All White Papers
This item is currently archived and may not contain the latest information.

White Paper

Managing the Cloud with BIG-IQ Cloud

Updated September 16, 2014

Introduction

The adoption of cloud solutions continues unabated. As enterprise organizations have continued to expand their use of cloud strategies, they have enjoyed related benefits, particularly that of agility. An October 2012 survey1 conducted on behalf of Redwood Software reported that 63 percent of enterprises that have implemented cloud solutions report an improvement in agility for supporting the needs of the business. When this benefit is coupled with reduced costs, it is inevitable that more applications will be deployed within cloud computing environments in the future.

Thus IT practitioners must adapt to this new paradigm and support both on- and off-premises cloud deployments, as well as maintain existing—and likely more traditional—application deployments. Doing so introduces complexity, as application network services in off-premises locations tend to be managed via processes and toolsets completely disconnected from those for managing on-premises services. The complexity of managing application network services through multiple consoles, APIs, and processes increases the potential for error and may offset the gain in productivity arising from the use of a commoditized cloud infrastructure.

Organizations that can bridge hyper-hybrid clouds with their core systems will be at the forefront to elevate business performance with the next wave of digital innovation. Tech Trends 2012: Elevate IT for Digital Business, Deloitte

IT must also determine how best to support elasticity and new architectural models that span both on- and off-premises cloud computing environments. Hybrid cloud models are increasingly popular, with both on-demand capacity (also known as cloud bursting) and split-architecture applications ranking high on the list of uses desired by IT and business stakeholders2. Yet the requirement to use cloud provider- specific APIs, frameworks, and management consoles to manage performance, scale, and security policies and practices is problematic.

The challenge before IT, then, is how to enable governance of security, performance, and scalability policies across multiple environments managed using different paradigms. Coupled with this is the pressure to do more with less: to automate deployment and delivery processes in order to become as responsive as possible in support of increasingly agile business models.

The New Data Center Management Model: Frameworks

Unifying application network services across both the cloud and the data center enables IT operations to automate deployment processes, a strategy that improves productivity, reduces errors, and speeds deployments for business constituents. Redwood Software found in its survey that 79 percent of enterprises implementing process automation experienced time savings, while 69 percent claimed improved productivity.

The time and effort required to implement a cross-cloud solution can be daunting. Virtualization-specific solutions work well for private (on-premises) cloud deployments but rarely extend to encompass public (off-premises) clouds unless the public cloud, too, is based on the same virtualization technology. While this is a viable solution, it limits the choice of cloud providers and may not be acceptable to business constituents. OpenStack, considered a viable alternative that could address this gap, requires skills that operations may or may not have. Too, the fledgling open standards contender in the burgeoning cloud management platform market is still maturing, and its application network services remain nascent. Yet the need exists now to extend enterprise-class application network and delivery services into the cloud in a consistent, unified manner—whether that cloud remains on the premises or extends beyond the data center.

F5 addresses that need with F5 BIG-IQ Cloud. Based on an extensible platform, BIG-IQ Cloud provides a framework for orchestrating the application network services provided by F5 BIG-IP Application Delivery Controllers (ADCs) in both public and private clouds. BIG-IQ Cloud facilitates federating application network and delivery services across clouds, regardless of their underlying network standards and management frameworks, unifying management and exposing a single, consistent view of the services required to deliver fast, secure, and scalable applications.

F5 BIG-IQ Cloud

BIG-IQ Cloud is a comprehensive application network services management solution. It is designed to improve operational consistency by extending enterprise-class application delivery services into both on- and off-premises cloud environments. It does so while also enabling the service automation and orchestration that result in consistent, repeatable, and fast application deployments, regardless of location.

BIG-IQ Cloud also enables integration with cloud management platforms, offering the ability to automate application deployment provisioning from end to end, including critical application network services like scalability, application routing, application-appropriate monitoring, security, and optimization.

BIG-IQ Cloud enhances cross-environment strategies such as cloud bursting and split-application architectures by supporting gateway capabilities that bridge management frameworks and delivering a single console from which to manage the entire application lifecycle.

The BIG-IQ Cloud management platform comprises multiple components:

  • iApps Lifecycle Management
  • Provider and tenant self-service web application portals
  • The BIG-IQ Cloud Connector plug-in for connecting to private cloud orchestrators, e.g., to VMware vCloud Director and VMware vCloud Networking and Security
  • The BIG-IQ Cloud Connector for connecting to public cloud providers, e.g., Amazon Web Services (for cloud bursting)
  • Service health and performance monitoring
  • The BIG-IQ Cloud REST API
diagram
Figure 1: F5 BIG-IQ Cloud components integrate and collaborate to provide consistent, cross-environment management of application network services.

