Introducing Secure MCN features on F5 Distributed Cloud
Introduction
F5 Distributed Cloud Services offers many secure multi-cloud networking features. In the video linked below, I demonstrate how to connect a Secure Mesh Customer Edge (CE) Site running on VMware and using common hardware. This on-prem CE is joined to a site mesh group of three other CE's, two of which are run on the public cloud providers AWS and Azure. Secure Mesh CE is a newly enhanced feature in Distributed Cloud that allows CE's not running in public cloud providers to run on hardware with unique and different configurations. Specifically, it's now possible to deploy site mesh transit networking to all CE's having one, two, or more NIC's, with each CE having its own unique physical configuration for networking.
See my article on Secure Mesh Site Networking to learn how to set up and configure secure mesh sites.
In addition to secure mesh networking, on-prem CE's can be deployed without app management features, giving organizations the flexibility to conserve deployed resources. Organizations can now choose whether to deploy AppStack CE's, where the CE's can manage and run K8s compute workloads deployed at the site, or use networking-focused CE's freeing up resources that would otherwise be used managing the apps. Whether deploying an AppStack or Secure Mesh CE, both types support Distributed Cloud's comprehensive set of security features, including DDoS, WAF, API protection, Bot, and Risk management.
Secure MCN deployment capabilities include the following capabilities:
- Secure Multi-Cloud Network Fabric (secure connectivity)
- Discover any app running anywhere across your environments
- Cloud/On-Prem Customer Edge (CE)
- Private link connectivity orchestration with F5 XC as-a-service using any transport provider
➡️ Example: AWS PrivateLink, Azure CloudLink, Private transport (IP, MPLS, etc) - L3 Network Connect & L7 App Connect capabilities
- L3/L4 DDoS + Enhanced intent-based firewall policies
- Security Service insertion w/ support for BIG-IP and Palo Alto Firewalls
- Application Security Services - WAF, API Protection, L7 DoS, Bot Defense, Client-side defense and more
- SaaS and Automation for Security, Network, & Edge Compute
- Powerful monitoring dashboards & troubleshooting tools for the entire secure multi-cloud network fabric
- Gain visibility into how and which API's are being consumed in workflows
➡️ Monitor and troubleshoot apps including their API's
In the following video, I introduce the components that make up a Secure MCN deployment, and then walk through configuring the security features and show how to observe app performance and remediate security related incidents.
0-3:32 - Overview of Secure MCN features
3:32-9:20 - Product Demo
Resources
Distributed Cloud App Delivery Fabric Workflow Guide (GitHub)
Secure MCN Article Series
Secure MCN Intro: Introducing Secure MCN features on F5 Distributed Cloud
Secure MCN Part 1: Using Distributed Application Security Policies in Secure Multicloud Networking Customer Edge Sites
Secure MCN Part 2: The App Delivery Fabric with Secure Multicloud Networking
Secure MCN Part 3: Coming Soon: The Secure Network Fabric with Multicloud Network Segmentation & Private Provider Network Connectivity
Related Technical Articles
🔥 ➡️ Combining the key aspects of Secure MCN with GenAI apps: Protect multi-cloud and Edge Generative AI applications with F5 Distributed Cloud
Secure Mesh Site Networking (DevCentral)
A Complete Multi-Cloud Networking Walkthrough (DevCentral)
Product Documentation
How-To Create Secure Mesh Sites
Product Information
Distributed Cloud Network Connect
Distributed Cloud App Connect