Software Defined Transformation - Management and Orchestration with F5 Synthesis

In this article we will look at how F5 continues to deliver the Management and Orchestration solutions for deploying Application Delivery Controller (ADC) platform services. We will begin with explaining how F5 approached Management solutions and how rapidly it developed to prepare for the Software Defined transformation within customer datacenters. Having interacted with over 100 major accounts in 2014 (global Enterprises and Service Providers), I've had the privilege of sharing these ideas and validate with their feedback. 

As an F5 customer, this article will benefit you in understanding why Management and Orchestration is a critical pillar of the F5 Synthesis architecture. Application deployments and datacenter architectures are also rapidly evolving to a point where F5 Synthesis can help you compare the value F5 offers. 

As a solution delivery partner, you can learn more about how F5 integrates with OpenStack, Cisco, Vmware, and Microsoft technologies to help you deliver Software Defined Networking (SDN) and Network Function Virtualization (NFV) projects for your clients. 

Back in the days...

F5 launched its Synthesis architecture framework for application delivery services in early 2014. It marked an important milestone for the vision defined over a decade ago. Early on, F5 focused on the application delivery services Management solution as a combination of tools aligned with the target audience. Most network administrators preferred command line interface (CLI) tools, and so F5 developed a shell interface called TMSH. Some administrators preferred a graphical user interface (GUI), and so F5 developed the Enterprise Manager solution. F5 also offered the iControl APIs for administrators not afraid to write some code to programmatically configure and deploy application delivery services. Customers have used all these tools and developed their ADC operations manual and automation scripts. I was delighted to discover how widely these tools are being used. Some customers have even built their own management interfaces (GUI) using TMSH commands and iControl APIs. Customers with scripting and development skills available within IT teams preferred using iControl and TMSH. Customers with a smaller devices footprint preferred using the Enterprise Manager solution. 

With this backdrop, let us now look at how our next generation Management and Orchestration platform, F5 BIG-IQ, helps our customers prepare for the Software Defined transformation within their datacenters. 

Fundamental shifts underway...

As recent as 3 years ago, network device management platforms were considered as monolithic vendor solutions for managing their software and hardware platforms. IT teams were expected to purchase the relevant vendor management products, resulting in over 2-dozen tools deployed for managing a complex infrastructure. This is true even today, but something started to change with the talk of programmable infrastructure services. The first shift was the popularity of REST APIs. With the rise of AWS and developers being able to provision infrastructure services via APIs, IT began to research similar capabilities for existing products and solutions deployed in-house. API driven orchestration started to gain interest. As a result, IT now looks at Management as not just a pretty GUI, but a comprehensive set of REST APIs as well. In every customer meeting, I was often asked “Do you have a REST API for that?” 

The second shift happened when IT decided to separate the task of provisioning and managing – i.e. separating the rollout out of new infrastructure services via orchestration from performing day to day management functions. Automation and Orchestration using REST APIs is rapidly becoming the norm. Many of the customers I visited have recruited software engineers to build their next-generation automation and orchestration toolbox. They are not only using the packaged cloud management platforms (of course, with API access), but also adopting platforms like Puppet, Chef, Ansible, and sometimes developing Python and Perl based scripts. 

In 2012 and 2013 most of the IT conversations about SDN and NFV were focused on protocol standardization and vendor support. It was primarily a white-board discussion and getting to an architectural blueprint was not yet possible. Beginning of 2014 saw some of that change. I was asked about F5's support for OpenStack Neutron, Cisco APIC, VMware NSX and most recently, Microsoft HNV. Customers were beginning to draw the blueprints and wanted to evaluate where F5 fits. Financial budgets were being committed and IT teams were preparing to embrace SDN/NFV for bringing programmability to infrastructure services deployment. The discussion changed from protocol support to the availability of REST APIs. It seemed like IT Networking professionals were converging on choosing APIs over protocols. This fitted nicely with how F5 has approached network services programmability. F5 is committed to supporting relevant standard protocols and while they evolve, F5 will provide REST APIs to enable programming of the ADC services. 

I have witnessed these shifts inside most of F5’s major accounts. Their F5 BIG-IP footprints have grown significantly. With rising highly available deployments (active-standby and active-active clusters), customers are now looking for more programmatic control over the entire BIG-IP fleet for lifecycle management and rapid provisioning of services. This is different than just scripting iControl APIs based on device-by-device configuration changes. Customers are now looking to have a central control point (i.e. central authority), with orchestrated provisioning of services. Customers with large-scale global datacenter footprints also expect distributed intelligence versus centralized intelligence (more on that in a future post). 

