The Hitchhiker’s Guide to BIG-IP in Azure – “Deployment Scenarios”
“A towel, [The Hitchhiker's Guide to the Galaxy] says, is about the most massively useful thing an interstellar hitchhiker can have. Partly it has great practical value. You can wrap it around you for warmth as you bound across the cold moons of Jaglan Beta; you can lie on it on the brilliant marble-sanded beaches of Santraginus V, inhaling the heady sea vapors; you can sleep under it beneath the stars which shine so redly on the desert world of Kakrafoon; use it to sail a miniraft down the slow heavy River Moth; wet it for use in hand-to-hand-combat; wrap it round your head to ward off noxious fumes or avoid the gaze of the Ravenous Bugblatter Beast of Traal (such a mind-boggingly stupid animal, it assumes that if you can't see it, it can't see you); you can wave your towel in emergencies as a distress signal, and of course dry yourself off with it if it still seems to be clean enough.”
― Douglas Adams, The Hitchhiker's Guide to the Galaxy
Ok, so maybe you can’t use an F5 BIG-IP as a sail for your miniraft but have you ever tried to stopping a layer 7 DDOS attack with a towel? Can a towel secure your application while providing high availability and scalability? What’s more, while you may not be able to wrap a BIG-IP around you, I bet a server rack full of BIG-IP VIPRIONs would keep you a heck of a lot warmer than some old towel. I’m just saying.
Hello and welcome to part 2 of our 4-part series, ‘The Hitchhiker’s Guide to BIG-IP in Azure’. In this installment we’ll take a closer look at some ways in which to deploy the BIG-IP into the Azure infrastructure. With regard to Azure, the BIG-IP is basically another compute workload and as such can be deployed into multiple avenues.
Deploying a BIG-IP out of the Azure Marketplace is by far the easiest method. As the screenshot illustrates below, there are several options to choose from including hourly billing and BYOL. Additionally, there solution specific offerings as well for WAF, (Web Application Firewall) and Office 365 federation with more to follow. These offers will deploy and fully configure solution-specific BIG-IP(s) without any further interaction required.
it is important to note that while this is a very easy deployment method, there are some limitations. For example, the marketplace allows only for single-NIC deployments. Additionally, aside from basic initial configuration, the BIG-IP will require additional manual configuration, (i.e. licensing, provisioning, etc.).
Once you have selected an appropriate offer, it is simply a matter of providing the required parameters, (refer to below) and accepting the EULA. The BIG-IP and relevant resources, (virtual network, NIC, storage, etc.) are deployed and ready to use within approximately 20 minutes.
Deploying a BIG-IP by way of an Azure Resource Manager, (ARM) template allows for the greatest deployment flexibility. In a nutshell, an ARM template is JSON file the defines Azure resources, (including virtual machines like the BIG-IP VE) to deploy into an Azure infrastructure, (see example below). The template can be used to deploy resources in a repeatable and consistent manner. Additionally, you get the following benefits:
- Highly customizable and automated post deployment configurations by way of Azure custom script extensions;
- Multiple BIG-IP instances;
- Multiple interfaces; and
- Multiple public facing IP addresses
The real power of ARM templates is how they enable quick, consistent, and repeatable automated deployments from a variety of sources such as the Azure portal, PowerShell, Azure CLI, or any number of orchestration tools such as Ansible, Puppet, and Chef. To help, F5 Networks has published several ARM templates via GitHub. These templates provide an excellent starting point for customers requiring more complex or custom deployments. These templates can be easily modified to allow for very specific, yet repeatable deployment scenarios.
CLI & PowerShell & Azure Portal
As I mentioned above there are a number of options available for deploying resources via an ARM template into Azure. Two common methods are the Microsoft Azure Command-Line Utility, and Azure PowerShell. The inline links at left will direct you to official Azure guidance and additional resources. Thanks to the efforts of some super talented engineers, (Michael Shimkus and James Sevedge), there are deployment scripts for both options available out on GitHub at https://github.com/F5Networks/f5-azure-arm-templates to compliment the above mentioned ARM templates. Pretty cool!
Perhaps the easiest way to deploy an ARM template is through the Azure portal. It’s a fairly simply matter of obtaining a copy of an ARM template and uploading into the portal via a new custom deployment. Here is a quick overview of the process.
The absolutely guaranteed * easiest way to deploy a BIG-IP ARM template is straight out of the F5 Networks GitHub repository. Just look for and click on the desired quick deployment button.
Ok. That’s it for now. Stay tuned for next week’s installment, The Hitchhiker’s Guide to BIG-IP in Azure – “High Availability”.
* Note: The author by no means actually guarantees much of anything; therefore any claims will be arbitrated on Vogsphere by means of a Vogon Poetry slam. Yeah!!! I got one more movie reference in just under the wire.