Modernizing Applications by Replacing F5 with the NGINX Application Delivery Controller and Signal Sciences
Nginx
1,192 views
49 slides
Feb 20, 2019
Slide 1 of 49
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
About This Presentation
F5’s rigid and centralized approach to load balancing and web application firewall (WAF) prevents enterprises from modernizing their applications. In this webinar we describe how replacing or augmenting your F5 deployment with the NGINX application delivery controller and Signal Sciences helps red...
Slide Content
Modernizing Applications by Replacing F5 with NGINX Application Delivery Controller and Signal Sciences
Who are we? Karthik Krishnaswamy Director, Product Marketing , NGINX James Wickett Head of Research, Signal Sciences
Introduction Industry trends that are disrupting F5 Challenges with legacy WAF solutions Resolving Challenges with Signal Sciences – WAF For the Modern Era Three options to gracefully move away from F5 Beyond F5 Customer success story: AppNexus Summary 1 2 3 4 5 6 7 8 Agenda
5
What is Signal Sciences? 6 Next Gen Web Application Firewall Native integration with NGINX Plus OWASP coverage plus Application DDoS Account takeover Application abuse Rate limiting Bad bots Virtual patching Minimal tuning needed 95% of customers in blocking mode
Introduction Industry trends that are disrupting F5 Challenges with legacy WAF solutions Resolving Challenges with Signal Sciences – WAF For the Modern Era Three options to gracefully move away from F5 Beyond F5 Customer success story: AppNexus Summary 1 2 3 4 5 6 7 8 Agenda
Industry Trends Disrupting F5 8 Legacy Modern Development Methodology Waterfall Development DevOps Application Architecture Monolithic Applications Microservices Compute Infrastructure Bare metal/VMs Containers, Cloud Attack Vectors OWASP Top 10 API abuse, Bots Account Takeovers, L7 DDoS “The market is moving away from [F5], and is not coming back” – Tip Chowdry , Analyst, Global Equities Research
Trend 1: Dev Ops 9 Close to 50% organizations are implementing DevOps – Forrester Benefits of DevOps Rapid innovation due to high feature velocity Improved agility Greater stability and reliability
Dev Ops: NGINX Plus vs F5 10 Where F5 comes up short: Takes weeks to resolve IT tickets to get a simple application update deployed Still very manual process of stepping through UI VLANS, IPs, and other networking config exposed for each virtual server Why NGINX Plus is the better choice: Fully automatable, no need to file IT tickets Works with all DevOps tools No VLANs or IPs per virtual server “It takes 2 weeks to get an F5 modification from the networking team. You know how long it takes us to change NGINX? It takes 30 seconds to make the change in GitHub, and then we run the Ansible script. Ta-da, production.” – Engineer at large telco company
Trend 2: Public Cloud 11 Benefits of Cloud: Efficiency: Consumption based resource allocation and pricing Improved agility Easy to achieve scale 73% of organizations have at least one application in the cloud* *2018 Cloud Computing Survey by IDG
Public Cloud: NGINX Plus Vs F5 12 Where F5 comes up short: SaaS companies taking business, no need to load balance Exchange servers if using Office 365 More expensive than hardware appliances, don’t want to cannibalize hardware sales 5 Gbps throughput limit with pre-built AMIs Throughput limits requires license upgrade, can’t scale up or down as needed Why NGINX Plus is the better choice: Biggest NGINX Plus customers are SaaS companies NGINX Plus is cloud-native software 40% AWS deployments use NGINX Plus No throughput limits, site licensing to scale up and down as needed “We need to manage applications on top of any infrastructure platform, including AWS, Microsoft Azure, and other cloud platform providers. NGINX Plus provides us the flexibility to deliver applications across different infrastructure options.” – Nate Johnson, CEO and Founder at Reliam
Trend 3: Microservices 13 86 percent expect microservices to be the default architecture within five years.* *Global Microservices Trends Report by LightStep Benefits of Microservices: Resilient applications Reusability and Scalability Improved agility
Microservices: NGINX Plus vs F5 14 Where F5 comes up short: No container option No true Kubernetes Ingress Controller solution Heavyweight, not portable Why NGINX Plus is the better choice: Can run in containers, top downloaded application on Docker Hub Supported Kubernetes Ingress Controller Lightweight and portable “As we moved to microservices we’ve realized that we needed a much smarter way of routing pages to our applications...We realized that NGINX Plus, with its better support, with its DNS resolving, and the advanced metrics that we get now is the way forward. NGINX Plus allowed us to get to the final mile.” – John Cleveley , Senior Engineering Manager, BuzzFeed
