without impacting performance or stability. At the end of the day, a combined F5/VMware solution provides a more cost effective, simpler and faster deployment for VDI than a comparable Citrix XenDesktop and Netscaler solution. Great stuff!
Dawn Parzych lifts the veil on one of the most mysterious parts of the BIG-IP Application Acceleration Manager (AAM)...caching. We all know that caching makes things faster, right? But how do you tune the AAM to provide the best caching experience for your application and end user? Well, look no further. Dawn creates the pièce de résistance where she answers 4 commonly asked questions about caching. Questions like:
- Why is there an option to turn off cache on first hit, and why would I ever enable this?
- What does Queue Parallel Requests do?
- Why would I ever set the maximum object size to anything less than infinity?
- OK, a maximum object size makes sense, but what about the minimum object size?
She even uses a simplified example where she compares a website to a jar full of marbles. By the end of the article, you'll know when to cache, what to cache, and why a small mistake can potentially cost you big. You know you want to read this!
Nir Zigler is fairly new on the DevCentral article submission circuit. But, if his 2 posts last week are any indication of what's to come, I'm ready to sign up as the President of his fan club. Nir shows us how a relatively old and specific vulnerability has reared its ugly head using a very common and widespread application. This vulnerability is exploited through the Plesk admin panel and allows remote code execution by using a bug in the PHP CGI wrapper. In the article, Nir gives you all the details of the Plesk tool and shows how the malicious code is used against a target. Here's the good part: Nir also shows how an updated ASM will catch this exploit with about 6 different attack signature triggers. How's that for some ASM love?
How do I sleep at night knowing this vulnerability is out there "in the wild"? Because Nir Zigler is also out there "in the wild" protecting us all with his awesome DevCentral articles. By the way, check out his other article that shows how to Mitigate The Apache Struts ClassLoader Manipulation Vulnerabilities Using ASM.
Who knew you could learn to cook on DevCentral? Well now you know...and nothing tastes as wonderful as the APM goodness that Brett Smith serves up in his article on SSO using Kerberos. Move over Wolfgang Puck...there's a new chef in the kitchen.
Kerberos SSO is one of those things that's been around for a while, but it seems to stump people who have never used Kerberos before. Brett shows us that the Kerberos SSO configuration in APM is pretty straightforward once you have the Active Directory components configured. The article literally walks through each step of the process...complete with screenshots and all. If you follow the steps in this article, you'll have a fully-functional APM policy attached to a Virtual Server...and you'll test and verify that the Kerberos SSO worked correctly! Brett cleverly reminds us at the end of the article that using Kerberos SSO with APM is a "piece of cake"...and, I think I speak for all of us when I say "that cake was delicious".
The man, the myth, the legend. The stuff that dreams are made of. You know who I'm talking about...David Holmes is his name, and writing award-winning security articles is his game. In this, his magnum opus, David shows us all why IP reputation really does matter. Imagine a world where the behavior of millions of computers is scored, and those scores are compiled into a database that you can use to make intelligent decisions on who gets access to your web applications. Well, guess what...the BIG-IP already has this service. It's a reputation service called IP Intelligence (IPI). This service is maintained in real time and sends updates to your BIG-IP every five minutes. Customers using APM or ASM can configure the IPI service directly on the module, and all other customers can check the reputation of incoming or outgoing traffic by applying a simple iRule on their LTM. What's more, Webroot (the company who supplies the intelligence service) and F5 have teamed up to build a tool that shows the threat intelligence value of IPI. A firewall administrator can simply upload a firewall log into the Threat Intelligence Analyzer to see the analysis...really cool and powerful stuff! David even includes a video on how the Threat Analyzer tool works.
To end the article, David ran the Threat Analyzer against the firewall logs of his home network. Guess what the results were? I'm sure you're interested to know...well, go check out the article and you'll find out!
Well, that wraps up this edition of DevCentral's Top 5. There were lots of other great articles to choose from, so please take some time to read through all the goodness in the Articles section of this website. We even have great articles that are written in German, French, and other languages that I haven't learned yet. See you out there in the community!