2024 DevCentral MVP Announcement
Congratulations to the 2024 DevCentral MVPs! TheDevCentral MVP Award is given annually to the outstanding group of experts in the technical F5 user community who go out of their way to engage with the user community. The award is our way of recognizing their significant contributions, because while all of our users collectively make DevCentral one of the top community sites around and a valuable resource for everyone, MVPs regularly go above and beyond in assisting fellow F5 practitioners by sharing their deep technical experience and knowledge. MVPs get badges in their DevCentral and Reddit profiles so everyone can see that they are recognized experts. They also receive MVP swag, and invitations to regular exclusive webinars and behind-the-scenes looks at things like roadmaps, new product sneak-previews, and innovative concepts in development at F5. DevCentral is grateful for and proud to recognisethe technical knowledge and exemplary community engagement of these 43 outstanding community members: Amine_Kadimi Amr_Ali Austin_Geraci boneyard Bryan_T_ CA_Valli Daniel_Wolf Dario_Garrido Enes_Afsin_Al F5_Design_Engineer jaikumar_f5 Jim_Schwartzme1 JoseLabra JoshBecigneul Juergen_Mang Kai_Wilke KeesvandenBos Kevin_Davies Lidev lnxgeek LouisK Mayur_Sutare Michael_Saleem mihaic Mike757 Mohamed_Ahmed_Kansoh Mohamed_Salah_ Niels_van_Sluis Nikoolayy1 P_Kueppers Patrik_Jonsson Paulius PhatANhappy Philip_Jonsson PSFletchTheTek Rodolfo_Nützmann Samir ScottE Sebastian_Mani1 Sebastiansierra StephanManthey Tofunmi Whisperer2023 DevCentral MVP Announcement
Congratulations to the 2023 DevCentral MVPs! Without users who take time from their busy days to share their experience and knowledge for others, DevCentral couldn't be the helpfuluser community that it is today. To that end, the DevCentral MVP Award is given annually to the outstanding group of experts in the technical F5 user community who go out of their way to engage with the user community. The award is our way of recognizing their significant contributions, because while all of our users collectively make DevCentral one of the top community sites around and a valuable resource for everyone, MVPs regularly go above and beyond in assisting fellow F5 users.2022 was tough in a lot of ways, and we are extra-grateful to this year's MVPs for taking the time and making the effort to help others. MVPs get badges in their DevCentral and Reddit profiles so everyone can see that they are recognized experts. This year’s MVPs will receive thank-you gifts, and invitations to regular exclusive webinars and behind-the-scenes looks at things like roadmaps, new product sneak-previews, and innovative concepts in development. The 2023 DevCentral MVPs are: AlexBCT Amine_Kadimi Austin_Geraci boneyard Bryan_T_ CA_Valli Dario_Garrido Donald_J_Ross Edouard Enes_Afsin_Al F5_Design_Engineer iaine jaikumar_f5 Jim_Schwartzme1 JoshBecigneul Juergen_Mang Kai_Wilke KeesvandenBos Kevin_Davies Lidev lnxgeek LouisK Mayur_Sutare mihaic Mike757 Mohamed_Ahmed_Kansoh Mohamed_Salah_ neeeewbie Niels_van_Sluis Nikoolayy1 P_Kueppers Patrik_Jonsson Paulius Philip_Jonsson PSFletchTheTek Rodolfo_Nützmann Rodrigo_Albuque Samir spalande ScottE Sebastian_Maniak Sebastiansierra StephanManthey Tofunmi xuwenWhat is BIG-IP Next?
