Q/A with itacs GmbH's Kai Wilke - DevCentral's Featured Member for February
Kai Wilke is a Principal Consultant for IT Security at itacs GmbH – a German consulting company located in Berlin City specializing in Microsoft security solutions, SharePoint deployments, and customizations as well as classical IT Consulting. He is also a 2017 DevCentral MVP and DevCentral’s Featured Member for February! For almost 20 years in IT, he’s constantly explored the evens and odds of various technologies, including different operating systems, SSO and authentication services, RBAC models, PKI and cryptography components, HTTP-based services, proxy servers, firewalls, and core networking components. His focus in these areas has always been security related and included the design, implementation and review of secure and high availability/high performance datacenters. DevCentral got a chance to talk with Kai about his work, life and mastery of iRules. DevCentral: You’ve been a very active contributor to the DevCentral community and wondered what keeps you involved? Kai: Working with online communities has always been an important thing for me and it began long time ago within the good old Usenet and the predecessor of the Darknet. Before joining the F5 community, I was also once an honored member of the Microsoft Online Community and was five times awarded as a Microsoft MVP for Enterprise Security and Microsoft-related firewall/proxy server technologies. My opinion is that if you want to become an expert for a certain technology or product, you should not just learn THE-ONE straight-forward method fetched from manuals, guides or even exams. Instead, you have to dive deeply into all of those edge scenarios and learn all the uncountable ways to mess the things up. And dealing with questions and problems of other peers is probably the best catalyst to gain that kind of experience. Besides of that, the quality of the DevCentral content and the knowledge of other community members are absolutely astonishing. It makes simply a lot of fun for me to work within the DevCentral community and to learn every day a little bit more… DC: Tell us a little about the areas of BIG-IP expertise you have. KW: Over the years, I successfully implemented BIG-IP LTM, APM, ASM, and DNS Service deployments for our customers. Technologically, I internalized TMOS and its architecture very well and I pretty much learned how to write simple but also somewhat complex iRules to control the delivery of arbitrary data on their way from A to B in any possible fashion. DC: You are a Principal Consultant for IT Security at itacs GmbH - a German consulting company. Can you describe your typical workday? KW: Because of my history with Microsoft related infrastructures, my current workload is pretty versatile. Many of my current projects are still settled in the Microsoft / Windows system environment and are covering the design and review of security related areas. Right now, I’m working with several DAX companies and also LaaS, PaaS and SaaS service providers to analyze their Active Directory and System Management infrastructures and to design and implement a very unique, fundamental and comprehensive security concept to counter those dreaded PtH (Pass-the-Hash) and APT (Advance Persistent Threat) attacks we are facing these days. Over the last years, my F5 customer base has periodically grown so I would say my work is a 50:50 mix right now. I do F5 workshops, designs, implementations, second and third level support as well as configuration reviews and optimization of existing environments. I work with some big web 2.0 customers that have the demand to pretty much exhaust all the capabilities of an F5. This challenges me as a network architect and as an ADC developer. I realize every day that working with F5 products makes so much more fun than any Microsoft product I have ever dealt with. So in the future, I will even more put my focus on F5! DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation. KW: In my opinion, the F5 products themselves are not that challenging – but sometimes the underlying technologies and the detailed project requirements are. But as long as those requirements can be drawn and explained on a sheet of paper, I am somewhat confident that the BIG-IP platform is able to support the requirements – thanks to the F5 developers who have created a platform which is not purely scenario driven but rather supports a comprehensive list of RFC standards which can be combined as needed. For an example, one of my largest customers operates an affiliate resource tracking system with three billion web requests per day with a pretty much aggressive session setup rate during peak hours. I have designed and implemented their BIG-IP LTM platform to offload SSL-encryption and the TCP-connection handling to various backend systems using well selected and performance optimized settings. Other scenarios require slightly more complex content switching, the selective use of pre-authentication and/or combination with IDS/IPS systems. To support those requirements, I developed a very granular and scalable iRule administration framework which is able to simplify the configuration by using rather easy-to-use iRule configuration files (operated by non TCL developers) which will then trigger the much more complex iRule code (written and tested by TCL developers) as needed. The latest version of my iRule administration framework (which is currently under testing/development) will be able to support a couple thousand websites on a single Virtual Server, where each websites can trigger handcrafted TCL code blocks as needed, but without adding linear or even exponential overhead to the system as the regular iRule approaches would do. The core and the configuration files of the latest version are heavily based on TCL procedures to create a very flexible code base and also conditional control structures, but completely without calling any TCL procedures during runtime to boost the performance dramatically. Sounds interesting? Then stay tuned, I am sure I will publish this framework to the CodeShare once it’s stable enough… 😉 DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up? KW: I was typing my first assembler code out of a C64 magazine at the age of 10, so I really wanted to be a developer and/or IT admin since then. But besides of my current job, I can also imagine being a racecar driver. I really have petrol in my blood and pretty much enjoy driving on the German Autobahn. As an alternative, I could also imagine being a cook. I really love cooking and enjoy awesome food! DC: Thanks Kai! Just don't fire up that sterno while shifting gears!! Check out all of Kai’s DevCentral contributions and check out their blog websites: ops365.de, flow365.de and brandmysharepoint.de.DevCentral's Featured Member for November - Alex Tijhuis
Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and our Featured Series gives you some insight on some of our most engaged folks. DevCentral Member Alex Tijhuis is our Featured Member for November! Let's catch up with Alex! DevCentral: First, please explain to the DC community a little about yourself, what you do and why it is important. Alex: I’m originally from the Netherlands but live in Newmarket (UK), together with my wife Jana and two kids. Jana is from South Africa where we met, and after having lived there for a few years, decided to move to the UK for a couple of years. That was 14 years ago and we’re still here! I’m a full-time F5 engineer, specializing in training and consultancy for all the major F5 products throughout Europe. And why it’s important? I don’t think I’ve got to tell you why F5 is important… 😉 DevCentral: You’ve continued to be an active contributor in the DevCentral community. What keeps you involved? Alex: Well thanks! I find myself coming and going to be honest. If I’ve got a few days off, I jump on there for a bit, see if I can help someone out, but also whenever I’m looking for obscure answers, DevCentral is one of the first places I end up. During consultancies as well as training sessions, I often get some very tricky questions (these students can sometimes throw me some very interesting curveballs…) – DevCentral has already come to the rescue quite a few times for me. Although I think I know quite a bit about the F5 products, I’m definitely missing some in-depth knowledge in some of the products. On DevCentral there is always someone around who either had the problem already before, or someone who knows more about it, or at least tries to help figure it out – it’s awesome! DevCentral: Tell us a little about the technical expertise you have. Alex: None… But for some reason people think I do, so I might as well pretend I know something… 🙂 DevCentral: You are a F5 Trainer and Consultant at ABCT.net Ltd?. Can you describe your typical workday, how you manage work/life balance and the strong support of F5 solutions? How has the pandemic impacted your work? Alex: Back in my later days of employment, an important part of the job was sales. Although I know (roughly) how it works, and I appreciate that it’s a necessary part, I hated it. Starting to work for myself gave me the freedom to no longer do the sales part and purely focus on the techy bits. Although ironically now I need to sell myself… And in case you’re wondering, ABCT.net comes from Alexander Boudewijn Christiaan Tijhuis, but that’s probably too long as a domain name, so I shortened it. People/companies hire me for a few days or a week to help them sort all kinds of things out; health checks, design chats, but also official F5 training, bespoke workshops or whatever comes up at the time. Consultancy and training is a tricky field though to get a steady stream of work and we tend to be quite flexible with our customers; sometimes our calendar is booked up for months in advance, all of a sudden we get a bunch of cancellations, meaning we’ve got some time off, and two days later, other people may have picked those dates up again and we’re booked solid again! Hard to predict really. It took some time to get used to it, but luckily F5 is a brilliant product (ahem) and there’s always need for good engineers so I learned to have some reserves in the bank and just roll with whatever happens. If I’ve got work, great! If I’ve got a couple of days off, great! During the pandemic for example, we initially had a lot of engagements cancelled. Great time to help the kids with their school work though, no travel for a bit and very much enjoyed spending more time with them for a couple of months. When people realized that home working was here to stay, a lot of training and consultancies started to move to fully remote and work picked up again. The extra time that was left, I then used to dive into some of the areas of F5 that I didn’t get time for yet so far such as NginX and SSLO as you’ll never know when that comes in handy. It’s good to have a ToDo list available in case I’m off for a week and to avoid getting bored, but so far that hasn’t happened yet. DevCentral: Do you have any F5 Certifications? If so, why are these important to you and how have they helped with your career? Alex: 401 and 402 certified, oh and the elusive 202! And yes, they are very useful. I was about to go on a rant on all the pros and cons of certification in general, but it’ll probably be easier to just reference on of my earlier rants; https://devcentral.f5.com/s/articles/F5-Certifications-Mega-Meta-Series-How-to-take-the-stress-out-of-the-F5-exams Jana has actually also started picking up some F5 certs! After spending some years with the kids at home, she wants to get back to work and actually quite likes the world of F5. Although she’s already been a valuable part to my company behind the scenes, she wants to actively pick up jobs in the future. Having a few of the F5 certificates shows all our customers that she’s not “just someone who’s interested”, but that she actually knows