DevCentral ICYMI - September 2024
DevCentral publishes new content constantly, and it’s easy to miss the latest from F5’s technical user community with all that turnover. So here’s a monthly round-up of DevCentral news, content, and events—in case you missed it! New and Notable Share Your Expertise at F5 AppWorld 2025! CFP is now open. F5 and NetApp partnership for Large Language Model AI deployments - F5 and NetApp have teamed up to improve enterprise AI capabilities by using F5’s secure multicloud networking solutions with NetApp’s data management tools. Experience the power of F5 NGINX One with feature demos - Introducing F5 NGINX One, a powerful solution designed to significantly enhance business operations with its high-performance data plane and user-friendly SaaS-based console, offering robust traffic management and critical monitoring features. Content Round-Up AI/LLM F5 BIG-IP and NetApp StorageGRID - Providing Fast and Scalable S3 API for AI apps - F5 BIG-IP's advanced load balancing improves HTTPS server performance. It ensures high availability and optimal storage node utilization when used with NetApp's StorageGRID S3 compatible object storage. How to Prepare Your Network Infrastructure to Add HPC Clusters for AI to Your Data Center - HPC AI cluster integration in enterprise data centers brings challenges, such as network segmentation, security, and high costs. Learn how to overcome these challenges. F5 Distributed Cloud: How I Did it - Migrating Applications to Nutanix NC2 with F5 Distributed Cloud Secure Multicloud Networking - Enterprises struggle to scale and migrate applications while maintaining consistent security and user experience. F5 Distributed Cloud Services (XC) simplifies extending and migrating applications from on-premises environments to Nutanix NC2 clusters, backed by Nutanix's comprehensive hyper-converged infrastructure. Security Insights What is Web Cache Exploitation? - Explore insights from a recent BlackHat/DefCon 2024 presentation on Web Cache Exploitation, which reveals how discrepancies in HTTP server and proxy behaviors can lead to vulnerabilities like Web Cache Poisoning and Web Cache Deception. (HTTP) Redirection via Arbitrary Host Header - In this article, we delve into the importance of the Host header in web requests, its role in enabling multiple-domain hosting, and the potential security risks associated with improper handling. How to Identify and Manage Scrapers (Pt. 1) and How to Identify and Manage Scrapers (Pt. 2) - Here are different ways to find and manage web scraping activities. This includes: scrapers that identify themselves, identifying using IP address, more advanced techniques for finding scrapers that don't identify themselves. We will also talk about the challenges caused by pretending to be someone else and the increase in scraping done by AI. Exploring the Zero Trust Models of AWS, Microsoft, and Google - In response to distributed workforces and advanced cyber threats, the Zero Trust Model enforces strict identity verification, granular access control, and continuous monitoring for users, devices, and resources. Major cloud providers like AWS, Microsoft, and Google have their own versions. Scanning for CVE-2017-9841 Drops Precipitously - The July 2024 Sensor Intelligence Series reports a significant drop in scanning activities for vulnerabilities CVE-2017-9841 and CVE-2023-1389, despite their previous high levels. This highlights the importance of ongoing cybersecurity vigilance. Scuba Gear from CISA, ROBLOX Malware Campaign, and RUST backdoo-rs This Week in Security Leaks & breaches, memory-safe C++, cryptominers and bridging the air-gap This Week in Security GC Document AI Transitive Access Abuse, make-me-root holes in VMWare fixed and more - This Week in Security BIG-IP Next: How to secure egress with F5 Service Proxy for Kubernetes (Japanese language version: 次世代のBIG-IP SPKとK8s コンテナの外部アクセス制御) - Securing Kubernetes egress traffic can be challenging. F5's Service Proxy for Kubernetes (SPK) offers a solution. It dynamically manages egress through its Calico egress gateway. This allows for central control, consistent network policies, and source NAT translation. BIG-IP Next Installation Guides - These resources will walk you through the initial steps of getting Central Manager and instances installed on the various platforms for labs and production. F5 Distributed Cloud: How I Did it - Migrating Applications to Nutanix NC2 with F5 Distributed Cloud Secure Multicloud Networking -Enterprises face challenges with scaling and migrating applications. F5 Distributed Cloud Services (XC) helps by enabling seamless application extension and migration, as shown with Nutanix NC2 clusters. Architecture Options for Kubernetes Service Discovery in Distributed Cloud - F5 Distributed Cloud (XC) Virtual Edition Customer Edge increases service discovery in Kubernetes clusters, allowing easy connectivity in dynamic microservices environments. Cascading Configs Tool for F5 Distributed Cloud Managed Service Provider (MSP) and Delegated Access Customers - The new XC-Cascading-Configs tool simplifies configuration management for F5 Distributed Cloud customers. It allows efficient push and maintenance of shared configurations across multiple tenants. NGINX: Deploying F5 NGINX Plus Graviton-powered Containers as AWS ECS Fargate Tasks - Amazon's