BIG-IP Next LTM and BIG-IP Next WAF hit general availability back in October, and we hit the road for a tour around North America for its arrival party! Those who attended one of our F5 Academy sessions got a deep-dive presentation into BIG-IP Next conceptually, and then a lab session to work through migrating workloads and deploying them. I got to attend four of the events and discuss with so many fantastic community members what's old, what's new, what's borrowed, what's blue...no wait--this is no wedding! But for those of us who've been around the block with BIG-IP for a while, if not married to the tech, we definitely have a relationship with it, for better and worse, right? And that's earned. So any time something new, or in our case "Next" comes around, there's risk and fear involved personally. But don't fret. Seriously. It's going to be different in a lot of ways, but it's going to be great. And there are a crap-ton (thank you Mark Rober!) of improvements that once we all make it through the early stages, we'll embrace and wonder why we were even scared in the first place. So with all that said, will you come on the journey with me? In this first of many articles to come from me this year, I'll cover the high-level basics of what is so next about BIG-IP Next, and in future entries we'll be digging into the tech and learning together. BIG-IP and BIG-IP Next Conceptually - A Comparison BIG-IP has been around since before the turn of the century (which is almost old enough to rent a car here in the United States) and this year marks the 20 year anniversary of TMOS. That the traffic management microkernel (TMM) is still grokking like a boss all these years later is a testament to that early innovation! So whereas TMOS as a system is winding down, it's heart, TMM, will go on (cue sappy Celine Dion ditty in 3, 2, 1...) Let's take a look at what was and what is. With TMOS, the data plane and control plane compete for resources as it's one big system. With BIG-IP, the separation of duties is more explicit and intentionally designed to scale on the control plane. Also, the product modules are no longer either completely integrated in TMM or plugins to TMM, but rather, isolated to their own container structures. The image above might convey the idea that LTM or WAF or any of the other modules are single containers, but that's just shown that way for brevity. Each module is an array of containers. But don't let that scare you. The underlying kubernetes architecture is an abstraction that you may--but certainly are not required to--care about. TMM continues to be its awesome TMM self. The significant change operationally is how you interact with BIG-IP. With TMOS, historically you engage directly with each device, even if you have some other tools like BIG-IQ or third-party administration/automation platforms. With BIG-IP Next, everything is centralized on Central Manager, and the BIG-IP Next instances, whether they are running on rSeries, VELOS, or Virtual Edition, are just destinations for your workloads. In fact, outside of sidecar proxies for troubleshooting, instance logins won't even be supported! Yes, this is a paradigm shift. With BIG-IP Next, you will no longer be configuration-object focused. You will be application-focused. You'll still have the nerd-knobs to tweak and turn, but they'll be done within the context of an application declaration. If you haven't started your automation journey yet, you might not be familiar with AS3. It's been out now for years and works with BIG-IP to deploy applications declaratively. Instead of following a long pre-flight checklist with 87 steps to go from nothing to a working application, you simply define the parameters of your application in a blob of JSON data and click the easy button. For BIG-IP Next, this is the way. Now, in the Central Manager GUI, you might interact with FAST templates that deliver a more traditional view into configuring applications, but the underlying configuration engine is all AS3. For more, I hosted aseries of streams in December to introduce AS3 Foundations, I highly recommend you take the time to digest the basics. Benefits I'm Excited About There are many and you can read about them on the product page on F5.com. But here's my short list: API-first. Period. BIG-IP had APIs with iControl from the era before APIs were even cool, but they were not first-class citizens. The resulting performance at scale requires effort to manage effectively. Not only performance, but feature parity among iControl REST, iControl SOAP, tmsh, and the GUI has been a challenge because of the way development occurred over time. Not so with BIG-IP Next. Everything is API-first, so all tooling is able to consume everything. This is huge! Migration assistance. Central Manager has the JOURNEYS tool on sterroids built-in to the experience. Upload your UCS, evaluate your applications to see what can be migrated without updates, and deploy! It really is that easy. Sure, there's work to be done for applications that aren't fully compatible yet, but it's a great start. You can do this piece (and I recommend that you do) before you even think about deploying a single instance just to learn what work you have ahead of you and what solutions you might need to adapt to be ready. Simplified patch/upgrade process. If you know, you know...patches are upgrades with BIG-IP, and not in place at that. This is drastically improved with BIG-IP Next! Because of the containerized nature of the system, individual containers can be targeted for patching, and depending on the container, may not even require a downtime consideration. Release cycle. A more frequent release cadence might