Machine Identity Protection Is a Critical Part of Modern App Development

When we talk about connected machines or machine-to-machine communications, we don’t just mean the vast number of physical devices across global enterprise networks. Today, machine also includes code running independently on devices, APIs, containers, serverless architectures, and of course virtual machines (VMs).

Because they are software-defined, these machine types are easily created, changed, and destroyed throughout the day, every day. And that ease of use has made software-defined machines an important part of the app development workflow. Throughout the continuous improvement, continuous development (CI/CD) pipeline, the ease of spinning up new VMs to develop and test applications is often an important part of quickly bringing to market new applications (or new features on existing applications).

For application developers, a speedy CI/CD pipeline can be a real boon; but if they are not created with care and consideration, all those VMs can put a strain on your infrastructure and can introduce security vulnerabilities. And machine security starts with machine identity protection.

There are two essential components to ensuring machine identities and securing machine-to-machine communications:

1)    Digital certificates: Digital certificates are how a public key is associated with its owner (i.e., associated with a particular machine, which in this case includes virtual machines, software, and web domains). Certificates always have an expiration date and are far more easily renewed prior to expiration.

2)    Cryptographic keys: Private keys enable a user to digitally sign information to prove it came from the owner of that private key. Public keys are used by the recipient to validate digital signatures as having come from a particular private key. The set also work together to ensure that data encrypted with a public key can only be decrypted by the owner of the associated private key.

Maintaining secure communications relies on the flawless implementation and coordination of certificates and keys across your entire network of physical and virtual devices. The best way to prevent certificate-related outages is with proactive management—which is where the Venafi Platform comes in. About a year ago, we began working on F5 and Venafi integration to ensure our joint customers can simply and safely scale HTTPS for their applications, including automating and scaling applications across multi-cloud infrastructure. Now we are pleased to deliver on a new phase of this partnership that extends Venafi’s industry-leading machine identity protection capabilities into a range of F5 products and solutions, including BIG-IQ Centralized Management. With BIG-IQ and Venafi, you can more easily automate and orchestrate keys and certificates to secure machine identities across all your F5 BIG-IPs—physical and virtual.

BIG-IQ Centralized Management simplifies oversight of complex BIG-IP environments by automating discovery, tracking, management, and monitoring of physical and virtual BIG-IP devices (and the services running on them), whether in the cloud, on premises, or co-located at another datacenter. Certificate Management is among the many management tasks consolidated within BIG-IQ, and here we can work with the Venafi Platform to automate the processes of deploying, renewing, or changing SSL/TLS certificates. BIG-IQ can also alert you in time to plan ahead before certificates expire—alleviating headaches before they start.

Additional Resources

• Certificate Management with BIG-IQ and Venafi – DevCentral Lightboard Lesson
• F5/Venafi Solution for Enterprise Key and Certificate Management – DevCentral Article
• Key and Certificate Management with F5 and Venafi – Video Demo
• Automating Protection: Machine Identities, F5 and Venafi – Solution Overview
• BIG-IQ Product Details