15
16 Sources: Gartner, Verizon Trend 4: Web App Attacks Are the #1 Source of Data Breaches Web App Attacks POS Intrusions Miscellaneous Errors Privilege Misuse Cyber - Espionage Everything Else Payment Card Skimmers Physical Theft / Loss Crimeware Denial Of Service 908 525 197 172 155 125 86 1 49 56 20% 10% 40% 30% Percent of Breaches Less Than 5% of data center security budgets are spent on AppSec
17
A New App Landscape 18 Legacy WAF is an Outdated Technology WAFs of the 1990s were simple, designed for monolithic web applications WAF was added as a bolt-on functionality to choke points in the network: CDN & load balancers Expensive to operate and maintain with hundreds of rules to tune and adjust for false positives “A multi-cloud strategy will become the common strategy for 70% of enterprises by 2019, up from less than 10% in 2017.” – Gartner
Introduction Industry trends that are disrupting F5 Challenges with legacy WAF solutions Resolving Challenges with Signal Sciences – WAF For the Modern Era Three options to gracefully move away from F5 Beyond F5 Customer success story: AppNexus Summary 1 2 3 4 5 6 7 8 Agenda
The Visibility Problem 20 You Can’t Respond to What You Can’t See Black-box decisioning with no way to determine accuracy No developer or operations access Minimal integrations into today’s DevOps toolchains “We can see requests getting blocked but we don't know why. The samples just show the Ruleset name and not the actual reason for blocking the requests.” – WAF User
21
The Scalability Problem 22 Difficult to Deploy and Manage with Depreciating Value Over Time Rely on inline architecture which is slow and inefficient Require endless new signatures and tuning Can’t support multiple CDNs Are expensive to deploy and maintain
Introduction Industry trends that are disrupting F5 Challenges with legacy WAF solutions Resolving Challenges with Signal Sciences – WAF For the Modern Era Three options to gracefully move away from F5 Beyond F5 Customer success story: AppNexus Summary 1 2 3 4 5 6 7 8 Agenda
See 24 Self-Serve Security Data Makes Your Team Security Self-Sufficient Insights and real-time attack data on Who, What, When, Where and How Make security a developer tool See attacks on production apps and APIs via existing DevOps toolchains
Secure 25 95% of Signal Sciences Customers Are in Blocking Mode Across All Attack Types in Production Power Rules go beyond OWASP injection attacks Signal Sciences NLX performs network learning to surface suspicious events across our network SmartParse performs dynamic, application-specific detections
Scale 26 Easy Deployment and Management with the Fastest Time-to-Value in the Industry Architecture agnostic Installs in minutes Requires no ongoing maintenance as apps change CLOUD CONTAINERS CONFIG MANAGEMENT WEB SERVERS PLATFORMS LANGUAGES API SERVERLESS
27 See, Secure, and Scale across: Active Protection Everywhere Any Attack OWASP Injection Attacks PLUS: Application DDoS Brute Force Attacks Application Abuse & Misuse Request Rate Limiting Account Takeover Bad Bots Virtual Patching Any DevOps Toolchain INCLUDING: Generic Webhooks & Any Custom Tools via Full RESTFul /JSON API Any App Cloud Containers , PaaS & Serverless Web Servers & Languages Gateways & Proxies
Introduction Industry trends that are disrupting F5 Challenges with legacy WAF solutions Resolving Challenges with Signal Sciences – WAF For the Modern Era Three options to gracefully move away from F5 Beyond F5 Customer success story: AppNexus Summary 1 2 3 4 5 6 7 8 Agenda
1. NGINX Plus Behind F5 29 Easiest way to introduce NGINX Plus into your network F5 layer 4 load balances to NGINX Plus Can start small with one application being behind NGINX Plus and then expand
2. NGINX Plus Alongside F5 30 Parallel NGINX Plus deployment Good architecture if adopting public cloud while still keeping private datacenter Can also start small with one application being behind NGINX Plus and then expand
3. NGINX Plus Instead of F5 31 F5 completely decommissioned, use NGINX Plus for all load balancing Previous 2 architectures are intermediaries to this eventual goal
Introduction Industry trends that are disrupting F5 Challenges with legacy WAF solutions Resolving Challenges with Signal Sciences – WAF For the Modern Era Three options to gracefully move away from F5 Beyond F5 Customer success story: AppNexus Summary 1 2 3 4 5 6 7 8 Agenda