terrify the customers among us that like to space out their upgrades to once every three years or so, but for the rest of us, feature delivery to the tune of weeks instead of twice per year is an exciting development (pun intended!) Features I'm Excited About Versioning for iRules and policies. For those of us who write/manage these things, this is huge! Typically I'd version by including it in the title, and I know some who set release tags in repos. With Central Manager, it's built-in and you can deploy iRules and polices by version and do diffs in place. I'm super excited about this! Did I mention the API? On the API front...it's one API, for all functionality. No digging and scraping through the GUI, tmsh, iControl REST, iControl SOAP, building out a node.js app to deploy a custom API endpoint with iControl LX, if even possible with some of the modules like APM or ASM. Nope, it's all there in one API. Glorious. Centralized dashboards. This one is for the Ops teams! Who among us has spent many a day building custom dashboards to consume stats from BIG-IPs across your org to have a single pane of glass to manage? I for one, and I'm thrilled to see system, application, and security data centralized for analysis and alerting. Log/metric streaming. And finally, logs and metrics! Telemetry Streaming from the F5 Automation Toolchain doesn't come forward in BIG-IP Next, but the ideas behind it do. If you need your data elsewhere from Central Manager, you can set up remote logging with OpenTelemetry (see the link in the resources listed below for a first published example of this.) There are some great features coming with DNS, Access, and all the other modules when they are released as well. I'll cover those when they hit general availability. Let's Go! In the coming weeks, I'll be releasing articles on installation and licensing walk-throughs for Central Manager and the instances, andcontent from our awesome group of authors is already starting to flow as well. Here are a few entries you can feast your eyes on, including an instance Proxmox installation: For the kubernetes crowd, BIG-IP Next CNF Solutions for RedHat Openshift Installing BIG-IP Next Instance on Proxmox Remote Logging with BIG-IP Next and OpenTelemetry Are you ready? Grab a trial licensefrom your MyF5 dashboard and get going! And make sure to join us in the BIG-IP Next Academy group here on DevCentral. The launch team is actively engaged there for next-related questions/issues, so that's the place to be in your early journey! Also...if you want the ultimate jump-start for all things BIG-IP Next, join usatAppWorld 2024 in SanJose next month!On Badges
Hello DevCentral Community. Today I am launching our main community badge schema. 📛 I have been sitting on this for a while waiting - I can wait no longer. I hope this is a fun way for you to see what you have been up to on DevCentral, forothers to see how many places you've been on DevCentral, and forus all to be digitally recognized for just how much we are helping each other; everyday. You can see badges you have earned by navigating to your ownMy Profile. At launch (today) - I have set the default email notification to be in a daily-digest. Tomorrow (July 19) I will set the notification back to immediately so you may be notified about badges as you earn them. Many are earned as you engage on the site but some can be earned while you are away. If you want to change the default you can do so inMy Settings > Subscriptions & Notifications > Notification Settings. (linked for convenience) Some details. The badges follow a basic pattern with 8 achievement levels for each category. Levels 1 and 2 are visible whether you have achieved them or not, for each of the 10 initial categories. Each category has a different measure. For example, the count of comments to achieve level 4 (Comment-licious) will be different from the count of Kudos given to achieve level 4 (Kudo-licious) and the higher the level, in each category, the harder "the bosses" get. 😄 A very few members, notably JRahm, PSilva, and a few MVP's (who have been around and very active for many years) have reached level 7 or 8 in just a couple of categories but, for the most part, levels 5, 6, 7, and 8 are still wide open. There for the taking. Enjoy, have fun, and the last thing I'll say is I'm not done with badges; special badges, one-offs, and maybe even a whole new category (or three) will come later. Thanks for being part of our community. Lief * "Badges? We ain't got no badges! We don't need no badges! I don't have to show you any stinking badges!"Security Automation with F5 BIG-IP and Event Driven Ansible
Updated (September 19th 2023) INTRODUCTION TO EVENT DRIVEN SECURITY: Event Driven Security is one of the projects I have been working on for the last year or so. The idea of creating automated security that can react similarly to how I would react in situations is fascinating to me, and then comes the BIG Question.... "Can I code it?" Originally our solution we had utilized ELK (Elastic Logstash Kibana) where Elasticsearch was my logging and monitoring tool, Kibana was the frontend GUI for helping me visualize and set up my watchers for my webhook triggers, Logstash would be an intermediary to receive my webhooks to help me execute Ansible related code. While using Logstash, if the Ansible code was simple it had no issues, however when things got more complex (i.e., taking payloads from Elastic and feeding them through Logstash to my playbooks), I would sometimes get intermittent results. Some of this could be my lack of knowledge of the software but for me it needed to be simple! As I want to become more complex with my Event Driven