NGINXaaS for Azure
2 TopicsF5 NGINXaaS for Azure: Multi-Region Architecture
The F5 NGINXaaS for Azureoffering recently announced general availability. Trust me...I've been using it and having fun! In this article, I will show you an example hub and spoke architecture using GitHub Actions and Azure Functions to automate NGINX configurations. As a bonus, I have code on GitHub that you can use to deploy this example. Topics Covered: NGINXaaS for Azure Architecture Explained The NGINXaaS for Azure architecture consists of an F5 subscription as well as customer subscription. F5 subscription - hidden from user, NGINX Plus instances, control plane, data plane Customer subscription - eNICs from VNet Injection, customer network stack, customer workloads F5 Subscription The NGINXaaS offering createsNGINX Plus instances and other related components like NGINX control plane and data plane resources in the F5 subscriptions. These items are not visible to the end user, and therefore result in the operational tasks of upgrades and scaling being managed by the NGINXaaS offering instead of the user. Each NGINX deployment, like other Azure services, is regional in nature. If you need to deploy NGINX closer to the client, then this will require multiple NGINX deployments (ex. westus2, eastus2). Each NGINX deployment will have a unique listener address. You can then use DNS to send clients to an NGINX deployment in the nearest region. Here is an example diagram. Customer Subscription The customer subscription has items like network stacks, Key Vaults, monitoring, application workloads, and more. The NGINX deployment automatically creates ethernet NICs (eNICs) in the customer subscription using VNet Injection and subnet delegation. The eNICs are deployed inside their own Azure Resource Group. They receive IP addressing from the customer VNet and are indeed visible by the user. However, there is no management needed with the eNICs because they are part of the NGINX deployment. Note: In my testing during public preview, I have noticed that Azure lets you manually remove subnet delegation for the NGINX service. Warning...do NOT do this. It will break traffic flow. Hub and Spoke Architecture You can easily make a hub and spoke design with NGINX in the mix using VNet peering. This is a great use case when required to use a shared NGINX deployment across different VNets, environments, or scaling workloads across multiple regions. Recall from earlier that an NGINX deployment will automatically create eNICs in the customer subscription. Therefore, you can control the entry point into the customer environment and the traffic flows. For example, configuring NGINX to use a customer shared VNet with peering gives you a hub and spoke design such as the picture below. This results in the NGINX eNICs being deployed into a customer Shared VNet (hub). Meanwhile the customer places workloads into their own VNets (spokes). Demo Code If this is the first time deploying NGINXaaS for Azure in your subscription, then you will need to subscribe to it in the marketplace. Search for “F5 NGINXaaS for Azure” in marketplace or follow this link Select F5 NGINXaaS for Azure and choose "Public Preview" and subscribe Time to play with code! Click the link below and review the README to deploy the demo example.There are prerequisites to follow. For example, you need to have a GitHub repository that stores the NGINX configuration files. You also need to have an Azure Key Vault and secret containing your GitHub access token. These are explained in the README. GitHub repo - F5 NGINXaaS for Azure Deployment with Demo Application in Multiple Regions After the deployment is done, you have a few options on how to handle NGINX configurations. I will share examples in future articles, but for now go ahead and explore on your own. Refer to the NGINXaaS for Azure documentation "NGINX Configuration" to get started. Summary This article gives an example architecture for deploying the NGINXaaS for Azure offering. I shared details on the different NGINX components, and I also shared demo code to help you explore the solution on your own! Contact us with any questions or requirements. We would love to hear from you! Resources DevCentral Series - F5 NGINXaaS for Azure F5 NGINXaaS for Azure Docs Blog Introducing F5 NGINXaaS for Azure3.1KViews6likes2CommentsGlobal Live Webinar (08/28): Deploy NGINX Faster Than You Can Say Azure: NGINXaaS Azure
Deploy NGINX Faster Than You Can Say Azure: NGINXaaS for Azure Date: August 28, 2024 Time: 10:00am PT | 1:00pm ET Speakers: Gee Chow, Solutions Architect, F5 Sundar Tiwari, Sr. Product Manager, F5 What's the webinar about? NGINX as a Service is a fully hosted offering that is tightly integrated into the Azure ecosystem, making applications fast, efficient, and reliable with full lifecycle management of advanced NGINX traffic services. NGINXaaS for Azure, powered by NGINX Plus, eliminates the need to deploy and manage individual instances or clusters of NGINX, and removes the operational burden of managing machines and images. Unlocking all NGINX Plus use cases of API Gateway, load balancer, programmable ADC, and cache managed through various Azure management tools (portal, CLI, SDK, ARM, and Terraform). And NGINXaaS for Azure can scale to meet your business, technical, or security requirements as they develop. In this in-depth session, our experts will cover: Seamless Integration with the Azure Ecosystem: Discover how NGINX Plus integrates with essential Azure services such as Key Vault, Monitor, and Log Analytics, enhancing security and monitoring capabilities. Smooth Migration Path: Learn the steps to transition your existing NGINX configurations to NGINX as a Service for Azure without hassle. Continuous Innovation and Reliability: Understand how NGINXaaS for Azure ensures your instances remain cutting-edge and robust with automatic updates and built-in failover and service resiliency. Cost-Effective Strategies: Leverage your Microsoft Azure Consumption Commitment (MACC) to make the most of NGINX as a Service for Azure. Join our knowledgeable presenters, Gee Chow, Solutions Architect at F5, and Sundar Tiwari, Sr. Product Manager at F5, for a session that promises to empower your Azure experience with NGINX Plus. Join our knowledgeable presenters, Gee Chow, Solutions Architect at F5, and Sundar Tiwari, Sr. Product Manager at F5, for a session that promises to empower your Azure experience with NGINX Plus. Register here31Views0likes0Comments