- 28 June 2019 17:20
F5 and NGINX: Delivering Flexible, Secure, and Durable Applications from Code to Customer
Businesses are always looking for the next competitive advantage. Customers have more choice than ever, and expect every interaction to look, feel, and function as seamlessly as the Facebook and Google apps they use every day. As enterprises race to build new applications and roll out capabilities to meet their customers’ demands, a distinct pattern has emerged, often called “shadow IT”.
In a traditional IT architecture with monolithic applications, the infrastructure or network operations (NetOps) team usually controls app deployment, which is subject to strict compliance, governance, and security requirements. But DevOps teams in such environments – faced with both the internal pressure to innovate and the external pressure to bring services to market quickly – often circumvent such controls for the sake of agility. Even if the centralized legacy infrastructure is at the heart of the company, from a DevOps perspective it just slows down efforts to evolve and modernize. So instead of trying to innovate within the monolithic application, DevOps teams work in parallel on their own projects and choose the tools and stacks that suit them best. The result is an increasingly jumbled array of disparate tools and segmented applications.
F5 and NGINX have come together in part to solve this problem for our customers, providing an end-to-end pipeline that bridges DevOps and NetOps. Together, our integrated solutions comprise a unified, adaptable foundation upon which enterprises can build the dynamic, multi‑cloud applications of tomorrow.
The Double-Edged Sword of Modernization DevOps teams don’t want to throw away their organization’s governance model; they want to leverage it while taking control of the parts that currently get in the way of agility. Ideally, governance and compliance remain in place at the IT infrastructure’s front door, but behind it is a self‑service zone where application teams can release the features and updates they want, whenever they want. The result? A constant improvement to the customer experience. That’s what enterprises require to remain competitive.
Imagine a major retailer working to modernize its legacy brick-and-mortar operations with a robust consumer‑facing application. The retailer wants to bolster its load capacity for the massive influx of shoppers during the Black Friday and Cyber Monday rush, but its existing application infrastructure can’t scale rapidly enough to meet customer demand.
The retailer’s DevOps team may adopt a solution from outside its broader, standard infrastructure to achieve that elasticity and scale, bypassing the NetOps team. This mode of scattershot modernization has its benefits, but it’s a double‑edged sword.
The increasing number of new tools can cause unacceptable levels of complexity and risk. As shown in the figure below, It’s not uncommon to see that DevOps teams – in service of developer productivity – invest in a patchwork of point tools: app and web servers, Kubernetes Ingress controllers, proxies, API gateways, software load balancers, web application firewalls (WAFs), and caching servers. Meanwhile, on the other side of the divide, NetOps teams are investing in another set of point tools: app delivery controllers (ADCs), SSL offload devices, DNS tools, bot protection, advanced WAFs, DDoS mitigation, and identity and access management.
Organizations deploy point tools on either side of the divide Adopted outside the centralized application stack and IT protocols, the point tools on the DevOps side of the divide are not integrated into the corporate system or well understood by the NetOps teams most responsible for protecting the organization. Often these point solutions are assembled without the same level of rigor and focus on security and compliance with company policy as tools on the NetOps side.
Let’s look at a hypothetical but all-too-plausible example. Imagine that a vulnerability emerges and the NetOps team doesn’t have the skills or visibility into the DevOps tools it needs to block the vulnerability in a timely way. The company’s worst nightmare unfolds as data from thousands of customer accounts is compromised. The breach sparks a social media firestorm. Even though the DevOps point tools might not have been compromised directly, the shadow DevOps infrastructure caused significant visibility and compliance gaps that led to the enterprise taking on unnecessary risks.
What enterprises need are application services that securely span the entire application delivery path from end to end, eliminating the need for DevOps teams to take these sorts of security and control risks in the first place.
Bridging NetOps and DevOps Before joining together, NGINX and F5 each addressed one side of the divide between DevOps and NetOps.
NGINX has made it much easier for organizations to evolve their monolithic apps and implement new modern, distributed architectures. Our web server, application server, and application infrastructure products together streamline and optimize traffic flowing into and among applications and APIs. With a single open source‑based platform, NGINX eliminates the complexity that results from deploying point solutions to address the needs of developers and DevOps teams.
F5 has provided not only rich application management services, but also the leading solution for comprehensive app and infrastructure‑level security. With a single application services platform anchored in BIG‑IP, F5 eliminates the complexity that results from deploying point solutions to address the needs of NetOps teams.
The NGINX and F5 platforms consolidate point tools on either side of the DevOps‑NetOps divide But even with solutions available on both sides of the divide, there was still no single platform that supports application delivery across the entire path from code to customer. Until now. With NGINX part of F5, the combined organization will build a single platform that provides multi‑cloud application services. Our combined portfolio will give customers the ability to build flawlessly integrated microservices within distributed application architectures, while ensuring that traffic and endpoints are fully monitored, compliant, and secure.
NGINX and F5 will build a single platform that spans the path from code to customer Resting upon NGINX’s open source core and F5’s secure enterprise platform, enterprises can deploy both traditional and modern applications that are agile, flexible, and high‑performance without sacrificing governance, reliability, and security.
Business and development teams can move at the speed they want, with the freedom to choose the environment that works for them, while F5’s advanced application services run at the edge of the data center, form the security perimeter, and intelligently enforce policies everywhere. Instead of stringing together at‑risk servers, API gateways, load balancers, and other siloed point tools, one lightweight solution consolidates all the functionality you want, wherever you need it.
For the first time, an enterprise will be able to deploy a coordinated set of technologies that span the entire application delivery path, from code running on the application or web server, through all the necessary transport, security, and management services, to the end customer.
Put simply, the F5 and NGINX portfolios are more powerful together than apart. Customers on both sides of today’s DevOps‑NetOps divide – as well as the millions of users in the vibrant NGINX open source community – will continue to enjoy the benefits they’ve come to expect.
Looking ahead, expect more cross‑pollination. NGINX solutions will inherit richer security functionality and embed it deeply within the application infrastructure. F5 solutions will become nimbler while maintaining reliability and governance, bridging the span from code to customer to give business stakeholders, DevOps teams, and IT exactly what they need. We’re excited for what comes next. We hope you are, too.