Security, I needed a product that would follow those needs. And luckily in October 2022 that product was announced "Event Driven Ansible" it made it so I didn’t need Logstash anymore i could call Ansible related code directly, it even took in webhooks (JSON based) to trigger the code, so I was already half way there! CODE FOR EVENT DRIVEN SECURITY: So now I have setup the preface let’s get down to the good stuff! I have setup a GitHub repository for the code i have been testing withhttps://github.com/f5devcentral/f5-bd-ansible-eda-demowhich is free for all to use and please feel free to take/fork/expand!!! There are some cool things worth noting in the code specifically the transformation of the watch code into something usable in playbooks. This code will take all the times the watcher finds a match in its filter and then then copies the Source IP from that code and puts it into a CSV list, then it sends the list as a variable within the webhook along with the message to execute the code. Here is the code I am mentioning above about transforming and sending the payloads in an elastic watcher. See the Full code in the GitHub repo. (Github Repo --> elastic -->watch_blocked_ips.json) "actions": { "logstash_exec": { "transform": { "script": { "source": """ def hits = ctx.payload.hits.hits; def transform = ''; for (hit in hits) { transform += hit._source.src_ip; transform += ', ' } return transform; """, "lang": "painless" } }, "webhook": { "scheme": "http", "host": "10.1.1.12", "port": 5000, "method": "post", "path": "/endpoint", "params": {}, "headers": {}, "body": """{ "message": "Ansible Please Block Some IPs", "payload": "{{ctx.payload._value}}" }""" } } } } In the Ansible Rulebook the big thing to note is that from the Pre-GA code (which was all CLI ansible-rulebook based) to the GA version (EDA GUI) rulebooks now are setup to call Ansible Automation Platform (AAP) templates. In the code below you can see that its looking for an existing template "Block IPs" in the organization "Default" to be able to run correctly. (Github Repo --> rulebooks -->webhook-block-ips.yaml) --- - name: Listen for events on a webhook hosts: all ## Define our source for events sources: - ansible.eda.webhook: host: 0.0.0.0 port: 5000 ## Define the conditions we are looking for rules: - name: Block IPs condition: event.payload.message == "Ansible Please Block Some IPs" action: run_job_template: name: "Block IPs" organization: "Default" This shows my template setup in Ansible Automation Platform 2.4.x, there is one CRITICAL piece of information i wanted to share about using EDA GA and AAP 2.4 code is that within the template you MUSTtick the checkbox on the "Prompt on launch" in the "variables section". This will allow the payload from EDA (given to it from Elastic) to pass on to the playbook. In the Playbook you can see how we extract the payload from the event using the ansible_eda variable, this allows us to pull in the event we were sent from Elastic to Event Driven Ansible and then sent to the Ansible Automation Platform template to narrow down the specific fields we needed (Message and Payload) from there we create an array from that payload so we can pass it along to our F5 code to start adding Blocked IPs to the WAF Policy.(Github Repo --> playbooks -->block-ips.yaml) --- - name: ASM Policy Update with Blocked IPs hosts: lb connection: local gather_facts: false vars: Blocked_IPs_Events: "{{ ansible_eda.event.payload }}" F5_VIP_Name: VS_WEB F5_VIP_Port: "80" F5_Admin_Port: "443" ASM_Policy_Name: "WAF-POLICY" ASM_Policy_Directory: "/tmp/f5/" ASM_Policy_File: "WAF-POLICY.xml" tasks: - name: Setup provider ansible.builtin.set_fact: provider: server: "{{ ansible_host }}" user: "{{ ansible_user }}" password: "{{ ansible_password }}" server_port: "{{ F5_Admin_Port }}" validate_certs: "no" - name: Blocked IP Events From EDA debug: msg: "{{ Blocked_IPs_Events.payload }}" - name: Create Array from BlockedIPs ansible.builtin.set_fact: Blocked_IPs: "{{ Blocked_IPs_Events.payload.split(', ') }}" when: Blocked_IPs_Events is defined - name: Remove Last Object from Array which is empty array object ansible.builtin.set_fact: Blocked_IPs: "{{ Blocked_IPs[:-1] }}" when: Blocked_IPs_Events is defined ... All of this combined, creates a well-oiled setup that looks like the following diagram below, with the code and the flows setup we can now create proactive event based security! Here is the flow of the code that is in the GitHub repo when executed. The F5 BIG-IP is pushing all the monitoring logs to Elastic. Elastic is taking all that data and storing it while utilizing a watcher with its filters and criteria, The Watcher finds something that matches its criteria and sends the webhook with payload to Event Driven Ansible. Event Driven Ansible's Rulebook triggers and calls a template within Ansible Automation Platform and sends along the payload given to it from Elastic. Ansible Automation Platforms Template executes a playbook to secure the F5 BIG-IP using the payload given to it from EDA (originally from Elastic). In the End we go Full Circle, starting from the F5 BIG-IP and ending at the F5 BIG-IP! Full Demonstration Video: Check out our full demonstration video we recently posted (Sept 13th 2023) is available on-demand viahttps://www.f5.com/company/events/webinars/f5-and-red-hat-3-part-demo-series This page does require a registration and you can check out our 3 part series. The one related to this lab is the "Event-Driven Automation and Security with F5 and Red Hat Ansible" Proactive Securiy with F5 & Event Driven Ansible Video Demo LINKS TO CODE: https://github.com/f5devcentral/f5-bd-ansible-eda-demoTrying to Fill Some Giant Shoes...