Micro Load Balancers 33 Load balancer per application Load balancer per customer for SaaS providers Configuration stored along with application in GitHub Fully portable
Kubernetes Ingress Controller 34 NGINX runs in 2/3rs of Kubernetes environments. Lightweight footprint makes it ideal for containerized environments
Application Delivery Module for NGINX Controller 35
Key Capabilities of Application Delivery Module 36 Load balancer management at scale Real-time monitoring & alerting Simplified configuration management Customizable dashboards Best practice recommendations Multi-cloud support Learn more: nginx.com/products/nginx-controller
API Gateway 37 40% of deploy NGINX instances are used as API gateway Capital One handles 12 billion transactions per day with NGINX API gateway F5 BIG-IP cannot be used as an API gateway
API Management Module for NGINX Controller 38
Key Capabilities of Application Delivery Module 39 API Definition & Publication Rate Limiting Authentication & Authorization Real-time monitoring & alerting Customizable dashboards Multi-cloud support Learn more: nginx.com/products/nginx-controller
Hybrid SaaS Architecture: Fast Local Decisions Plus the Power of Cloud 40 Optimized local detection via SmartParse , eliminating false positive decisions Decisioning is enriched by Cloud Engine intelligence – not signatures Fail-open design avoids app downtime shut-downs and blocked access
Signal Sciences and NGINX Plus
Signal Sciences Beat Out F5 and All Other WAFs 42
Introduction Industry trends that are disrupting F5 Challenges with legacy WAF solutions Resolving Challenges with Signal Sciences – WAF For the Modern Era Three options to gracefully move away from F5 Beyond F5 Customer success story: AppNexus Summary 1 2 3 4 5 6 7 8 Agenda
44 “Moving to the next generation of F5 hardware was going to cost more than $1M per data center. NGINX Plus gave us 50% more transactions per server, for one-sixth the price. We’re now 100% hardware free.” – Senior Networking Leader, AppNexus ROI
45 Gartner Peer Insights What our customers are saying Unlike the majority of WAF products out there, Signal Sciences does not need hundreds of stateful rules to function properly. We were able to get Signal Sciences up and running within a few days and only required 10 or so rules to get configured and running in full-block mode. – Head of Information Security, Infrastructure & IT, Finance Industry Signal Sciences is by far the only security product I've used that was not only simple to install, but also simple to use. We went from a POC to purchase in just weeks (usually it takes months) and once we installed it, we instantly put the WAF into blocking mode as it did such a good job without false positives. – Senior Security Engineer, Communications Industry Web Application Firewalls have historically been a tricky piece of technology to leverage in existing environments; Signal Sciences' approach means less operational overhead in getting it working and more time being spent leveraging the data it provides. – Security and Risk Management, Healthcare Industry Reviews from enterprise peers—verified by Gartner
Introduction Industry trends that are disrupting F5 Challenges with legacy WAF solutions Resolving Challenges with Signal Sciences – WAF For the Modern Era Three options to gracefully move away from F5 Beyond F5 Customer success story: AppNexus Summary 1 2 3 4 5 6 7 8 Agenda
Summary 47 F5 BIG-IP is the aging veteran of the tech industry The market has moved away from F5, and they have not kept up Embrace DevOps, Cloud and Microservices by replacing F5 with NGINX ADC and Signal Sciences Three ways to replace F5 BIG-IP with NGINX Plus AppNexus saved over 50% while getting the benefits of a software solution by replacing F5 BIG-IP with NGINX Plus
Download Our Free Ebook 48 How to migrate F5 BIG-IP configuration and iRules to NGINX, with detailed examples How to pick out a standard x86 server How to install and configure Linux Why you should go with a software load balancer, and not hardware Download now: nginx.com /resources/library/f5-big-ip-nginx-migration-guide/
Q&A Try NGINX Plus free for 30 days: nginx.com/free-trial-request Try NGINX Controller ADC free for 30 days: nginx.com/products/ nginx -controller/#free-trial-controller
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,192
- Slides 49
- Favorites 2
- Age 2479 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
49 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
48 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
23 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views