her stuff. So far, she’s passed the 101 and planning on doing the 201 on December. DevCentral: Describe one of your biggest Customer challenges and how the community helped in that situation. (Does not necessarily have to be DevCentral) Hmm, I’m struggling to think of a nice example that I can talk about, but here is to me a community that shows all the worth of “community” and the opportunities it brings – Linux! I don’t think there’s many communities that are bigger than that one out there, and what an impact it has made! Where would our modern world be without it? How many systems and devices aren’t running on it in some capacity – and for that matter, what would F5 look like? I think the power of communities are not always clearly visible, nor are the benefits immediately obvious, but at some point there will always be a community to help you, whether that is your local community or an online community. DevCentral being no exception to this! DevCentral: Lastly, if you weren’t doing what you’re doing – what would be your dream career? Or better, when you were a kid – what did you want to be when you grew up? Alex: I think I’ll be giving a pretty cliché answer here and say that I’m more or less having my dream career at the moment; tinkering with techy stuff, messing with my lab setup or talking to like-minded people about how to fix tricky problems – can’t complain! If I wouldn’t like what I’m doing, I should change it. Within reason of course, but I do believe that most people can do a job that they love – the question is if you’re willing to make the sacrifices that come with it. For me, that was many years ago to take a massive pay cut from a swanky railway consultancy job to become a junior network engineer, and more recently giving up stability of a job to create my own business. Having a bit of luck and support does help of course, but did it and never looked back. And what I wanted to be when I was a kid? For many years I wanted to paint houses. Start with a scruffy looking place and a couple of days later, end up with a plain, freshly painted building! I suspect that when I noticed how much work it actually was, I quickly forgot about it - lazy bugger… ---Thanks Alex! We really appreciate your willingness to share with the DevCentral Community. Stay connected with Alex on social media: ABCT on the Web Alex on LinkedInQ/A with Secure-24's Josh Becigneul - DevCentral's Featured Member for September
Josh Becigneul is the ADC Engineer for Secure-24 and DevCentral’s Featured Member for September! Josh has been working in the IT industry in various positions for a little over 10 years. He’s moved through various disciplines including MS server administration, Linux, Networking, and now has been working primarily with F5 BIG-IPs. For the past 3 years he has focused on F5’s products and growing a team of engineers to manage them. Secure-24 delivers managed IT operations, application hosting and managed cloud services to enterprises worldwide. DevCentral got an opportunity to talk with Josh about his work, life and the importance of being F5 Certified. DevCentral: You’ve been an active contributor to the DevCentral community and wondered what keeps you involved? Josh Becigneul: DevCentral has helped me greatly over the years as I’ve worked with F5 products, so I feel like it’s worth some of my time to spend both reading posts and helping others in the community. When I started off it helped to be able to explain a need and have someone create a basic iRule, or point me towards documentation explaining something. Now that my skills have grown, I want to pay it forward. DC: Tell us a little about the areas of BIG-IP expertise you have. JB: I started off on just BIG-IP LTM but over the years have grown into managing APM, GTM, ASM, and sometimes a mix of each. I’ve worked with 1500’s, 1600s, 3600’s, 3900’s and VIPRION. As well as Enterprise Manager and now BIG-IQ too. DC: You are an ADC Engineer with Secure-24, an application hosting and cloud services organization. Can you explain how DevCentral helps with your daily challenges? Where does BIG-IP fit in the services you offer or within your own infrastructure? JB: At Secure-24, BIG-IP has grown into an essential product for many portions of our organization, along with many of our customers utilizing its services to deliver their applications. We’ve got a large number of LTM customers, APM customers and we’ve been growing into ASM. GTM provides advanced DNS services for many of our customers around the globe. Most deployments using BIG-IP are custom tailored to suit the needs of the particular customer. These can vary from basic load balancing to advanced content steering, or small deployments of a few virtual services to large ones comprised of hundreds. With the variety of F5 products in use, having a resource like DevCentral is invaluable to our team. From being able to ask my peers questions about things, or utilizing the codeshare and wiki to learn more about iRules and iControl, I couldn’t imagine it not being available. DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation. JB: One of the most useful things iRules allow us to do is virtual hosting; running many services behind a virtual service. Coupling this with APM allowed us to greatly simplify remote access for us and our customers. For several customers, we used APM to migrate them away from MS Forefront. DC: I understand you are an F5 Certified Professional. Can you tell us about that and why you feel it is beneficial? JB: Yes, I first became F5 Certified in 2015 with my 201 Certified BIG-IP Administrator, and followed that up at 2016’s F5 Agility conference by obtaining my 304 APM Specialist. I feel it is beneficial because it helps to reinforce what I’ve learned over the years, and (hopefully) lets my customers feel like they are in good hands. (DC: Josh also recently passed the 302 GTM Exam!) DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up? JB: I’d probably be a roadie, and tour the world doing lights and sound for a huge band! DC: Thanks Josh and get us backstage passes! Check out all of Josh’s DevCentral contributions, connect on LinkedIn and follow both Josh @vsnine and @secure_24. And if you'd like to nominate someone to be the DevCentral Featured Member, please send your suggestions to the DevCentral Team!Q/A with SpringCM's Joel Newton - DevCentral's Featured Member for August