The BIG-IQ Cloud Platform

The BIG-IQ Cloud platform provides the core services necessary for managing application-specific services. As part of the platform, BIG-IP device inventory and control extend to BIG-IP devices in all forms to provide platform information, software versions, registration keys, module status, and other device-specific operational data. The platform also enables analysis of historical data for capacity planning, service contract management, performance monitoring of SSL transactions, and distributed configuration management.

BIG-IQ Cloud responsibilities

The BIG-IQ Cloud platform consolidates a variety of management, administration, and connectivity tasks into one point of control and a single pane of glass. From this platform, IT can manage:

  • Cloud bursting— Gain on-demand use of public cloud resources with management of cloud-deployed BIG-IP virtual editions and integration with public cloud APIs.
  • Self-service application deployment— Reduce application network service provisioning time to minutes from weeks.
  • Application cataloging for service providers— Monetize application service delivery by categorizing application network services per service level agreements.
  • Tenant application access— Offer a self-service application network service portal for tenant use.
  • Orchestrator integration— Enable self-provisioning of application network services with northbound integration with VMware vCloud Networking and Security and VMware vCloud Director.
  • Solution racking and licensing— Centralize deployment and management of BIG-IP devices across environments.
  • Performance and health monitoring— Access statistical health and performance data for decision-making and troubleshooting.

The BIG-IQ Cloud API

Via the BIG-IQ Cloud API, application network services are abstracted and exposed to consumers, allowing for direct interaction or integration with software-defined data center (SDDC) orchestration solutions such as VMware vCloud Director.

The BIG-IQ Cloud API enables hybrid cloud implementations to provide a variety of cross-environment architectures and operating models, including cloud bursting and split-application architectures. BIG-IQ Cloud Connectors are built upon the BIG-IQ Cloud API and enable management of BIG-IP devices in cloud environments. This allows tenants to leverage cloud-hosted resources in a manner consistent with operational and business policies governing performance, availability, and security.

Organizations building custom management systems or desiring integration with other cloud management platforms also can use the BIG-IQ Cloud API to integrate BIG-IP application network services.

The BIG-IQ Cloud API is part of BIG-IQ Cloud. As a REST API exposed through port 443, it enables a robust set of management and operational functions, from licensing to tenant service instance management.

REST API Category Functionality
Provider interface Licensing functionality
Connector Create custom cloud connections with third-party cloud orchestrators
Tenant Create, modify, and delete tenants
iApps Management Service Create, delete, and retrieve statistics and health of application services
Tenant Services Create, delete, and retrieve tenant service instances
Figure 2: The BIG-IQ Cloud API makes it easy to perform a variety of management and operational functions.

BIG-IQ Cloud Connectors

BIG-IQ Cloud Connector is a plug-in that allows users to connect to cloud orchestration engines such as VMware vCloud Director or Amazon EC2 and manage application-related network services, including application provisioning and application health monitoring.

BIG-IQ Cloud Connectors for VMware enable IT infrastructure administrators and application owners to apply application network services using a single management interface in vCloud Director or vCloud Networking and Security.

diagram
Figure 3: BIG-IQ Cloud enables integrated management of the application network services required to deliver applications in the cloud.

Administrators register services and the associated service templates along with the clusters being served with the vCloud environment via the UI or API. Services are selected when an organizational virtual data center (VDC) is created, and these services will automatically be available when a new vCloud Networking and Security Edge Gateway is created in that VDC. Services and templates are then selected by the tenant during the provisioning process. Only optional parameters need to be specified by the tenant, as all other relevant application networking service configuration is specified in the template.

By exposing only a few parameters to the tenant and encapsulating most of the configuration within the F5 iApps Templates of BIG-IQ, the provisioning process can be dramatically shortened to a few hours. Additionally, basing deployments on existing iApps Templates ensures consistent service definitions and mitigates the possibility of introducing errors through misconfiguration.

screen shot
Figure 4: Packaged integration with VMware vCloud Director and vCloud Networking and Security enables seamless provisioning via a unified management console, regardless of the number of tenants involved or how different the needs of each.

Similar pre-packaged integration is currently available for Amazon EC2 to support effective cloud bursting and economic cloud-bursting architectures with the ability to manage from a single console.

BIG-IQ Cloud discovers virtual editions of BIG-IP ADCs that are running in different clouds via cloud connectors. It can then manage, monitor, and configure these virtual editions as part of the overall BIG-IP ADC fabric. BIG-IQ Cloud Connectors enable tenants to target applications to run in private, public, or hybrid clouds, delivering the ability to create secure, accelerated tunnels between clouds for bursting and on-demand capacity architectures. Since that capacity is consistently managed on top of the ADC fabric, application service owners gain confidence that their network topology, health monitors, and application delivery integration exists on each cloud endpoint.

