Getting In Shape For Summer With BIG-IP Per App Virtual Edition
What happens when you cross a developer with a fitness instructor? I can't think of a punch line that won't make you hate me. But there's really no joke here. Last January F5 released a new version of BIG-IP and something interesting was lurking under the hood of those extra decimal places. Similar to my discussion of BIG-IP's SELinux updates these features don't always get noticed but it's important for you to know when making deployment decisions. Grab your protein shake and let's see what changed so far.
Dropping The Weight
It's a universal fact that Storage Admins eat their young so the last thing you want to do is ask for excessive amounts of disk space. Our developers took that to heart and trimmed down BIG-IP virtual edition to nearly half of it's predecessor. Don't believe me? Here is a side by side of a vanilla BIG-IP EC2 instance in AWS.
Here's BIG-IP v12 after a nice holiday season of figgy pudding and candied yams.
BIG-IP v184.108.40.206 kept their New Year's resolution intact and shed those gigs!
How many BIG-IP virtual editions do you really have deployed, is the storage savings worth it? Some of you can count on one hand, some of you need your hands and toes... or your coworkers hands and toes too. If I deploy 5 BIG-IP v220.127.116.11 (or later)instances I'll save roughly 240GB of storage compared to earlier versions. What if I deployed 25? Over 1TB of storage saved but who's deploying 25 BIG-IP's at a time? Hold that thought.
Usain Bolt Has Nothing On Our Deploy Time
Cloud deployments expect application availability in minutes not hours. F5's developers are always looking for more ways to speed up time between pressing the deployment button and actually passing traffic between clients and applications. An internal team did exactly that and here are some results of our initial tests in AWS. Mind you these numbers will always fluctuate depending on how complex your automation is and how complicated you like to make your configurations.
Notes on cloud testing in AWS:
Size: m4.xlarge - 4vcpu/16GB RAM
Image Size: Good 41G
And from what I've seen, these numbers are only getting better. We have a faster deploymet times to processing traffic after initial deployment. Now what? Hold that thought too.
Per App VE - Where The Work Pays Off
Public or private cloud, administrators still deploy BIG-IP virtual edition similar to how they deploy BIG-IP hardware. A monolithic device providing reliable application delivery controller and security services supporting hundreds or thousands of applications. This is still a popular method to install BIG-IP in traditional or hybrid data centers. Developers can still programmatically configure monolithic BIG-IP virtual instances; application services spin up and down while updating nodes and configurations to BIG-IP via our REST interface. However you'll always have applications who may not have access to the "corporate" BIG-IP infrastructure or an application owner may need a unique instance to test a CI/CD process and they're segregated away production infrastructure. Or your teams just like their own application sandboxes. Enter BIG-IP Per App Virtual Edition (VE).
BIG-IP Per App VE is a bandwidth and CPU licensed offering that creates a reduced cost solution designed to provide Local Traffic Manager (LTM) and Web Application Firewall (WAF) features programmatically on a per-app need. Combined with BIG-IQ as a full management solution for orchestration management or just using the BIG-IQ License Manager (free) you can deploy BIG-IP wherever developers and application teams need. BIG-IQ is NOT needed to purchase BIG-IP Per App VE but it makes licensing a lot of devices easier.
What does the license provide and how do you provision? I'm glad you asked.
The BIG-IP Per App VE License:
- 1 virtual IP address
- 3 virtual servers or 1 (a combination of virtual address and a listening port)
- 25 Mbps or 200 Mbps throughput (license dependent)
- LTM or LTM with Advanced WAF
- 1 Interface
Remember you were holding two thoughts? The post-diet VE image available in v18.104.22.168 or later and the improved boot times? Suddenly this should start coming together for you. You can now deploy a realistically sized full featured security and ADC solution who deploys and processes traffic when your application needs it to and costs a lot less than the traditional "monolithic BIG-IP". Developers can now get work with BIG-IP LTM and Advanced WAF services where they need them insted of being forced to subscribe to the stricter management that come with larger consolidated deployments.
Where are we going?
The BIG-IP Per App VE is that first step to providing a more robust solution into continuous delivery/integration platforms and puts security and adc features closer to the developer and applicaiton owners. It's hard to require developers to adopt a security position when traditional infrastructure create roadblocks (ITIL, I'm looking at you). You'll still need those restricted systems for mission critical applicaitons where downtime breaks SLA's and contractural agreements. For all of those high priority applications BIG-IP Per App VE is your answer. F5 is busily working on building on the flexibility of the Per App VE license into emerging products to make deployments and scalability a piece of cake. So I'll ask you to again... hold that thought. ; )