Graviton4 chip offers great price-performance for cloud architects. NGINX Plus works with ARM64, ECS, and ECS Fargate. It's easy to set up, use, and scale within AWS. Announcing F5 NGINX Gateway Fabric 1.4.0 with IPv6 and TLS Passthrough - NGINX Gateway Fabric 1.4.0 features IPv6 support, TLS passthrough, server zone metrics, custom pod annotations, and improved testing automation. It ensures stability and performance for Kubernetes clusters. BIG-IP: F5 BIG-IP deployment with Red Hat OpenShift - keeping client IP addresses and egress flows - OpenShift 4.14's AdminPolicyBasedExternalRoute improves control of egress traffic by utilizing F5 BIG-IP as the default gateway for certain namespaces. This feature ensures client IP preservation and integrates security functions. BIG-IP VE in Red Hat OpenShift Virtualization - Running BIG-IP VE in Red Hat OpenShift Virtualization connects virtual machines and Kubernetes. This simplifies management and operations by using OpenShift's KubeVirt and QEMU+KVM Linux virtualization layers. VMware to Red Hat OpenShift Virtualization Migration - Seamlessly migrate workloads and BIG-IP Virtual Editions from VMware to OpenShift Virtualization. Our comprehensive guide will streamline your transition and unify your application infrastructure. F5 Cloud Failover Extension (CFE), private endpoints, and custom DNS - Using the F5 Cloud Failover Extension (CFE) for API-based failover in public cloud environments can cause issues with API calls being blocked. This is due to custom DNS settings and private endpoints. To resolve this, configure DNS settings to properly resolve private IP addresses.GITEX Global 2023 in Dubai - DevCentral Visits
@buulamis fresh from GITEX Global in Dubai! Here are some highlights from his trip and the connections he made at this massive IT conference. Make sure to subscribe to theDevCentral Youtubechannel,and followDevCentralandBuu Lamto get the latest updates. DevCentral Visits GITEX Global 2023 in Dubai! Zakeer Zubair on Navigating Changes in F5 and Dubai Over 16 Years Role Reversal! Zakeer Zubair Dives into Buu Lam's Journey Grant Taylor talks about Exclusive Networks and the Middle East region DevCentral Visits GITEX Global 2023 in Dubai! Buu arrives at GITEX Global 2023 in Dubai! This massive security conference (more than 200,000 attendees) has a lot of cool things to explore. Zakeer Zubair on Navigating Changes in F5 and Dubai Over 16 Years Zakeer Zubair, the Senior Manager for Solutions Engineering at Gulf & Levant, has seen significant changes in F5 and Dubai over 16 years. He discussed how market needs align well with F5's portfolio of application and API delivery and protection. He also highlighted the value of the university intern program. Role Reversal! Zakeer Zubair Dives into Buu Lam's Journey Role reversal! Zakeer Zubair interviewed Buu Lam about his journey to becoming a DevCentral Community Evangelist and the importance of sharing educational content. Buu also shares his impressions of Dubai as a first-time visitor! Grant Taylor talks about Exclusive Networks and the Middle East region Grant Taylor, General Manager of Exclusive Networks in the Middle East, oversees the largest distributor in the region. With professional services, specialized partner sales teams, the company is leading the digital transformation taking place in the Middle East.
Remember your first stack?
Do you remember your first stack? Maybe you got lucky and had a chance to build your first stack from the ground up, with ample time and resources. Your stack was flexible, efficient, and modern, with everything you need, and nothing you don’t. Maybe you inherited a stack that was built when your company’s business was really different…and managing security and updates takes enough time and resources that you never quite got around to upgrading the system to meet current business needs. Maybe your first stack showed just how many people had been involved in its development over the years, with idiosyncratic workarounds to allow integration of older and more modern tech. As you’ve moved from role to role, you’ve probablynoticed that every stack is different, featuring a unique combination of elements that reflect the current and historical needs of the business…and a unique set of app and API security and delivery needs to match. At F5, we’ve noticed that, too - That’s whywe’ve worked hard to build a set of security and delivery solutions that can work on any architecture. That’s also why we created the Frankenstacks—these colorful stacks are meant to bring to life the unique architectures our customers have built and to represent the creative solutions those architectures include. So, go ahead Choose a new Frankenstack avatar. (You can even pick one that reps your real-life stack.) Tell us what you remember about your first stack. And remember that whatever you’ve built, we secure that.Certified Kubernetes Administrator - Study Group