Joel Newton is a Senior DevOps System Engineer at SpringCM, a current DevCentral MVP and DevCentral’s Featured Member for August! SpringCM believes in leveraging technology to deliver immediate savings by automating and accelerating business processes – essentially, bringing the power of the cloud to contract and document management. SpringCM was using BIG-IP LTM to load-balance their application servers when Joel started there four years ago, and he stepped into the role of being the primary BIG-IP admin, managing the VIPs, pools, and iRules. In addition to managing the BIG-IP LTM, he’s also an architect of their continuous delivery and configuration management systems. Outside of work, he enjoys philosophy, genealogy, spending time with his family, and being a craft beer evangelist (as well as drinking craft beer). DevCentral got a chance to talk with Joel about his work, life and how DevOps & DevCentral have more in common than just the word ‘Dev.’ DevCentral: Hi Joel, thanks for your time! You are a current DevCentral MVP and have been a tremendous contributor to our community over the years. What keeps you involved? Joel: I think it’s that DevCentral is a very active community, with a lot of smart people trying to solve a lot of interesting problems. Just perusing the most recent questions can be a great way to learn things. My initial interest in DevCentral was sparked by Joe Pruitt’s docs on iControl and all the PowerShell knowledge and examples he provided. After a while, I realized that having a PowerShell module to manage LTMs might be beneficial, so I developed that and shared it with the community. DC: Tell us a little about the areas of BIG-IP expertise you have. JN: SpringCM primarily uses the BIG-IP LTM module and iControl REST. We built and host a large, complex, public-facing web application, and as such we have hundreds of servers that require load balancing. Since we have so many servers, our goal is to do as much of the administration as possible via scripts and command line, which is where iControl REST comes in. With PowerShell and iControl REST, we’re able to configure virtual servers, pools, pool members and iRules. DC: You are part of a DevOps team at SpringCM. Can you explain how DevCentral helps with DevOps challenges? JN: I think DevOps is just a fancy term for the attempt to achieve better system process automation and better system visibility. Anything that allows one to programmatically change settings and retrieve information about one’s systems (such as iControl and iControl REST, and all the PowerShell /Perl /python snippets shared on DevCentral) aids people doing DevOps. DC: Describe one of your biggest IT challenges and how DevCentral helped in that situation. JN: SpringCM has wanted to do continuous delivery for a while. Instead of doing monolithic quarterly deployments of the entire production environment, we want to get to where we’re deploying to select servers during the day with zero downtime, as needed. A big part of this is being able to automate the management of BIG-IP pool members. We’ve been doing zero-downtime deployments to production on a smaller scale to dozens of servers, but just recently, we accomplished our first “hot” (zero-downtime) deployment of our entire production environment (around 350 servers). This was only possible because we were able to use iControl REST and PowerShell scripts to have pool members disable themselves, wait until their connections dropped below a defined threshold, update their code, and re-enable themselves in their pool. DC: We’re in your hometown, Chicago, this week for F5 Agility 2016. What are you looking forward to at Agility? JN: I’ve signed up for some iRules labs, as well as one on BIG-IQ. We have some iRules that I inherited and have tweaked as needed, but I don’t feel that I’ve yet got a comprehensive picture on all that I could be using iRules for in our application. I’m looking forward to that, as well as getting a good intro to BIG-IQ. DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up? JN: Probably a full-time craft beer evangelist. DC: Thanks Joel! Check out all of Joel’s DevCentral contributions and follow him on GitHub or connect on LinkedIn. And follow SpringCM: @springcmQ/A with ExITeam’s Security Engineer Stanislas Piron - DevCentral's Featured Member for October
Stanislas Piron is a Security Engineer for ExITeam. 16 years ago, Stanislas started out with Firewalls, email and Web content security. His first F5 deployment was with LTM and Link Controller 10 years ago and he is DevCentral’s Featured Member for October! He started to focus on F5 products as pre-sales engineer for a IT security distributor in charge of F5 development. 