BIG-IP Next: Securing and Delivering the Next Application Era
Cast your mind back to 2004
Generally speaking, many would agree that things were simpler, less hectic, and proceeded at a much more leisurely pace. Digital Transformation as we know it today was very much still in its infancy, and in earnest, was probably only just shy of a Googlewhack contender at the time. Music was arguably superior too, but we’ll set that topic aside for now. Life was certainly more straightforward for IT organizations who it’s estimated were only responsible for the operations of around 50 to 100 applications; a drop in the ocean by today’s standards of 250-plus. Largely more localized, less dynamic, and supporting fewer users than today’s workloads, it’s safe to say that BIG-IP administrators had it easier back then. And that’s even before the risk of cyber threats are brought into the equation; outside of the Netsky malware outbreak, 2004 was also relatively quiet on the cybercrime front with only a handful of newsworthy incidents reported.
While the turn of the century was undoubtedly much quieter than today’s technology climate, we all know it didn’t stay that way for long. The following decades would yield explosive application growth, an ever-expanding threat landscape, seismic shifts in the deployment locations of apps, new application architectures and much more. Fortunately, one software release back in 2004 would prove to be a pivotal milestone in BIG-IP’s history, preparing it, and its users, for the chaos that would ensue…
BIG-IP v9.0
17th February, 2004 marked the release of BIG-IP v9.0. Up until this point the name ‘BIG-IP’ had been used to refer collectively to its hardware and software constituents, but this release saw the divergence of BIG-IP into hardware platform components and a significantly improved software component known today as ‘TMOS,’ or ‘Traffic Management Operating System.’ The introduction of TMOS represented a fundamental rearchitecting of the software framework that significantly improved performance and scalability, while also enhancing BIG-IP’s traffic management and threat protection capabilities with improvements to application-layer security, SSL offloading, global-server load balancing and much more. Not only did this software transformation unveil several new ground-breaking features that are still wildly used today—of which iRules are the most notable example—but it also produced the Traffic Management Microkernel (TMM), shaped F5’s coveted full-proxy architecture, and paved the way for the virtualization of BIG-IP for use in the cloud years later.
History lesson aside, after existing users had overcome the slight learning curve associated with operating the latest software, they would come to realize that BIG-IP TMOS granted them the security, scalability, and extensibility needed to protect and optimize their applications for decades to come. In the twenty-odd years since this transition, tens of thousands of customers globally have employed BIG-IP to manage tens of millions of mission-critical applications—a feat that would not have been possible without BIG-IP TMOS. In the face of ongoing expansion and distribution of application portfolios, surging daily cyberattacks, accelerating application time-to-market and an ever-increasing strain on IT operations teams, the time has come for BIG-IP’s software to evolve once more in support of the next era of applications and BIG-IP users.
F5’s next generation BIG-IP software: BIG-IP Next
Recognizing that the complexity and magnitude of today’s application and threat landscape will only rise in years to come, the core tenets for BIG-IP Next are that of simplification, security, and scale. To deliver against these principles, the software fabric of BIG-IP has undergone another significant refactoring, whereby TMOS’ monolithic framework has been fragmented into several interconnected, containerized components that plug, play, and scale independently. This architectural shift not only yields the inherent benefits of containerization—greater failure isolation, superior scalability, and accelerated software development to name a few—but also grants the opportunity for various systemic improvements:
First, BIG-IP Next greatly simplifies and accelerates application deployments by shifting to an entirely declarative configuration framework, leveraging reusable and readily automatable API’s (AS3) and configuration templates. This approach, combined with BIG-IP Next’s modern and highly intuitive user interface, abstracts away much of the complexity associated with configuring app services and allows application deployments to be performed in minutes or even seconds.
Second, BIG-IP Next streamlines the software upgrade and patching experience. The days of upgrades requiring lengthy maintenance windows and hours of application downtime are long gone; major software upgrades can now be completed in a matter of minutes while upgrades and patches to components not in the data path may be possible with zero downtime. Further, cutting-edge security capabilities and software patches will be released much faster owing to BIG-IP Next’s accelerated software development process, meaning users will be able to protect against vulnerabilities and evolving cyber threats quicker than ever before.
Third, BIG-IP Next boasts a completely rearchitected control plane with dedicated and scalable compute resources designed to handle the most extensive, complex, and dynamic application portfolios the future has in store. Capable of supporting millions of configuration objects, transacting many more API requests per second, and implementing configuration updates in single-digit milliseconds, BIG-IP Next’s control plane is built for extreme performance and resiliency in highly automated environments.
Fourth, BIG-IP Next shifts to a simplified operating model that’s better suited for the day-to-day operations of distributed and complex application portfolios. Every BIG-IP Next deployment now consists of two essential components: BIG-IP Next Instances and the BIG-IP Next Central Manager. While the BIG-IP Next Instances provide an enforcement point for application delivery and security policies in the application data path, the BIG-IP Next Central Manager provides a single point of control for managing the end-to-end lifecycle of hundreds of BIG-IP Next Instances and the apps they support. With granular and portfolio-wide observability, app deployment, configuration change automation, certificate management, iHealth integration, and so much more now possible through a single pane of glass, BIG-IP Next Central Manager significantly reduces operational complexity.
Although with major improvements, BIG-IP Next is still in many ways the same solution that users know, love, and have trusted for decades—simply modernized and optimized for the future. It carries forward the majority of existing functionality including its high-performance data plane, rich protocol support, advanced security functions, and automation capabilities. iRules certainly aren’t going anywhere either with their creators now benefitting from an optimized iRules editor, iRules versioning, and the ability to migrate existing iRules to BIG-IP Next.
Existing BIG-IP application configurations can also be easily migrated over to BIG-IP Next using the BIG-IP Next Central Manager Migration Service—an integrated tool capable of modifying BIG-IP configurations to be compatible with BIG-IP Next. For F5 hardware users, the multi-tenant nature of F5’s next-generation hardware systems makes migrations even easier by permitting BIG-IP TMOS and BIG-IP Next Instances to run side-by-side on the same device and allowing apps to be gradually migrated at the users desired pace.
As of today, BIG-IP Next supports VELOS and select rSeries systems, as well as VMware and KVM environments via the BIG-IP Next Virtual Edition. Additional rSeries systems and cloud deployment locations such as Amazon AWS, Microsoft Azure, and Google Cloud will also be supported shortly.
If you’re interested in learning more about how BIG-IP Next can simplify your operations, strengthen your security posture and help you scale throughout the next application era, then please check out this solution overview and register for our upcoming webinar: Modern App Delivery & Security with BIG-IP Next. If you’re ready to start kicking the tires, then simply reach out to your F5 account manager or visit MyF5.com to obtain a free trial of BIG-IP Next today.