A strategy is a planning document that sets a direction for future work to
ensure that you end up where you want to be. A strategy allows you to see the
wood, despite the trees. A strategy is often used as a management tool for
securing the resources needed to get there
IT is now part of the business and forward looking organisations will have
senior IT people responsible for helping devise the Corporate Business
This will include discuss for the next few years how it intends to grow and
maintain the business. It may mean doing things like:
Starting new business lines Expanding new business areas, new locations,
products enhancements Adding new distribution channels Making better use of
existing customer to cross sell Reducing costs Stopping businesses Regulatory
Technology needs to ensure business are agile that can mee... (more)
The mad dash to connect virtually every noun to the internet or the Internet
of Things is creating a massive M2M network for all the devices, systems,
sensors and actuators to connect & communicate on the Internet.
With that, they need a communications protocol to understand each other. One
of those is Message Queue Telemetry Transport (MQTT). MQTT is a “subscribe
and publish” messaging protocol designed for lightweight machine-to-machine
(or IoT) communications.
In this episode of Lightboard Lessons, I light up how MQTT works.
IoT Ready Infrastructure IoT Effect on Applications IoT Influence on Society
What are These "Things? The Intruders of Things
Internet of @ThingsExpo, taking place June 6-8, 2017 at Javits Center, New
York City, is co-located with 20th International @CloudExpo and will feature
technical sessions from a rock star conference facult... (more)
The origins of SAP GRC software goes back decades, but adoption has been
slow. But with the rigor of modern compliance regimes like SOX, coupled with
the sheer volume and complexity of online transactions, there's been an
accelerating movement away from document-centric review processes to
automation. There are a variety of SAP process control and access control
solutions that can monitor transactions, alert on potential SOD conflicts,
and facilitate remediation.
Companies implementing GRC software stick segregation of duties in IT for
IT handles the Basis administration, which implements the security model They
understand security concepts like the principle of least privilege Often,
they're the only ones who can make heads or tails of the SAP GRC software
But in reality, sticking segregation of duties in IT is asking for trouble.
Why Keep... (more)
The term ‘Proxy’ is a contraction that comes from the middle English word
procuracy, a legal term meaning to act on behalf of another.
In networking and web traffic, a proxy is a device or server that acts on
behalf of other devices. It sits between two entities and performs a service.
Proxies are hardware or software solutions that sit between the client and
the server and do something to requests and sometimes responses.
In this Lightboard Lesson, I light up the various types of proxies.
Encrypted malware vs. F5’s full proxy architecture The Concise Guide to
Proxies The Full-Proxy Data Center Architecture Three things your proxy
can’t do unless it’s a full-proxy Back to Basics: The Many Modes of
How to share an APM session across multiple access profiles.
A common question for someone new to BIG-IP Access Policy Manager (APM) is
how do I configure BIG-IP APM so the user only logs in once.
By default, BIG-IP APM requires authentication for each access profile.
This can easily be changed by sending the domain cookie variable is the
access profile’s SSO authentication domain menu.
Let’s walk through how to configure App1 and App2 to only require
We’ll start with App1’s Access Profile.
Once you click through to App1’s settings, in the Top menu, select SSO/Auth
For the Domain Cookie, we’ll set the value to f5demo.com since App1 and
App2 use this domain and it is a FQDN. Of course, click Update.
Next, we’ll select App2’s Access Profile. Like App1, we select SSO/Auth
Domains and set the Domain Cookie value to f5demo.com.
To make sur... (more)
As more organizations deploy IoT applications in their data centers and
clouds, they’re going to need their ADC to understand the unique protocols
these devices use to communicate.
In this Lightboard Lesson, I light up how IoT protocol MQTT (Message Queuing
Telemetry Transport) works on BIG-IP v13. iRules allow you to do Topic based
load balancing along with sensor authentication. And if you missed it, here
is the #LBL on What is MQTT?
Lightboard Lessons: What is MQTT? Security Trends in 2016: Securing the
Internet of Things The Intruders of Things The IoT Ready Platform Using F5
BIG-IP with IBM MessageSight
High Availability of applications is critical to an organization’s
On BIG-IP, HA Groups is a feature that allows BIG-IP to fail over
automatically based not on the health of the BIG-IP system itself but rather
on the health of external resources within a traffic group. These external
resources include the health and availability of pool members, trunk links,
VIPRION cluster members or a combination of all three. This is the only cause
of failover that is triggered based on resources outside of the BIG-IP.
An HA group is a configuration object you create and assign to a traffic
group for devices in a device group. An HA group defines health criteria for
a resource (such as an application server pool) that the traffic group uses.
With an HA group, the BIG-IP system can decide whether to keep a traffic
group active on its current device or fail over the traff... (more)
BIG-IP can manage application-specific network traffic in a variety of ways,
depending on the protocols and services being used. On BIG-IP, Profiles are a
set of tools that you can use to intelligently control the behavior of that
In this Lightboard Lesson, I light up the BIG-IP Profiles. What they are,
what they do and why you should care.
Lightboard Lessons: BIG-IP Basic Nomenclature Lightboard Lessons: Device
Azure Resource Manager (ARM) templates allow you to repeatedly deploy
applications with confidence. The resources are deployed in a consistent
state and you can easily manage and visualize resources for your application.
ARM templates take the guesswork out of creating repeatable applications and
environments. Deploy and deploy again, consistently.
Let’s walk through how to deploy a simple, single-NIC configuration of
BIG-IP VE in Microsoft Azure using an ARM template.
First, go to the F5 Networks Github site where we keep our supported
templates. There are other community-based templates at
www.github.com/f5devcentral if needed but for F5 supported templates, go to
the F5 Networks site.
To view Azure templates, click f5-azure-arm-templates. In that folder
you’ll see experimental and right under that is supported (the one you
Then click on the standalon... (more)
Patrik Jonsson lives in Stockholm with his wife and son and works as a
network engineer for a company providing online casino games across the
Outside work, he likes to spend time with his family, play around with his
home VMware lab and enjoys watching movies. He also loves travelling and
having a beer with friends.
Patrik is also a 2017 DevCentral MVP and DevCentral’s Featured Member for
April! DevCentral got a chance to talk with Patrik about his work, life and
his project the BIG-IP Report.
DevCentral: You’ve been a very active contributor to the DevCentral
community and wondered what keeps you involved?
Patrik: One of the best, and fun ways to learn new things is to take on
problems, or discussions presented by fellow technicians. It forces you to
continuously challenge what you think you know and keeps your knowledge up to
date. In addition, when I ne... (more)
As more organizations use APIs in their systems, they’ve become targets for
the not-so-good-doers so API Security is something you need to take
seriously. Most APIs today use the HTTP protocol so organizations should
protect them as they would ordinary web properties.
Starting in v13, BIG-IP APM is able to act as an OAuth Client, OAuth Resource
Server and OAuth Authorization Server. In this example, we will show how to
use BIG-IP APM to act as an OAuth Resource Server protecting the API.
In our environment, we’ve published an API (api.f5se.com) and we’re
trying to get a list of departments in the HR database. The API is not
natively protected and we want APM to enable OAuth protection to this API.
First, let’s try an unauthenticated request.
You can see we get the 401 Unauthorized response which is coming from the
BIG-IP. In this instance we’re only sending 3 header... (more)