Tuesday, May 24th marks the first DCC for me to be an "official" cast member! I'm taking over the vacant chair left by Mr. John Wagnon, as our DCC security specialist. Having seen John in the community for years and years, it seems like a daunting task, but I've got some great people to learn from, for sure. Back in 2008 or so, I was introduced to F5 as a customer and, at the time, was very much an Open Source zealot. I shied away from purchasing anything at all besides servers to run Linux on. I was truly moved by F5's community website and began my transition to becoming an F5 zealot when I found this gem of an article that comletely changed the health and performance of my massive scale SaaS implementation. It's awesome to have my first livestream be a Top5, as the crew had me test out my chops with a Top5 for March: It was the first thing I did in my new home studio, though, so I had to come to grips with moving on from my old Blue Yeti mic and get down to business with a spare Shure SM-57 I had from my snare drum. I'm truly honored to join this cast of characters,buulam,JRahm&PSilvaand will work to deliver the best community focused security content possible.Ch-ch-ch-ch-changes
Hi everyone, welcome to the new DevCentral! If you are reading this, there’s a good chance you have noticed some big changes to the site. This article will go over some of the changes, get you started, and introduce some of our new features. Another platform change? Why? Those of you who've been around a while know that the last major site change didn’t work out as we’d hoped for a variety of reasons. It has taken a while for us to prepare a solid fix, and we appreciate your patience and assistance in the process. In our ongoing effort to serve the DevCentral community as best we can, we’re proud to announce the launch of our new and improved site. What does this mean for me? For most users, you’ll simply need to adjust to the renovation and have fun exploring the new features we’re all excited about. A few of you may want to make some changes to your username or profile. OK, so what changed? TL;dr - you can skip on over to the Getting Started guide if you don't want to read through the changes listed below. Usernames: Spaces in usernames are not available going forward, and existing spaces in usernames have all been converted to underscores. For example, my old username “Leslie Hubertus” is now “Leslie_Hubertus” – and while everyone now has the option of changing their username, please note that spaces are no longer allowed. Additionally, if you had a really long handle (16+ characters), it has automatically been truncated to 15 characters. The system will automatically prompt you to update your username the first time you log in. You can leave it truncated if you wish, or change it at that time. If you decide to change your username , you can do so at any time by clicking on your profile picture in the top right of your screen, and clicking on My Settings. This will change the username associated with your profile and all your posts. Ranks: Our ranking schema has gone cloudy and we have added a few levels. You'll see everyone's rank next to their username. A quick note: 2 ranks override point-based ranking: MVP, and F5 employee. Do you have what it takes to get to Bespin? More info to come. Where did everything go? TL;dr Questions is now FORUMS Articles is now TECHNICAL ARTICLES CodeShare is now under the CrowdSRC umbrella Article Series can now be found by searching for "series," and we will be publishing an article with more information in days to come (and update this and the Getting Started articles accordingly). Questions has now become FORUMS: Technical Forum This is where you’ll post any technical questions or observations, just like you would have in the old Questions section. Water Cooler This is a new feature where the community can post about anything else (within the community guidelines). Want to talk about a particular Agility session, or general trending non-political news topics? Brag about your sweet home rig, or get advice on building one? This is the place to do that. Note: Posts, kudos, and comments in the Water Cooler do not count towards your rank – but good content is good content. When really good stuff happens around the Water Cooler we may move it to make it more prominent. Articles: Technical Articles This is where you will find, well, technical articles...go figure! These articles are written by F5ers, just like before. CrowdSRC This is dedicated to community-created and -contributed