4 years ago, he joined Exiteam, a small company of two security engineers helping resellers audit, design and deploy security solutions for their customers. To provide real expertise, they both focus their skills on a small set of products. He works with F5 products about 80% of his time. DevCentral got an opportunity to chat with Stanislas about his work, life and if European organizations have unique security requirements. DevCentral: You’ve been an active contributor to the DevCentral community and wondered what keeps you involved? Stanislas Piron: When I started working with F5 products, I created my DevCentral account to search piece of iRules and write my own iRules according to customer’s needs. As the needs grew, I had some unanswered questions. Searching DevCentral, I found another approaches to solving issues, helping me to solve my own challenges. Each time I find a better way to solve my problems, I try to share my code. I often read question and try to solve them thinking, “This can solve an issue of a customer I didn’t think about before” DevCentral is a place where every time you help someone, you learn something. DC: Tell us a little about the areas of BIG-IP expertise you have. SP: My favorite BIG-IP product is APM (LTM+APM mode), which covers almost everything about authentication. It’s also the product we must configure as simple as possible if we do not want the customer to have headaches reading the access policy. I often deploy BIG-IP with multiple modules including LTM, APM, AFM, GTM and ASM to offer high datacenter security. Most of my deployments use the local traffic policies for standard admin tasks, iRules for application compatibility, and the tcl codes in APM to assign variable boxes. DC: You are a Security Engineer with Exiteam, a security consulting practice. Can you explain how DevCentral helps with your daily challenges? Where does BIG-IP fit in the services you offer or within your own infrastructure? SP: iRules is a great tool to solve problems BIG-IP is not addressing, but iRules is nothing without the developer’s community. DevCentral experts share experience not only about tcl coding but protocol knowledge, iRule events orders, and working iRules. And on the other side, some IT admins ask about new needs that I may answer for the next customer. Each time I have a new challenge, I first search on DevCentral to see if someone already solved it. If not, I’ll create my own iRule. DC: I understand you are in France and wondered, what are some of the unique information security challenges for European organizations? SP: Information security challenges are not unique for European organizations as security risks are the same for all countries. DC: Describe one of your biggest challenges and how DevCentral helped in that situation. SP: With Microsoft Forefront TMG End of sale, most of my customers migrated to F5 products. One of my customers, a SAAS provider, with almost exclusively Microsoft products (TMG, Exchange, Sharepoint, etc.) and with more than 20K concurrent users was evaluating how to migrate to BIG-IP LTM, ASM, APM and AFM. During POC (and then deployment) we worked to get the same behavior with APM as TMG with SharePoint about office editing documents. I found some question on DevCentral with parts of an answer, but not the full answer. I wrote an iRule optimized for such a deployment (20K users) answering all the customer needs and shared it. Some DevCentral experts, who had the same needs, commented on it to make it simpler, generic and optimized. DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up? SP I don’t remember what I wanted to be when I was child and IT is not a dream job if you don’t evolve. What I expect in my job is to not do the same job as the day before, and I think I found it. Every day, I meet new customers, I have new challenges and I learn something increasing my knowledge. DC: Thanks Stanislas and congratulations! You can find Stanislas on LinkedIn and also check out his DevCentral contributions. Related: Q/A with Yann Desmarest - DevCentral's Featured Member for July Q/A with SpringCM's Joel Newton - DevCentral's Featured Member for August Q/A with Secure-24's Josh Becigneul - DevCentral's Featured Member for SeptemberQ/A with Betsson's Patrik Jonsson - DevCentral's Featured Member for April
Patrik Jonsson lives in Stockholm with his wife and son and works as a network engineer for a company providing online casino games across the world. Outside work, he likes to spend time with his family, play around with his home VMware lab and enjoys watching movies. He also loves travelling and having a beer with friends. Patrik is also a 2017 DevCentral MVP and DevCentral’s Featured Member for April! DevCentral got a chance to talk with Patrik about his work, life and his project the BIG-IP Report. DevCentral: You’ve been a very active contributor to the DevCentral community and wondered what keeps you involved? Patrik: One of the best, and fun ways to learn new things is to take on problems, or discussions presented by fellow technicians. It forces you to continuously challenge what you think you know and keeps your knowledge up to date. In addition, when I need input, or help myself, DevCentral has so many brilliant and helpful members ready to take on whatever you throw at them. DC: Tell us a little about the areas of BIG-IP expertise you have. PJ: The first time I ran into a BIG-IP was just after I graduated from university. It was a 1000 series running BIG-IP v4. When I quit that job 6 years later I considered asking to bring it home with me, but somehow my girlfriend at the time was not as keen to the idea. Still don’t know why. 🙂 I’ve been working mostly with BIG-IP LTM and iControl, but recently I’ve started to dabble a bit with APM, GTM/DNS and ASM as well. DC: You are a Network Security Specialist at Betsson. Can you describe your typical workday? PJ: At Betsson you never know what’s going to happen when you step into the office. The gaming industry has very tough competition and getting comfortable as one of the bigger players around is not an option since rivals are always ready to take your place. This, combined with awesome colleagues, makes it a joy to step into the office every morning. DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation. PJ: Being a multinational company with offices supporting multiple brands, one of the biggest challenges we have is knowledge sharing. Giving the developers the correct information when they need it is vital for an efficient application delivery. In order to provide this, we have used iRules to present troubleshooting information in the form of custom headers so developers can see which pool and member that responded to their request and the current status of all members. We also have a smarter version of the traditional sorry page which shows information about the failed pool and what’s being monitored. And then of course, BIG-IP Report. All of these are using iRules and iControl and would not have been possible without the DevCentral API documentation and of course, my hero Joe Pruitt. DC: What can readers learn from your blog: https://loadbalancing.se/ and what is the BIG-IP Report? PJ: My blog is where I post ideas and projects that I have. There’s a BIG-IP APM + Google Authenticator guide, F5 Web UI augmentation script for version 11 and a few other things. BIG-IP Report was born out of a need to show people the load balancing configuration in a simple manner without giving them access to the BIG-IP interface. After implementing it we have gone from developers asking us where things are, to instead them telling us about bad configuration. We also discovered that it is awesome for us as well, as we can get an overview of the configuration across multiple devices. Finding a specific VIP, or pool is so much easier when the information is in one place. I guess the best way to understand it is to try it at http://loadbalancing.se/bigipreportdemo/ The blog is not updated that often, so it’s safe to subscribe without getting too much spam. DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up? PJ: I think my dream would be working with a non-profit organization helping people in need. I love travelling and combining that with something meaningful would be really nice. Thanks Patrik! Check out all of Patrik’s DevCentral contributions, check out his blog, or connect on LinkedIn. And visit Betsson on the web or follow on Twitter.Q/A with Admiral Group's Jinshu Peethambaran - DevCentral's Featured Member for March
Jinshu Peethambaran is a security architect currently working with Admiral Insurance. He started his career 9 years ago, managing network security operations and started working on F5 products about 5 years ago. He is also a 2017 DevCentral MVP and DevCentral’s Featured Member for March! DevCentral got a chance to talk with Jinshu about his work, life and his dream of being 100 million miles in space. DevCentral: Hi Jinshu, thanks for you time. You’ve been a very active contributor to the DevCentral community. What keeps you involved? Jinshu: DevCentral has helped me greatly over the years as I’ve worked with F5 products, so I feel like it’s worth spending some of my time both reading posts and helping others in the community. Searching DevCentral, I found another approaches to solving issues, helping me to solve challenges. Just checking the most recent questions is a great way to learn things. DC: Tell us a little about your areas of BIG-IP expertise. JP: At earliest stage in my career, I was involved on basic BIG-IP LTM projects. After some successful experiences, I started working on another level and learn different BIG-IP modules. Now, I think I’m pretty comfortable with all F5 BIG-IP modules but I’m clearly specialized in security. Now I’m pretty confident on BIG-IP LTM, DNS (formerly GTM), ASM, APM and AFM modules. I have implemented multiple solutions using these combinations for different customers, all these years. DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation. JP: iRules are great tool to solve unique BIG-IP challenges, but iRules are nothing without the developer’s community. DevCentral experts share experience not only about tcl coding but protocol knowledge, iRule events orders, and working iRules. And on the other side, some IT admins ask about new needs that I may answer for the next customer. Security is a vast area and we get new requirements and challenges every time. Each time I get a new challenge, I first search on DevCentral to see if someone already solved it. If not, I’ll create my own iRule. DC: Can you tell us a little about your blog, Secure Leaves and why it is important to Know your network before a hacker does? JP: Since I started working on security domain, I through to give a helping hand for others as well. So I started this blog explaining small technical challenges and solutions for that. This blog focus on security products and hence the title “Know your network before a hacker does”. DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up? JP: I’d probably be an Astronaut or a professional space traveler searching for external life and doing experiments in Mars. J When I was a kid I always dreamt about being an Astronaut, staring at the stars. Thanks Jinshu! Check out all of Jinshu’s DevCentral contributions, check out his blog, or connect on LinkedIn. And visit Admiral Group plc on the web and LinkedIn Related: Q/A with Yann Desmarest Q/A with SpringCM's Joel Newton Q/A with itacs GmbH's Kai Wilke Q/A with Rackspace Network Architect Vijay Emarose Q/A with Secure-24's Josh Becigneul Q/A with ExITeam's Security Engineer Stanislas PironQ/A with Yann Desmarest - DevCentral's Featured Member for July
Yann Desmarest is the Innovation Center Manager at e-Xpert Solutions SA and one of DevCentral’s top contributors. e-Xpert Solutions SA is a F5 Gold Partner, Unity Partner Support and a Guardian Partner. Yann has been a BIG-IP administrator for 6 years and enjoys basketball, table tennis, hacking, cinema and manga (especially Naruto). And one of his favorite activities is developing complex iRules and that’s why he is DevCentral's Featured Member for July! We got a chance to chat with Yann about his work, his life and why he enjoys participating in the DevCentral Community. DevCentral: Hi Yann. Thanks for your time. You’ve been a tremendous contributor to the DevCentral community over the years and wondered what keeps you involved? Yann: I’m always looking for new challenges and DevCentral is a really good place to solve complex issues and to share knowledge and experiences with peers. It’s also a place that I can find useful information on iControl, iRules and iApps code. DC: Tell us a little about the areas of BIG-IP expertise you have. YD: At my earliest stage in the business world, I was involved on basic BIG-IP LTM projects. After some successful experiences, I wondered if I could rise up to another level and decided to learn BIG-IP ASM, APM and GTM modules as well. Now, I think I’m pretty comfortable with all F5 BIG-IP modules but I’m clearly specialized in security and more precisely the authentication and WebSSO part delivered by BIG-IP APM. I also acquired some development skills using iRules and iControl. DC: You often participate and post in the Codeshare area – tell us about some of your favorite submitted iRules/iApps and how they work. YD: I've had several requests to protect Microsoft Skype for Business Edge services against NTLM brute force and dos attacks. I decided to develop an iRule to intercept the encrypted traffic and identify NTLM authentication attempts on the SIP flow. Then, suspicious IPs and users are blacklisted for a duration that you can define in the RULE_INIT event. I had also requirements to provide Client certificate authentication on Microsoft Exchange ActiveSync for Apple iOS devices. The main issue is that this kind of authentication requires a Mobile Device Management or Apple Configurator system. Deploying a full MDM for that need may be overkill so we developed an iRule that provisions the Exchange payload to the iOS device. The client certificate is retrieved using SCEP protocol. Now, with the availability of iRulesLX, I will be able to extend this feature to retrieve a certificate using third party APIs. And finally my favorite is the APM Full Step Up Authentication iRule and Access profile that we published on DevCentral. I had a look at the Step-Up authentication feature on the APM v12.1.0 and found that it’s currently limited. I decided to develop my own configuration to make it more flexible and mainly to have this feature available for older BIG-IP versions. No doubt that my configuration will be deprecated in future releases because APM will enhance its own feature set. I have many more iRules, iApps and iControl scripts to share with the community in the future. DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation. YD: I had a requirement to integrate APM with an iOS and Android mobile application. The application use SOAP body to POST credentials and a second factor was required for external users. I had to intercept the SOAP body to retrieve the username and password, then play those credentials through an external REST API web service and if the user is connecting from a public IP address, prompt the end user for a second factor that I send to a third party web gateway. This is a lot of peers and exchanges to integrate in the authentication process. I had also to implement full SOAP responses and handle errors. I consulted DevCentral and the iRules wiki to find how to use sideband connections, ifiles, ACCESS events and some crypto commands. Without the DevCentral community, I would not have been able to face this challenge. DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up? YD: Computer science was part of my life since the very beginning. Later, I decided to be an IT expert, to solve complex challenges and to help people securing their environments. Now, I’m following my dreams and work hard to be a computer expert. Just few words to thank all my colleagues and our F5 Field System Engineers that help me a lot to acquire more skills and experience on F5 technologies. DC: Thanks Yann! Check out all of Yann’s DevCentral contributions and follow him @expertsolchDevCentral’s Featured Member for July – Vosko Networking’s Niels van Sluis
For almost two years Niels van Sluis has worked as a Security Engineer for Vosko Networking. Vosko's security team focuses on supporting security solutions from various vendors like F5, Check Point, Cisco and RSA. Niels focuses is on F5 BIG-IP and Check Point. He started his professional career about 20 years ago in the ISP industry as an Unix Administrator, and switched to the public healthcare sector around 2001. In more recent years, he’s moved more towards working on network security and design. Apparently, having a Unix background helps a lot when working with modern security devices, since most of them are running on some flavor of Unix. When not working or spending time on DevCentral, he likes to travel, visit historic places and enjoy nature. And Niels is DevCentral’s Featured Member for July! DevCentral: Tell us a little about the areas of BIG-IP expertise you have. Niles: My first encounter with BIG-IP was during my previous job. A colleague had been working with BIG-IP before and introduced it as a replacement for the KEMP load balancer that was currently in use. So, I had to attend the ‘Administering and Configure BIG-IP’ course. It was then – when I learned about iRules – I saw the full potential of this nifty device. But during my days there I didn’t do much with the BIG-IP as in terms to administration. I would only touch the box, if my colleague was on leave. This however changed when I started working for Vosko Networking. Within about a year’s time I’ve gone through the BIG-IP certification program, spend a lot of time on DevCentral and got my hands dirty in the field. The BIG-IP areas I’m most experienced in are LTM and APM. The most fun part for me are iRules (LX). DC: You are a Security System Engineer at Vosko Networking BV. Can you describe your typical workday? NS: My typical workday depends whether I’m working on a project or not. When working on projects I often visit customers throughout the country to help them deploy new equipment or configure new services. Recently I’ve migrated quite a few Cisco ACE and Microsoft Forefront TMG deployments to the F5 BIG-IP platform. Other times I help customers upgrading their BIG-IPs or setting up more advanced APM configurations including SAML and SSO. When I’m not working on projects I work on support cases or trying out new stuff in our lab. DC: You have a number of F5 Certifications including most of the Technology Specialist (LTM, GTM, APM, ASM) certifications. Why are these important to you and how have they helped with your career? NS: First of all, they are required for Vosko Networking to participate in the F5 Support Partner program. But more important to myself is that the F5 certification program helps to get deeper knowledge in to how the various BIG-IP modules work, how they relate (interact) to each other and what part the BIG-IP plays in modern network infrastructures. The certification program is also very practical; you can directly apply what you have been learning. It helped me to get more comfortable and confident in my day to day job. DC: Describe one of your biggest BIG-IP challenges and how did DevCentral helped in that situation. NS: In my experience, there are BIG-IP challenges every day. I think this is the result of the BIG-IP being some kind of network-magic-box, that can do about everything. With most other security devices, one is limited to the functionality and settings the box is shipped with. But with BIG-IP, you can really be creative and think outside the box. If the required functionality is missing, you can build it yourself with iRules. And customers know this. I often go out to customers with a specific need, but when starting out it isn’t always clear if this is something the BIG-IP can do by default. In these situations, access to the DevCentral community is crucial. Even though BIG-IP isn’t an open source project, it’s amazing to see how members share their time, code and knowledge to help each other. For example, some code that really helped me out are Yann Desmarest’s APM Full Step Up Authentication and Stanislas Piron’s APM SharePoint authentication. Besides code, I think the Lightboard Lessons are awesome; very helpful! DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up? I think I wanted to be an electrician when I was young, but I’m pretty sure that isn’t my dream job. As long as I’m able to learn new things and have new challenges, I’m happy how things are. I think I’m useless for any other job that doesn’t require a keyboard. Thanks for the privilege for being a featured member and thanks for the Lightboard Lessons as well. I really enjoy them. Thanks Niels! Check out all of Niels' DevCentral contributions, connect with him on LinkedIn and follow Vosko: @vosko.DevCentral’s Featured Member for May – NTT Security’s Leonardo Souza
Leonardo Souza lives in the United Kingdom, with his partner, 5-year-old daughter, and a (very) recently newborn son. He’s Brazilian and lived in Portugal for quite a while. He then moved to UK about 5 years ago ‘because of the amazing weather,’ he jokes. Leonardo started to work with computers when he was 18 years old (he’s not 18 anymore), so he’s worked with many technologies. Fast forward a bit (he’s not that old) and while working as a network engineer, he was working on a project to migrate applications from Alteon load balancers to F5 BIG-IP LTMs. He completed his LTM Essentials and LTM Advanced training during that time (2011) and with the migration project, he was impressed with BIG-IP. He even applied for a job at F5 in 2012 and joined as a Network Support Engineer. That moved him from Portugal to UK, and has been doing F5 products exclusively ever since. With all that, Leonardo is DevCentral’s Featured Member for May and we got a chance to talk with Leonardo about his life, work and scripting prowess. DevCentral: You were an F5er from 2012-15 and continue to be a very active contributor in the DevCentral community. What keeps you involved? Leonardo: I often say that 1 year in F5 support is equal to 5 years as a F5 customer. While in F5 support, I had multiple technical challenges every day, and I would typically go to DevCentral to check iRules documentation and get ideas for uncommon cases. After I left F5, I started using DevCentral to stay up to date about what is going on in the F5 world by reading the DevCentral articles. Then I started to go there daily and answer some questions myself. Short answer: to keep me updated, both about F5 news and my F5 knowledge. DC: Tell us a little about the areas of BIG-IP expertise you have. LS: Is difficult to know all F5 products, because some are for very specific networks/scenarios, but I know the common ones: BIG-IP BIG-IP LTM, GTM/DNS, AFM, APM, ASM, EM, BIG-IQ, and iRules. I had been a little bit lazy about the F5 certifications but recently I have done all level 300 exams. I have started study for the 401, so that should be done in the next couple months. DC: As a Security Consultant at NTT Security, what’s your typical workday? LS: First to clarify, the company recently changed names from NTT Com Security to NTT Security. I work in professional services, doing projects that use F5 products. My daily work includes doing some pre-sales activities advising pre-sales team about the F5 products, doing projects, and finding solutions or writing scripts to automate some F5 tasks. DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation. LS: I have been using DevCentral for many years, and iRules, to a point where it is part of my daily job. Flexibility is a major advantage for F5 and people ask all the time “Can you do this with an iRule?” Recently, I was working in a project to upgrade many F5 devices. We had to perform an extensive inventory for each device which was taking about 3 days per device. I wrote a Python script using iControl SOAP to perform that task. (I still prefer bash script, but there is no iControl SOAP for bash) It would take around 240 days to do that manually, and we did in around 3 days using the script. DC: Finally, if you weren’t in technology – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up? LS: I am doing the job I wanted since I was young and I can’t picture myself doing any other type of job. Thanks Leonardo! Check out all Leonardo’s DevCentral contributions or connect with him on LinkedIn. And visit NTT Security on the web or follow on Twitter and LinkedIn.
