Introducing Secure MCN features on F5 Distributed Cloud


F5 Distributed Cloud Services offers many secure multi-cloud networking features. In the video linked below, I demonstrate how to connect a Secure Mesh Customer Edge (CE) Site running on VMware and using common hardware. This on-prem CE is joined to a site mesh group of three other CE's, two of which are run on the public cloud providers AWS and Azure. Secure Mesh CE is a newly enhanced feature in Distributed Cloud that allows CE's not running in public cloud providers to run on hardware with unique and different configurations. Specifically, it's now possible to deploy site mesh transit networking to all CE's having one, two, or more NIC's, with each CE having its own unique physical configuration for networking.

See my article on Secure Mesh Site Networking to learn how to set up and configure secure mesh sites.

In addition to secure mesh networking, on-prem CE's can be deployed without app management features, giving organizations the flexibility to conserve deployed resources. Organizations can now choose whether to deploy AppStack CE's, where the CE's can manage and run K8s compute workloads deployed at the site, or use networking-focused CE's freeing up resources that would otherwise be used managing the apps. Whether deploying an AppStack or Secure Mesh CE, both types support Distributed Cloud's comprehensive set of security features, including DDoS, WAF, API protection, Bot, and Risk management.

Secure MCN deployment capabilities include the following capabilities:

  • Secure Multi-Cloud Network Fabric (secure connectivity)
  • Discover any app running anywhere across your environments
  • Cloud/On-Prem Customer Edge (CE)
  • Private link connectivity orchestration with F5 XC as-a-service using any transport provider
    ➡️ Example: AWS PrivateLink, Azure CloudLink, Private transport (IP, MPLS, etc)
  • L3 Network Connect & L7 App Connect capabilities
  • L3/L4 DDoS + Enhanced intent-based firewall policies
  • Security Service insertion w/ support for BIG-IP and Palo Alto Firewalls
  • Application Security Services - WAF, API Protection, L7 DoS, Bot Defense, Client-side defense and more
  • SaaS and Automation for Security, Network, & Edge Compute
  • Powerful monitoring dashboards & troubleshooting tools for the entire secure multi-cloud network fabric
  • Gain visibility into how and which API's are being consumed in workflows
    ➡️ Monitor and troubleshoot apps including their API's

In the following video, I introduce the components that make up a Secure MCN deployment, and then walk through configuring the security features and show how to observe app performance and remediate security related incidents.

0-3:32 - Overview of Secure MCN features
3:32-9:20 - Product Demo

Additional Resources

Technical Article: Secure Mesh Site Networking
Technical Article: A Complete Multi-Cloud Networking Walkthrough
Product Documentation: How-To Create Secure Mesh Sites
Product Information: Distributed Cloud Network Connect
Product Information: Distributed Cloud App Connect

Updated Nov 17, 2023
Version 5.0

Was this article helpful?

No CommentsBe the first to comment