BIG-IQ Cloud customers can also leverage the REST API to build custom connectors for their existing cloud orchestration platforms.

diagram
Figure 5: The F5 BIG-IQ Cloud Connector architecture shortens the provisioning process for application delivery via both private and public clouds.

The BIG-IQ Cloud Portal

The BIG IQ Cloud portal provides a user interface for provisioning virtualized network services such as high availability and web acceleration. The BIG-IQ Cloud portal can automatically discover iApps deployed for BIG-IQ Cloud on BIG-IP devices and create a catalog that can be customized to support a variety of tenants. This allows administrators to provision a complete set of application network services along with each application, ensuring that the applications are operational in minutes as well as forming the foundation for tenant self-service deployment.

The BIG-IQ Cloud portal offers both a provider and a tenant view. Views offer a catalog of network services and enable tenants to self-provision application network services appropriate to their business requirements. This capability reduces provisioning time from weeks to minutes, eliminating lengthy delays that impede business flexibility. Each view exposes only specified services; application network services exposed to the tenant are controlled through role-based access control (RBAC) services.

The BIG-IQ Cloud portal allows management of:

  • Catalog— Provide a list of available deployments comprising an application and its associated application network services.
  • Application— Obtain the holistic view of a specific application deployment.
  • Tenant— Administer access and services for business or operational stakeholders responsible for deploying applications.
  • Cloud Connector— Enable integration with third-party orchestrators and cloud management frameworks.
  • Device— Track, configure, and update BIG-IP physical or virtual devices.

Only applications and BIG-IQ Cloud Connectors are accessible to tenants. All other elements are available only to the provider. In addition, tenants are bound by the application parameters specified by the provider upon creation of the iApps Template. For example, one tenant may see only HTTP applications while another may be allowed HTTP and HTTPS (SSL).

This simplifies the deployment of application network services by reducing the number of parameters required and enabling providers to ensure consistent base deployments appropriate for their environments. For instance, providers can specify network and application security constraints that protect both the provider and the tenant from attacks.

Monitoring is provided to tenants as a service, offering visibility into the health and performance of the infrastructure and cloud connections. This improved visibility arms tenants with the data necessary to establish the appropriate delivery policies for elasticity and improved use of resources.

BIG-IQ Cloud iApps Lifecycle Management

BIG-IQ Cloud iApps Lifecycle Management is the way in which F5 iApps are managed from creation to decommissioning. It allows basic operations such as create, read, update, and delete (CRUD) on F5 iApps and provides visibility into the health and status of services associated with a given iApps Template.

iApps Lifecycle Management uses the BIG-IQ Cloud API and/or the BIG-IQ Cloud portal for:

  • Application discovery.
  • Application customization.
  • Application configuration changes.
  • Application service decommissioning.
  • Configuring or customizing of the application once it's in BIG-IQ Cloud.
  • Deploying application services to multiple BIG-IP devices through the BIG-IQ Cloud interface.

BIG-IQ Cloud Service Health Monitoring

BIG-IQ Cloud service health monitoring tracks and reports the health of application network services across both provider and tenant views. It enables status-based reporting, providing the visibility administrators need to troubleshoot issues and assist in fault isolation planning. This feature is particularly important for organizations extending into public cloud environments where visibility can be severely limited, which increases the time to pinpoint the causes of poor performance or application faults.

Conclusion

CDW'S 2013 State of the Cloud Report indicated that the three biggest barriers to continued cloud adoption were concerns with security (46 percent), performance (32 percent), and integration (25 percent). These concerns are driven in part by the apparent requirement that organizations must relinquish control over delivery of applications when deployed in cloud environments.

With F5 BIG-IQ Cloud, organizations maintain control while simultaneously simplifying cloud-based architectures, whether on or off the premises. Its unique ability to integrate with public and private cloud environments while offering converged management ensures better visibility, control, and flexibility over the application network services needed to maintain application performance and security, regardless of location.

Pre-packaged connectors to the most popular orchestration and cloud environments eliminate concerns over integration with third-party frameworks and hasten implementation and deployment. By ensuring interoperability with public cloud provider frameworks, these connectors make cloud bursting for on-demand capacity a reasonable option for business and operational stakeholders.

F5 BIG-IQ Cloud encompasses the cloud computing paradigm and enables the IT department to embrace the shift to being a services-based organization without relinquishing the control necessary to ensure the security, performance, and reliable delivery of applications.