Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Introducing Secure MCN features on F5 Distributed Cloud

Dave_Potter
F5 Employee
F5 Employee

‎10-Aug-2023 05:00 - edited ‎25-Aug-2023 09:34

Introduction

F5 Distributed Cloud Services offers many secure multi-cloud networking features. In the following video, I demonstrate how to connect a secure mesh customer edge (CE) site running on VMware and using common hardware. This on-prem CE is joined to a site mesh group of three other CE's, two of which are run on the public cloud providers AWS and Azure. Secure Mesh CE is a newly enhanced feature in Distributed Cloud that allows CE's not running in public cloud providers to run on hardware with unique and different configurations. Specifically, it's now possible to deploy site mesh transit networking to all CE's having one, two, or more NIC's, with each CE having its own unique physical configuration for networking.

See my article on Secure Mesh Site Networking to learn how to set up and configure secure mesh sites.

Slide8.jpeg

In addition to secure mesh networking, on-prem CE's can be deployed without app management features, giving organizations the flexibility to conserve deployed resources. Organizations can now choose whether to deploy AppStack CE's, where the CE's can manage and run K8s compute workloads deployed at the site, or use networking-focused CE's freeing up resources that would otherwise be used managing the apps. Whether deploying an AppStack or Secure Mesh CE, both types support Distributed Cloud's comprehensive set of security features, including DDoS, WAF, API protection, Bot, and Risk management.

Secure MCN deployment capabilities include the following capabilities:

  • Secure Multi-Cloud Network Fabric (secure connectivity)
  • Discover any app running anywhere across your environments
  • Cloud/On-Prem Customer Edge (CE)
  • Private link connectivity orchestration with F5 XC as-a-service using any transport provider
    ➡️ Example: AWS PrivateLink, Aure CloudLink, Private transport (IP, MPLS, etc)
  • L3 Network Connect & L7 App Connect capabilities
  • L3/L4 DDoS + Enhanced intent-based firewall policies
  • Security Service insertion w/ support for BIG-IP and Palo Alto Firewalls
  • Application Security Services - WAF, API Protection, L7 DoS, Bot Defense, Client-side defense and more
  • SaaS and Automation for Security, Network, & Edge Compute
  • Powerful monitoring dashboards & troubleshooting tools for the entire secure multi-cloud network fabric
  • Gain visibility into how and which API's are being consumed in workflows
    ➡️ Monitor and troubleshoot apps including their API's

In the following video, I introduce the components that make up a Secure MCN deployment, and then walk through configuring the security features and show how to observe app performance and remediate security related incidents.

0-3:32 - Overview of Secure MCN features
3:32-9:20 - Product Demo

Additional Resources

Technical Article: Secure Mesh Site Networking
Product Documentation: How-To Create Secure Mesh Sites
Product Information: Distributed Cloud Network Connect
Product Information: Distributed Cloud App Connect

Labels:
Version history
Last update:
‎25-Aug-2023 09:34
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC