Quick and Easy Steps to secure your multi-cloud environment with F5’s Distributed Cloud
You might ask yourself how do I secure all my applications in different clouds when the architecture, tools and skill sets are different across private and public clouds? Or how do I simplify the complex nature of securing my application environments as I transition to multiple cloud environments from the private data center?
F5’s SaaS-based Distributed Cloud reduces operational complexity by normalizing different cloud providers' networking configurations, security policies, application deployment and delivery, and observability. You get a uniform set of services to connect clouds and deliver applications with minimal disruption
F5’s SaaS-based service delivers a single pane of glass for network, app, and API security to simplify operations and enables a unified policy across all environments.
I will explain to you how to quickly deploy F5’s Distributed Cloud WAAP (web application and API protection) in the 4 different available configurations. (WAF, API, Bot Defense and DDoS Mitigation)
• Web Application Firewall (WAF): F5 Distributed Cloud WAF leverages F5’s WAF Engine, combining signature- and behavior-based protection for web applications.
• API Security: F5 Distributed Cloud API Security safeguards application programming interfaces (APIs) from threat actors attempting to exploit them to facilitate a breach or services outage.
• Bot Defense: F5 Distributed Cloud Bot Defense manages and deflects malicious automation to prevent sophisticated, human-emulating attacks.
• DDoS Mitigation: With F5 Distributed Cloud DDoS Mitigation, organizations get multi-layered protection against attacks across layers 3–7, including network-level shielding from volumetric distributed denial-of-service (DDoS), DoS signatures, service policies including rate limiting, IP reputation, and advanced scrubbing with deep packet inspection.
Upon initial logon into F5’s Distributed Cloud Services Console you see a Common Service panel which serves as the landing area for all configurations we will be highlighting.
Based on your role and selection upon initial logon your screen maybe slightly different.
Multi-cloud Networking
First when we talk of multi-cloud we must decide where our application will live. We already either have applications in private data centers or deployed in a hybrid mode of a private datacenter and one cloud location. But what happens when we need to move into additional public clouds? Do you have the teams and skill sets to support that? Applications are becoming more and more distributed. What if a particular service or offering is hosted in a public cloud you do not have networked together yet?
This is where F5 simplifies the solution. Seen below are all the public clouds that can be stitched together quickly through the UI. Enter required credentials, select public cloud provider
After clicking what cloud provider you choose to deploy into, you are presented with a screen similiar to the two examples below, where you enter the required information. As you see, the options presented to you are simple and consistent, regardless of what cloud provider you choose. You supply a name, a VPC or VNET, choose a new or existing deployment, what type of node you need, and a few options if desired and you are ready to deploy into a new cloud.
After deploying the configuration, you have a functional multi-cloud infrastructure.
That was a brief introduction with more detailed articles to follow.
WAAP Security
Since this article is about Distributed Cloud Security, I will highlight the ease of deploying security in your mutli-cloud environment. Navigate back to the main page by clicking “Select service” and click the Web App and API Protection tile. You are then presented with the following screen:
Click Add HTTP Load Balancer to be presented with this form where basic information is required to set up your load balancer. I want to point out the Security Configuration Section in the second frame as that is where we will configure all the WAAP features called out above.
Make sure you enable the Show Advanced Fields slider.
Although there are multiple configuration items available, the ease and common UI across all the security solutions WAF, API, Bot Defense and DDoS are all configured from here.
By enabling each selection, you are presented with multiple configuration objects. This is where the simplicity shines. This one screen allows for all the security controls you have access to (WAF, API, Bot Defense and DDoS).
Follow on articles will be published that detail the configurations in the above use cases.
Since you have previously configured multi cloud networking across various providers, depending on the application and use case, this configuration screen and security policy is unified and deployed against all the disparate clouds.
I hope this quick introduction and highlight of the simplified UI, unified security and ease of deployment was able to show how F5’s SaaS solution will make the deployment on application easier across teams when using a multi cloud solution.
Related content:
- https://www.f5.com/de_de/company/blog/f5-introduces-comprehensive-saas-based-security-for-web-apps-and-apis
- https://www.f5.com/company/blog/combat-complexity-elevate-modern-app-security