technical articles and code. It is a new and improved version of the old CodeShare. Code is of course still welcome and encouraged, but you can now also write free-form insights and solutions to share with the community. Note that the DevCentral team will review submissions prior to publishing, and all are subject to the community guidelines. DevCentral News This is a new featured section where you’ll find announcements, and other non-technical information from the team. Check here for Agility updates, contest announcements, team updates, and swag giveaways. Groups: This is a new feature we are excited about! Groups is a place for special groups to have conversations. The inaugural group is the MVP group, which is an invite-only place for our MVP cohort to converse with each other. We will be opening this feature to other groups slowly as we come to understand whether it serves the community well, For example, there may be potential for usergroups to have their own space in the community. We would love to hear what you think about the Groups feature. Events: This is another new feature we are excited about! This is where you’ll find links to things like Agility, webinars, trivia games, SME office hours, Livestream after-hour shows, and other events we’re planning for the community. Suggestions: Code syntax highlighting is now supported! Thanks to @MVP Kevin Davies for suggesting this feature! Whether you are creating an article or making a comment, here’s how to insert code: Click on the three dots to expand the toolbar: Click on Insert/Edit code sample, and you will see the following popup: OK, but what happened to my Follows, Bookmarks, and Private Messages? Unfortunately, we weren’t able to migrate this information on your behalf. Please read this article for more information. If you didn’t get notification about this ahead of time, and really need the name of that one article you rely on, please reach out to us at DevCentralFeedback@f5.com and someone on the team will reply directly to you. Unfortunately, while Private Messages continue to be a feature, we were not able to keep Private Message data across the migration. Follow is now Subscribe. How do I Subscribe to (formerly “Follow”) or Bookmark an article? Once you are in an article, you’ll see And At the top of each article, there are two options available to you. You can click on the small drop-down arrow or use the Options link with the three vertical dots. Once you do, you will see the menus as shown, where you can Bookmark (saved to a list on your profile) and Subscribe (get notified of article updates). How do I manage Bookmarks and Subscriptions? Click on your avatar in the top right of the page, then click on My Subscriptions, and it’ll take you directly to the relevant part of your My Settings page where you can Customize All The Things (related to your notification settings): Customize your experience! How do I find that article I really liked? Labels and Tags on this platform: Labelsare enforced on new content and represent a very small set-list of high-level organization defined by us: Security, DevOps, Application Delivery etc. Tagsare those free-form pieces that the author may contribute to their own post. You can interact with these components like this: (added tags are clickable/sortable too) You can subscribe to changes for any label (when you click on it) And you can see articles sorted by tags by clicking on them too. The red bar at the left of a post marks UNREAD. Important note on subscribing to tags: Subscribing to a tag is board specific, so if you want to see (for example) irules in articles and technical forum, you need to subscribe in both places. Fine, fine, but... How do I post a question, comment, or code? Please read this article for a primer on posting to the new DevCentral. Besides the editor being fairly intuitive, consistent, and easy to use, one new thing we’re happy about is that copying and pasting from into the text editor should no longer result in failarious formatting issues. You should also be able to write in multiple coding syntaxes now, including GO, ApacheConf, TCL, and nginx Guideslines and EULA, oh my Here are the DevCentral Community Guidelines, and this is our updated EULA. I’m still reading this. What's next, and where’s my cookie? We’re glad you stuck with us this long, and really hope you are happy with the changes. We do have more incremental changes planned, will be making further improvements as we go, and hope you will leave us a comment below or use the Suggestions page to share your input! As for cookies, well… that’s between you and your browser history.DevCentral's Featured Member for January - Daniel Wolf
Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and ourFeatured Seriesgives you some insight on some of our most engaged folks. DevCentral Member and newly minted MVPDaniel Wolf is our Featured Member to kick off 2022! Let's catch up with Daniel! DevCentral: First, please explain to the DC community a little about yourself, what you do and why it is important. Daniel: I’m an enthusiast. When I was younger, I was a passionate handball player. Later I also became a passionate handball coach for children. Recently I became an avid cook. Almost ten years ago I moved to the Balkans, to the city of Skopje. I fell in love with the region, the people, and the Balkan way of life. I even found my wife there. Almost three years ago my family and I moved back to my hometown, a small city close to Frankfurt in Germany. And I have always been a tech enthusiast. DevCentral: You’ve continued to be an active contributor in the DevCentral community.What keeps you involved? Daniel: I find it interesting to read what challenges others from the community are facing. In case I know an answer to their question, I will reply. In case I don’t know the answer, but I think I can figure it out with a reasonable effort, I will try to. It helps me to broaden my knowledge but even more important to share the answers with others. DevCentral: Tell us a little about the technical expertise you have. Daniel: First time I touched a computer was an Intel 286 with DOS 5.0. After a couple of weeks, I deleted a couple of seemingly useless file to install Monkey Island. Since then, I became pretty good at solving computer problems. Nowadays they are called projects and the problems are often much more complex. The last technology I was responsible before I decided to become an F5 consultant was Microsoft SharePoint and other .NET web apps. Roughly 7 years ago, there was a project to protect an online banking application with a WAF. So, unlike many other F5 specialists, I am not a network specialist but a web server dude. DevCentral: You are a Senior Network Professional at Controlware GmbH. Can you describe your typical workday, how you manage work/life balance and the strong support of F5 solutions? How has the pandemic impacted your work? Daniel: I appreciate that there is not a typical workday. I enjoy a challenging mix between projects, presales activities and occasional L3 support. Most fun for me are projects where I can help my customers to protect their apps and APIs. In the past two years we also had a lot of projects building, improving, or scaling out identity-aware access solutions. So, on a typical day, I’d say I am still solving computer problems. The pandemic has improved my work/life balance, I don’t have to drive to the office anymore and I can have a walk in the field during lunchtime or enjoy a coffee with my wife (she’s also working from home). DevCentral: Do you have any F5 Certifications? If so, why are these important to you and how have they helped with your career? Daniel: I have the 401 since last year. The 401 was a very good exam, passing it required an understanding of many F5 solutions but also of broader security concepts. My employer is promoting to get certified and allowed me to prepare during working hours. DevCentral: Describe one of your biggest Customer challenges and how the community helped in that situation. Daniel:I’d say that this is one of my current projects. We are migrating from an end-of-life proxy platform to BIG-IP and we are building a lot of the content switching and rewrite features with iRules. Devcentral is a goldmine if you are looking for iRule documentation and code snippets. DevCentral: Lastly, if you weren’t doing what you’re doing – what would be your dream career? Like, when you were a kid – what did you want to be when you grew up? Daniel: I always wanted to be some sort of IT guy. I think I am fine where I am now, I enjoy my work. If I was granted a wish, carpenter would be an alternative. I like the idea that, at the end of each day, you can see what you have built with your own hands. The things I build, they are meaningful as long as there is a browser available. ---Thanks Dan!We really appreciate your willingness to share with the DevCentral Community. Stay connected with Daniel and Controlware on social media: Controlware GmbH on LinkedIn Daniel on LinkedIn Controlware GmbH on the WebA Makeover for DevCentral.
