F5 Application Connector
Enable Application Services Insertion Across Multi-Cloud Deployments

Overview:

As more applications migrate to the cloud and are born in the cloud, it’s becoming more difficult to maintain network requirements and consistent application policies. In addition, many architects are unaware of the amount of public cloud apps deployed, the current configurations and services for those apps, and how to discover apps in flight. According to the 2017 State of Application Delivery report, 38 percent of respondents find the public cloud strategically important and 32 percent are investing in future deployment.

F5 Application Connector is an add-on to the F5 BIG-IP platform, enabling services insertion for public cloud applications. In addition, it acts as a cloud proxy instance for securely connecting public clouds to an organization’s application service infrastructure within cloud interconnects (colocations) or data centers. This enables the use of public cloud resources as part of an organization’s compute infrastructure. Application Connector also performs workload discovery within the Amazon Web Services (AWS) and Azure public cloud, and provides a secure connection back to interconnect services or data centers—allowing application services insertion on the BIG-IP platform.

Key Benefits

Automatically discover public cloud apps
Application Connector automatically discovers AWS and Azure public cloud workloads and securely connects them to your cloud interconnect or data center infrastructure.

Enable interconnect app services insertion
Gain full control of cloud app delivery services such as SSL security and app protection—for all public cloud apps managed in one interconnect location. Reduce footprint by obfuscation of cloud apps from clients and consolidate cloud SSL key management on the BIG-IP appliance.

Extend app services across public clouds
Flexibly extend app delivery and security services across multiple public clouds and avoid cloud provider lock-in. Leverage service continuity by using consistent services insertion.

Consolidate app services for multi-cloud deployments
Lift and shift apps without sacrificing security. Consolidate app delivery and security services for born-in-the-cloud deployments. Use the only solution that automates AWS and Azure public cloud workload discovery and enables common app services across multi-clouds.

Deploying Apps Across Public Cloud Environments

By 2020, 68 percent of the cloud workloads will be in public cloud data centers, according to the Cisco Cloud Index report. Developers and operations are moving apps to the public cloud for a variety of benefits including scale, flexibility, agility of services, distributed architecture, and cost reductions.

However, the public cloud brings new challenges to solve such as encryption, attack protection, access, and high availability. IT departments are moving critical apps to public clouds that need to meet security and performance requirements.

Managing Apps in Multi-Cloud Deployments

As critical apps move to public clouds, organizations are leveraging interconnection services at colocation providers for direct public cloud access. Though, application delivery and security services across public cloud providers is disparate and varied—compared to onpremises and private cloud solutions.

Some of these application services are hard to replicate, control, or run inexpensively enough inside on-demand clouds. Security services such as SSL intercept, web application firewalls (WAFs), next-gen. firewalls, and access control solutions can be expensive to install and orchestrate across a distributed cloud infrastructure. These services can also require complex network designs not offered by all cloud providers. Creation of a cloud interconnect at a colocation provider is a way to equally service public cloud apps with a common services infrastructure.

Automatically Discover Public Cloud Apps

Application Connector performs workload discovery in the AWS and Azure public cloud, automatically connecting the BIG-IP platform with deployed application instances. You can orchestrate app integration across all public cloud providers. Application Connector securely connects public clouds to an organization’s cloud interconnect or data center infrastructure. This enables the use of cloud workloads as part of the organization’s compute infrastructure.

Features:

Application Connector Service Center on BIG-IP platform

• Application service management
• Real-time logging and statistics
• Multi-path workload discovery
• Health monitoring for HTTP(s)/TCP services
• Active/Standby HA support
• Touchless recoverability
• Service API

Application Connector proxy in public cloud

• Secure TLS ECC encryption
• AWS and Azure workload auto-discovery
• Manual workload definition and state management
• Touchless recoverability
• Service API

Deployment:

Enable Interconnect App Services Insertion

With Application Connector, you can easily insert application delivery and security services at the interconnect or data center to meet your requirements.

• Automatically discover public cloud-hosted workloads in AWS and Azure.
• Securely connect all public cloud apps to interconnect services at the colocation provider, or physical or virtual data center.
• Simplify deploying app services such as SSL encryption, attack mitigation, and access control.
• Enable services continuity when migrating workloads to pure in-cloud deployments.
• Ensure consistency of configurations across all environments.
• Reduce public footprint by obfuscation of IP addresses, lowering the attack surface.

Application Connector helps you easily search and find public cloud-hosted workloads in AWS and Azure. Securely connect all public cloud apps, and insert app delivery and additional security services such as SSL. Provide consistency across app deployments, and securely maintain sensitive SSL keys from a central location.

Extend and Consolidate App Services for Multi-Cloud Deployments

Creating a cloud interconnect enables an easy extension to service public cloud workloads. After completing public cloud workload discovery and secure connectivity, you can:

• Encrypt public cloud apps within the cloud interconnect with hardware performance while retaining keys owned on the BIG-IP platform. Your SSL intercept services will remain under your control in a secure location. In addition, FIPS and other compliance capabilities are available within an interconnect provider’s facilities.
• Lift and shift your apps with confidence without sacrificing best practice configurations. Mitigate attacks on public cloud apps by extending security services. With Application Connector, insert security services such as WAF, DDoS protection, and SSL encryption from within your data center or interconnect colocation facility.
• Insert access control policy services for applications hosted across multi-cloud deployments. In addition, enable SSO with OAuth along with SAML insertion for authorized multiple application access.
• Keep your app configuration when you deploy born-in-the-public-cloud applications. Application Connector enables app services insertion across all your public cloud applications, while leveraging BIG-IP hardware and virtual editions (VEs).

Platforms:

BIG-IP Platforms

Only F5’s next-generation, cloud-ready ADC platform provides agility with the scale, security depth, and investment protection needed for both established and emerging apps. BIG-IP iSeries appliances deliver quick and easy programmability, ecosystemfriendly orchestration, and record-breaking, software-defined hardware performance. Customers can now accelerate private clouds and secure critical data at scale while lowering TCO and future-proofing their application infrastructures. F5 solutions can be rapidly deployed via integrations with open source configuration management tools and orchestration systems.

BIG-IP virtual edition (VE) software runs on commodity servers and supports the broadest range of hypervisors and performance requirements. VEs provide agility, mobility, and fast deployment of app services in software-defined data centers and cloud environments.

Application Connector Availability and Performance

Application Connector comes with two images. The first image, Application Connector Service Center, is available as an add-on for BIG-IP platforms. The second image is the Application Connector proxy instance, available for deployment in public clouds. It provides dashboard reporting of connection and node instance status. Application Connector Service Center runs on any BIG-IP v13.0 and higher. The Application Connector proxy instance runs as an agent on top of a Linux cloud instance.

Licenses and Services:

Simplified Licensing

Meeting your applications’ needs in a dynamic environment has never been easier. One of the unique ways to license is F5’s Best + Application Connector Bundle for iSeries appliance. This provides you with the flexibility to provision advanced modules on demand, at the best value. Separately, there is no charge to download Application Connector on BIG-IP devices and upload into the public cloud. Application Connector is licensed by public cloud instances connected to the BIG-IP platform.

• Decide the right F5 solutions for your applications’ environment.
• Provision the modules needed to run your applications.
• Implement complete application flexibility with the ability to deploy your modules on physical and virtual platforms.

F5 Global Services

F5 Global Services offers world-class support, training, and consulting to help you get the most from your F5 investment. Whether it’s providing fast answers to questions, training internal teams, or handling entire implementations from design to deployment, F5 Global Services can help ensure your applications are always secure, fast, and reliable.

Documentation:

Download the F5 Application Connector Datasheet (.PDF)