I recently completed my CKA and want to encourage others as I was encouraged. To that end, I'm going to facilitate a study group that will kick off the week of April 24th. Requirements You're welcome to join in on the fun for weeks 1 and 2, but you must register for the exam by week 3 and set a test date to continue on with the study group. Commitment is key! The exam is $395 but I have a code that should get you 50% off if you register in the first two weeks of our study group. You will sign up for a week of material to learn and share with the group what you learned, and walk the group through the lab exercises that challenged you the most and what you learned from them. You'll commit the time to study, it's a lot of material to learn You'll show up for and participate in meetings (with the understanding that life happens) Material The only required material for this study group is the Certified Kubernetes Administrator with Practice Tests course on Udemy. It is $35, but sometimes it's discounted, I think I got it at $19 when I registered. In the course material, there is a coupon that will unlock the CKA course labs for free on KodeCloud.com. Schedule As far as time is concerned, I know that will be tricky. I'm available most days Tuesday-Friday between 3pm - 6pm central. We can nail down a timeslot once everyone interested is set. From a weekly perspective, you can expect about 3-4 hours of course content, plus the labs, plus any additional studying you might do on your own. Week Date Concepts 1 April 24th Introduction | Core Concepts 2 May 1st Scheduling | Logging & Monitoring | Storage 3 May 8th Application Lifecycle Management | Cluster Maintenance 4 May 15th Security 5 May 22nd Review | Killer.sh Lab Attempt #1 6 May 29th Networking 7 June 5th Designing & Installing a Cluster | Installing the kubeadm way | Troubleshooting 8 June 12th Mock Exams | Killer.sh Lab Attempt #2 9 June 19th Prep for / take your exam Any questions on the exam, the material, the study group, drop them below. I hope to see you the week of April 24th! If you want to join, send me a DM here on DevCentral or shoot me an email at j.rahm@f5.comand I'll add you to the group. First group I'll likely limit to the first 8-10 to keep it small enough to encourage conversation.'What is WebAuthn' Next Time on DevCentral Connects
Web Authentication API is the latest W3C standard to authenticate your users to web applications using public key cryptography. Get rid of your passwords. Yay. No more phishing, no more password stealing, using #WebAuthn. Join us Tuesday, April 11th, 8:30AM Pacific, as buulamwelcomes Dan Moore back to the show. He's the Director of Developer Relations at FusionAuth to talk all about Web Authentication API. This link: https://youtube.com/live/u6sr98XvLmI sets your reminder with no password! DevCentral Connects is live every Tuesday 8:30AM Pacific. Join the DevCentral Connects Group here on DevCentral.'How to Pass the CKA Exam' Next Time on DevCentral Connects
Kubernetes is an open source container orchestration system designed to automate software deployments, scale and management. It's also a hot topic on DevCentral Connects! Join us Tuesday, April 4th, 8:30AM Pacific, as JRahmjoins buulamto talk about his journey to become a Certified Kubernetes Administrator. He's going to go through his training, his study group, and they may even be joined by a special guest who helped coordinate it all. That's Tuesday, April 4th, 8:30AM Pacific. This Link https://youtube.com/live/Zbx1UnqDyhc sets your reminder. DevCentral Connects is live every Tuesday, 8:30AM Pacific. Subscribe.'The Ultimate Home Lab' Next Time on DevCentral Connects
Is your home lab a VM on a laptop? Maybe it's a tower dedicated for testing. Or maybe it is a fully-loaded 42U Rack in your closet with unlimited storage. If you'd like to get the most out of your home lab join DevCentral Connects Tuesday, March 28, 8:30AM Pacific as Principal Application Security Engineer James Cox joins buulamto talk about his tricked out home lab and give you some tips on how to maximize your little testing facility. This link https://youtube.com/live/BZiWaEycrvk sets your reminder...DevCentral Connects is live every Tuesday 8:30AM Pacific. Get the most out of your home lab and subscribe.'What is Multi-Cloud Networking' Next Time on DevCentral Connects
Surveys suggests that organizations have anywhere from 3 to 5 cloud providers on average. But what do you do when the application in one cloud needs to call the database and another cloud and then load images from a third cloud? Multi-cloud networking, that's how! No need to subnet your brain because we're bringing you the goods. Tuesday, March 21st, 8:30AM Pacific, one of the OG’s of MCN Rob DeWeese. He's the Director of Cloud Networking at Kyndryl and he's going to tell us all about Multicloud Networking from the early days and what NetOps can do today to make it a simple process.buulamHosts.This link sets your reminder - DevCentral Connects is live every Tuesday, 8:30AM Pacific. Subscribe.'Monitoring for Everyone' Next Time on DevCentral Connects
It's early, a storms rolling in and you just want to stay in bed. I get it. But who's keeping an eye on your systems when you want to smash that snooze button for the third time? Monitoring! That's who! If done right, monitoring can catch the unexpected, but also help predict the expected. Join us Tuesday, March 14th, 8:30AM Pacific as buulamwelcomes Ryan McLean. He's a Developer Advocate with Datadog and he'll tell us all about, ‘LET’S USE RED’ so that monitoring can benefit everyone. This linksets your reminder that DevCentral Connects is live every Tuesday, 8:30AM Pacific. It's not that bad out. Get up and subscribe. And, while you're at it, join the DevCentral Connects Group!