UPDATE: This maintenance has been moved to Jan 24th starting at approximately 8AM Pacific time. --- DevCentral Community, TL;DR - I am announcing some updates coming to the DevCentral community website in a few days - January 17th.24th. This is a mid-sized reboot, some upgrades that we expect will make our online environment a bit nicer to use now and enable more epic-ness to come. ***This update WILL include a maintenance downtime of up to 6 hours starting around 8AM PT (-8 UTC).*** A huge shoutout. I speak for everyone on our team when I say the DevCentral community rocks! We on the DevCentral team are inspired and motivated by your creativity and willingness to share. The depth of your capabilities and the mutual respect you have for individual learning never ceases to amaze. Asyou, collectively, work through increasingly complex problem-spaces we are always working to support your progress. Our recent observations and your suggestions have been buzzing in our ears for several months and so the changes you'll see soon represent next steps for what we think will make your DevCentral community truly exceptional. An updated UI is just the start. Interface updates will be the most obvious, but these are evolutionary rather than revolutionary - a paint job and some new tech. The new tech includes a simpler set of stylesheets, more configurable page templates, some advanced features in the editors, and an overall reductive approach to some historical bloat. One of my design tenets is best summarized as comfortably information dense. DevCentral is a functional website, mostly used during your workweek, and we are looking to strike a balance between engaging with the content quickly and easily (e.g., less scrolling and more filters) without getting eyestrain or needing to know where you are on the site. I'll get into a bit more detail next week and after we launch, I expect to produce some guided walkthroughs you can use to discover some gems. If you are coming to AppWorld in San Jose in February - be sure to stop by our booth and look me up - I can give you a personalized tour.Mention this article and I'll be forced to find some special swag for you too!😎 Wait. Did you say "reductive"? Yes. In a world where everyone backs up everything a subtractive mindset seems nutty. I'm no expert (case-in-point, the length of this announcement) but I embrace the subtractive sentiment and as such I have been ruthless about driving this upgrade for a host of reasons and that *may* have come at the expense of some existing features. Some things won't be present at launch (like Badges and Event calendars) but on-balance I'm sure we will be better off. That said, if something you love disappears - let me know in a comment, in a DM, or on the Suggestions page. I can't promise everything, butI do promise my level-best and that everything is done with intent: sharing valuable and useful technical information with you. Temporary Outage Most important, for now, is to plan for a short outage the morning of Jan 17th approximately 8AM Pacific Time (-8H UTC) for up to about 6 hours. Next: A reminder on Monday, Jan 15th 🚀ICYMI on DevCentral - April 2022
DevCentral publishes a ton of content each month and it's easy for articles/videos/forum posts to get lost on the timeline. Here's a snapshot of the top posts and videos from April 2022, in case you missed it! Solved on the Technical Forum /var full with accepted solutions from Lidev@ and Sebastiansierra LTM Local traffic policy to many options!!! - Help needed! with an accepted solution from Mayur_Sutare HTTP Header insert withan accepted solution fromEnes_Afsin_Al Request client cert auth based on URLwithan accepted solution fromspalande I am adding a custom http header but how to print it out using irules? byDavid_M who ended up solving this problem for himself. 🙂 Huge thanks to everyone who offered solutions on the Technical Forum! We love to see folks helping each other solve problems and answer questions. F5 Technical Articles: Cisco ACI Endpoint Learning with a BIG-IP HA FailoverbyEric_Ji who shared lessons learned to guide the design and troubleshooting of the BIG-IP HA and failover with Cisco Application Centric Infrastructure (ACI). Protect Applications from Spring4Shell. (CVE-2022-22965)bywarburtr0non how to protect from the Spring4Shell vulerabilities. High Availability in a Bare Metal World byGreg_Cowardprovides guidance for deploying a highly available and scalable application delivery infrastructure on top of Equinix Metalutilizing eitherVMWare orKVM hypervisors. AFM Protocol Custom Signatures for Spring4Shell and Spring_Cloud (CVE-2022-22963 and -22965)byJames_Affeldon usingAFM Protocol Inspection to detect exploits. Configuring BIG-IP AFM firewall policies and rules with AnsiblebyLeon_Sengwho demonstrates asample workflow of building up the automation of AFM firewall policy configuration using Ansible. How to Use F5 Distributed Cloud to Obfuscate Ingress and Egress TrafficbyMichaelatF5navigates government compliace with Cyber Liability Insurance and how toobfuscate ingress and egress traffic. If you've got suggestions for Technical Articles, drop them below in the comments. The DevCentral team can try and track down a SME to write on that topic. Demos and Livestreams RomanJexplainshow to use Ansible and BIG-IQ to automate steps to cleanup a BIG-IP and remove unused/expired certificates and keys: JRahmwalks through a proof of concept for automating captures, and a road map to take that ground work and expand your capture horizons. Jim MacLeodcovers the evolution of cloud services towards distributed, and what benefits of MCN can be realized through this architecture. See you next month! Huge thanks to everyone who contributed to the community in April. If you have any ideas or suggestions, don't hesitate to pop over and write a comment in ourSuggestions box. See you out there in the community!
