Make sure you grab a tissue, because you will literally weep when you read the awesome content so prominently and consistently delivered in our community. And, even if you don't weep uncontrollably, you'll at least work up a couple of tears. And, for that one guy who has no viable tear ducts in his face...you won't physically create tears while reading these articles, but you will undoubtedly learn something new and amazing. With that, I proudly present this edition of the DevCentral Top 5:
I couldn't resist highlighting a "top ten" article inside a "top 5" article. It just makes sense. David Holmes does a great job of picking out 10 of the 29 new security features available in the upcoming BIG-IP 11.6 release. I won't list them all here (since that's kind of the whole point of David's article), but I will tell you that the list includes things like DNS firewall features, hardware DDoS integration, geo-location anomaly detection, flow table sweeper enhancements, and external crypto offloading. What's more, David shows how these new features are built into several different BIG-IP modules (GTM, vCMP, ASM, APM, AFM, LTM). F5 takes security very seriously, and it shows by the way these security features are baked into the core of so many BIG-IP modules. Upgrade to 11.6 and enjoy all these rock-star security features!
Ryan Korock reminds us that the single largest transformation of the traditional data center in recent history is the concept of the "Private Cloud". We all want it, and we want it now! Well, guess what? It's not always that easy to move the "Private Cloud" from vision to reality. A true "Private Cloud" includes aspects of compute, storage, and network...all of which are probably delivered by different vendors who adopted different APIs and management toolsets. It doesn't take long to see how this "Private Cloud" orchestration can get very complex and expensive. Microsoft recently announced a "converged infrastructure" that delivers pre-built offerings that are designed to have all the necessary pieces working together before they ever reach the customer's data center. Microsoft delivered a completely automated solution (called the Cloud Platform System) that includes best of breed technologies on the compute, storage, and network components. The other good news is that Microsoft partnered with F5 to make all this happen. The BIG-IP's RESTful API provides the ability to automate both configuration and device management while the traffic management engine allows flexibility for workflow traffic. It's a match made in heaven!
If you need to mitigate a recent security vulnerability (or any security vulnerability for that matter), Jeff Costlow is your guy. In this article, Jeff builds on his discussion of the recent POODLE vulnerability. The best solution to POODLE is to disable SSLv3. Unfortunately, many legacy clients can't disable SSLv3. What to do, right? Well, Jeff and his team of super-smart security experts have investigated the use of RC4 in mitigating POODLE on legacy clients. While RC4 does have a known weakness (an attacker could recover plaintext after several hundred million messages), the POODLE vulnerability allows an attacker to recover plaintext after a few thousand messages. So, if you can't disable SSLv3, it makes more sense to enable RC4-SHA only for use in SSLv3 sessions. This article shows you how to configure your virtual server to do exactly what we just talked about. Jeff reminds us at the end of his article that it is still recommended to disable SSLv3 and RC4 once you are able to remove all legacy clients. Thanks for keeping us safe, Jeff!
When it comes to a good debate on SDN and IoT, no one can go more rounds than Lori MacVittie. In this article, Lori discusses SDN as a major enabler of IoT...and she notes that SDN must include the entire network (layers 2-7). The SDN tendency is to remain stuck in the stateless layers 2-4 with a focus on routing and switching and basic forwarding. While that piece works great for dealing with bandwidth issues and peak traffic, it doesn't address scaling out access or security services, or scaling out the apps themselves. For that, you need to reach up the stack and look to stateful layers 4-7. Let's be honest...if/when you're gonna deploy SDN, you need to do it correctly (and completely)!