F5 Cloud Native Keywords: Transformation, Construction, Integration

[51CTO.com original article] Cloud native is one of the hottest concepts in the field of cloud computing today. Simply put, cloud native is not just about migrating to the cloud, but about making full use of the uniqueness of cloud infrastructure and services to quickly deliver business value. In the view of Lin Jing, senior solution architect at F5, cloud native has three levels of meaning for enterprises. The first is the enterprise's infrastructure, the second is the changes in the application development of the enterprise in the cloud native scenario, and the third is how the enterprise adjusts its organizational culture to better adapt to the technical characteristics of cloud native. Among them, the most important is the reshaping and transformation of the infrastructure, which is the first and most important step for enterprises to move towards cloud native.

Lin Jing gave a detailed introduction to this process: First, transform the traditional infrastructure into a programmable model, so that the infrastructure has the ability to assemble Backing Services, making it elastic and scalable. This means abstracting the capabilities of traditional services into interfaces that can be called and orchestrated by the upper layer, and then applying traditional service capabilities to the business demands of the modern upper layer. It can be seen that the transformation of infrastructure is very important. Then use new technologies, including microservices, containers, Kubernetes, etc., to build a new modern application architecture to adapt to current urgent needs. Finally, integrate the transformed infrastructure with the modern architecture.

Transformation

In the traditional infrastructure field, F5 is responsible for everything from the boundary of the data center entrance, to the authentication of data center services, to the background application load balancing, as well as the release of application services and the policy management of application services. All work is done around applications, which is also F5's "main job": to release and deliver applications better, more securely and more optimally.

In traditional infrastructure, F5 provides programmable capabilities for platforms that carry traditional API services, Web services, and services that require third-party interconnection, and releases this capability to the upper layer so that it can fully call these services. In this process, F5 must first quickly deploy instances at the bottom layer, quickly deploy applications or services on the instances, and quickly template the applications and services to adapt to different scenarios or environments. Whether the underlying service resources or hardware resources can be tenanted, and whether resources can be quickly allocated through interfaces, all require the ability of interfaces. F5 has interfaces such as DO, AS3, FAST, and F5OS-API at the abstract layer. On top of this, F5 provides automated orchestration tools such as Ansible and Terrafrom, allowing customers to better integrate capabilities, interfaces, and upper-layer services, and needs to provide a programmable ecosystem.

Build

When it comes to building new cloud natives and implementing new technologies, enterprises often adopt an assembler architecture, which can also be understood as the enterprise's private cloud. Most enterprises' private clouds are more like moving the technology and model of the public cloud to the private cloud to allocate and manage resources. However, whether the assembly service capabilities required for resource management can migrate the model of the public cloud to the private cloud is a difficult point. Many enterprises privatize the public cloud, and some enterprise users will build PaaS on this basis.

F5 has added new solutions based on modern traditional basic service solutions, which are fully integrated into the modern cloud native architecture. F5 will help users to transform and adapt the public cloud, enhance the functions of the public cloud privatization model, and help users better privatize the public cloud.

In addition, under the public cloud model, F5 provides many SaaS services. If an enterprise wants to build PaaS, it can also provide cloud-native solutions in PaaS, such as the PaaS entrance, Kubernetes Control entrance, service mesh, modern cloud-native security and other technologies.

In terms of operation, F5 will provide multi-language operation servers through NGINX standard APP Server and Unit, and provide standard Kubernetes Ingress Controller under the container Kubernetes system, that is, the commercial version of Ingress Controller. Secondly, F5 provides NGINX Service Proxy container layer proxy and API management solutions. For east-west traffic management in the Kubernetes environment, F5 provides Service Mesh solutions, including NGINX Service Mesh solutions based on NGINX to help solve east-west service governance, and F5's Aspen Mesh solution, that is, an enterprise-level shared service network solution based on 146. With the increase in the number of microservices, the traditional defense model at the border is not suitable for the current microservice scenario. NGINX APP Protect can help users build application layer security under the Kubernetes system and the modern cloud native system to ensure the security of the application itself.

In addition, F5 also provides some SaaS services on the public cloud, including platform services, application security services, application analysis and digital experience enhancement insight services, intelligent DNS services, anti-fraud security solutions, etc. In the construction of the entire hybrid cloud architecture platform, F5 has built platform layer capabilities and edge computing capabilities through the acquisition of Volterra.

Lin Jing revealed that NGINX will also release two open source projects in the near future. One is an open source microservice grid application network, and the other is the open source of the NGINX control plane project. The open source of these two projects will help users better develop their own service grid applications and NGINX control plane technologies based on the NGINX technology stack in cloud-native scenarios.

Fusion

F5 uses the innovative Hub mode and Egress solution to help traditional network personnel integrate into the new PaaS platform and complete the integration of roles. The Hub mode lists a simulated space area in Kubernetes. This simulated space area is only managed by the network team. F5's controller quickly rewrites the business released by the business team to the external infrastructure. This not only solves the business department team's demand for not understanding F5's technical details, but also avoids the network team's intrusion into the application team. In this way, the Hub mode integrates traditional infrastructure capabilities with those under the PaaS system or the Kubernetes system very well, solving a practical challenge for users in the process of moving towards cloud native. This solution is called the Ingress solution, and F5's standard name is Container Ingress Services.

The Egress solution targets technical challenges and role challenges. In the outbound traffic of the container, since the IP address of the container is constantly changing, this means that traditional firewalls cannot be fine-tuned based on the IP address. The location of all control policies must be able to dynamically sense the changes in the container, which is a technical challenge. F5's solution uses an automated controller to communicate through the Kubernetes interface and automatically write the device to the external F5 policy controller.

For business departments and network security departments, since everyone has different security demands, what kind of strategy to base on and which department to manage is a very realistic problem facing customers. F5's solution divides security policy rules into three categories: one is the enterprise vertical strategy, one is the platform-level strategy of Kubernetes or the cloud native platform itself, and one is the strategy of a certain part of the business in the platform, the strategy of a business unit. Each business unit will also have many specific microservices, some of which have unique requirements. Starting a microservice is interconnected with a third party. For independent microservice units, refined separate entries need to be configured, forming a three-layer policy concept. Each layer of strategy is concerned by different decision makers. Through layered design, different people in the enterprise can pay attention to different policy resources, so that in terms of outbound security, traditional security personnel and modern organizational structure implementation can cooperate well, avoiding inefficient communication between management and technology, and realizing cloud native more efficiently.

Conclusion

In the field of cloud native, F5 focuses not only on cloud native technology, but also on the ability of overall enterprise solutions from the perspective of technology, humanities, etc. Based on a deep understanding of traditional infrastructure, F5 will help users truly implement cloud native at every level from the perspective of the data center.

[51CTO original article, please indicate the original author and source as 51CTO.com when reprinting on partner sites]