Orchestration becoming mainstream...

Building on the iControl API approach, F5 baked the vision for BIG-IQ Management and Orchestration to address the shifts described above. With BIG-IQ, F5 plans to transform the monolithic management product approach to a programmable platform with target audience specific components (called Modules). The unique aspect of this vision is to provide API parity for everything that an IT administrator can do in the GUI. As a result, IT can get trained on the GUI and as complexity evolves, automate tasks using the APIs. By having access to APIs, IT can also enforce separation of duties (who does what and audit actions) and implement governance policies in line with business and regulatory requirements. Trying to capture the complexity of this in Management GUIs, without APIs, is akin to fighting a losing battle. F5 knows that APIs help win the complexity war, and hence focused on providing REST APIs for everything. Furthermore, REST APIs are the key to unlock the benefits of the Software Defined transformation within datacenters. 

Orchestration on top of device and software provisioning helps IT transform their datacenter to a programmable infrastructure. By providing REST APIs and iApps based configuration templates, F5 enables this transformation. Further, by focusing on integrations with third party platforms like OpenStack Neutron, Cisco APIC, VMWare NSX, and Microsoft SCVMM/HNV - F5 continues to offer a flexible solution that will work with whatever SDN/NFV approach the customer chooses. It is important to highlight this aspect of F5's thinking, which separates F5 from how others think about automation and orchestration. 

Your key takeaway is this: F5 is committed to providing control of BIG-IP configuration and policy definitions using device specific and centralized REST APIs, enabling the kind of flexibility required for rolling out software defined application services. With BIG-IQ iControl APIs, F5 helps customers get started on automating common tasks and redeem the time spent on manual operational tasks performed week after week. With the SDN/NFV integrations for OpenStack, Cisco, Vmware, and Microsoft – F5 will continue to enable choice in how to adopt Software Defined architectures for datacenter transformation. 

Management under rapid development...

Customers expect F5 to deliver robust management capabilities that enable ease of use for all of their BIG-IP software modules. With centralized management focus in BIG-IQ, F5 is on track to deliver on that expectation. In 2014, F5 delivered the management functions for BIG-IP device lifecycle, licensing, device monitoring, firewall policies, and configuration backup/restore capabilities. The recently launched BIG-IQ 4.5 release begins to deliver object level management for BIG-IP traffic management capabilities and better control over BIG-IP security policies. 

In addition to robust configuration management, customers also expect a comprehensive role based access control (RBAC) framework for implementing IT governance. With BIG-IQ RBAC, customers can begin to satisfy some of these needs. Starting today, customers can use BIG-IQ to leverage the network administrator role to create configuration objects for the entire deployment, and allow the application administrator role to control their piece of the configuration. Network administrators can also view all their BIG-IP iRules from a central location and attach/detach iRules for configuration changes. Application administrators can now control the lifecycle of their BIG-IP virtual servers, virtual IP addresses, pools, and monitor the health of those services. Security administrators can also delegate control over the firewall rules and enable visibility into how the rules are enforced. 

With focus on simplifying BIG-IP policy changes using iApps, BIG-IQ also helps customers catalog and deploy iApps. Customers using iApps report significant savings in provisioning and configuration rollouts across multiple BIG-IPs. 

Customers also expect a single pane of glass interface for their entire BIG-IP deployment across multiple datacenters. They want to see the inventory of all their BIG-IP instances (physical and virtual) and view the health monitors. F5 BIG-IQ enables that with visibility into active-standby and an active-active clusters for BIG-IP traffic management functions. BIG-IQ itself can also be deployed in a high-availability configuration using active-active and active-standby modes (depending on the BIG-IP modules being managed). 

F5 BIG-IQ is our long term strategic investment and the roadmap is packed with capabilities that will address established and emerging ADC services deployment scenarios. 

Call to action… 

I thank our customers for helping us jointly define and begin delivering solutions that address critical pain points. While we continue to develop BIG-IQ, you can continue to use the Enterprise Manager, TMSH, and iControl based solutions per your needs. If you need information on when to use Enterprise Manager and when to use BIG-IQ, please contact your regional sales account manager to start the conversation. We’re ready to support you in deploying BIG-IQ for addressing some of the Management and Orchestration scenarios described in this article. Please share your questions on this forum or reach out to your regional sales account manager and field services engineer. We’d love to hear from you on how we can enhance our BIG-IQ solution per your needs.

Published Feb 03, 2015
Version 1.0