F5 Scalable App Delivery & Security for Hybrid Environments
Scope
As enterprises modernize and expand their digital services, they increasingly deploy multiple instances of the same applications across diverse infrastructure environments—such as VMware, OpenShift, and Nutanix—to support distributed teams, regional data sovereignty, redundancy, or environment-specific compliance needs. These application instances often integrate into service chains that span across clouds and data centers, introducing both scale and operational complexity.
F5 Distributed Cloud provides a unified solution for secure, consistent application delivery and security across hybrid, and multi-cloud environments. It enables organizations to add workloads seamlessly—whether for scaling, redundancy, or localization—without sacrificing visibility, security, or performance.
Introduction
This article examines enterprise-scale application deployment patterns that result in multiple instances of the same workloads across heterogeneous environments. Common enterprise scenarios include:
- Running identical customer-facing services in VMware-based private data centers and OpenShift-based development or staging clusters.
- Deploying business-critical applications across Nutanix on-prem infrastructure for edge locations and public clouds (AWS, Azure, GCP) for global reach.
- Supporting multi-region high availability by duplicating services across on-premises VMware clusters and cloud-native Kubernetes platforms.
F5 Distributed Cloud helps organizations manage these deployments by ensuring uniform application delivery and security policies across all instances—regardless of the underlying platform.
Distributed Cloud CE is a Kubernetes-based, integrated software stack which is managed centrally via the Distributed Cloud Console. Distributed Cloud CE can be deployed as a virtual machine (VM) or as a standalone containerized service in any environment. It orchestrates the local control plane and data plane components to route, encrypt, and secure traffic. Distributed Cloud CE operates as a highly available edge gateway that can securely extend networks across sites, without the need to establish physical network connectivity.
Architecture Overview
Fig 1: Architecture overview of workload scaling across hybrid environments using F5 Distributed CloudAs illustrated in the diagram, when new application workloads are provisioned across environments such as AWS, Azure, GCP, VMware (on-prem), Nutanix (on-prem), and OpenShift Container Platform (on-prem), F5 Distributed Cloud ensures seamless integration with existing services. Using Secure Mesh Site v2 (SMSv2) with Customer Edge (CE) nodes, each location maintains secure, low-latency connectivity with F5’s globally distributed Regional Edges (RE) to support real-time traffic management, security enforcement, and observability.
Scenario: Scalable Enterprise Workload Deployments Across Heterogeneous Environments
Deploy applications seamlessly across multiple environments based on customer requirements. F5's Application Delivery and Security capabilities ensure consistent application delivery and security regardless of where they are deployed.
Workloads are distributed across the following environments:
- VMware: App A & App B
- OpenShift: App B & App C
- Nutanix: App B
- → VMware: Add App C
- → OpenShift: Add App A
- → Nutanix: Add App A & App C
Applications being used:
- A → Juice Shop
- B → DVWA
- C → NGINX
Initial Infrastructure:
Fig 2: Initial infrastructure of workloads across hybrid environmentsVMware: App A & B, OpenShift: App B & C, Nutanix: App B
VMware
In the VMware on-premises environment, Applications A and B are deployed and connected to two separate load balancers. This forms the existing infrastructure. These applications are actively serving user traffic with delivery and security managed by F5 Distributed Cloud.
VMware application A (Juice Shop) deployed on LB f5-adsp1.f5-hyd-xcdemo.com
Fig 3: Juice shop application as part of initial workload in VMwareWeb Application Firewall (WAF) is enabled, which will prevent any malicious threats.
Fig 4: F5 Web Application Firewall blocking malicious requestsFrom the "Requests" section in Distributed Cloud console for the LB, we can observe that benign requests are reaching the SMSv2 CE site deployed in VMware On-Prem environment and malign requests are blocked by WAF, which won’t reach the origin server.
Note: Similarly, this initial deployment infrastructure has been implemented in OCP, Nutanix, and Azure. Please refer to the complete guide here
Adding new workloads:
F5 Distributed Cloud supports continuous delivery and seamless security for additional workloads within existing infrastructure. We will introduce new workloads across all environments to validate and demonstrate this capability.
Fig 6: Additional workload infrastructure across hybrid environmentsVMware: Add App C, OpenShift: Add App A, Nutanix: Add App A and C
VMware
In the VMware on-premises environment, an additional application—Application C—will be deployed and connected to a dedicated load balancer. This represents a new workload within the existing infrastructure. This deployment will be seamlessly integrated with F5 Distributed Cloud for secure and efficient application delivery.
VMware application C (NGINX) deployed on LB f5-adsp6.f5-hyd-xcdemo.com
Fig 7: NGINX application as part of additional workload in VMwareWeb Application Firewall (WAF) is enabled, which will prevent any malicious threats.
Fig 8: F5 Web Application Firewall blocking malicious requestsFrom the "Requests" section in Distributed Cloud console for the new workload LB, we can observe that benign requests are reaching the SMSv2 CE site deployed in VMware On-Prem environment and malign requests are being blocked by WAF, which won’t reach the origin server.
Fig 9: Both benign and malign requests logged in F5 Distributed CloudNote: Similarly, this additional workload deployment infrastructure has been implemented in OCP, Nutanix, and Azure. Please refer to the complete guide here
Conclusion:
From the above demonstration, we can conclude that F5 Distributed Cloud's Application Delivery and Security provides a robust and scalable solution across multi-cloud and on-prem environments. By deploying Secure Mesh Site v2 Customer Edge, organizations can ensure consistent connectivity, encryption, and protection for both new and existing workloads. The platform simplifies infrastructure expansion while maintaining centralized management through the Distributed Cloud Console. This enables businesses to efficiently meet evolving user demands without compromising security.
References:
F5 Scalable Enterprise Workload Deployments Complete Guide