SlideShare a Scribd company logo

Securing Your Apps & APIs in the Cloud

O
Olivia LaMar

Hybrid and multi-cloud architectures are becoming the expected standard for architecture teams to buildout and for operations teams to maintain and deploy. Ever faster DevOps workflows are now an expectation for any digital enterprise, not a goal. And the code DevOps teams are pushing out is typically now packaged in containers, creating an increasingly distributed application landscape. So how can organizations still practice effective application security policy without impacting or crippling their modernization initiatives? NGINX can help with that. These slides will cover: NGINX Plus as an integrated, cloud-native Load Balancer and API Gateway in NGINX Plus NGINX App Protect as the new cloud-native WAF extension for NGINX Plus Demo of both working in tandem to set: Edge routing policy Edge Security Policy And Extending down to Granular, Per-App Security Policy

Technology
1 of 35
Download to read offline
Securing Your Apps & APIs in the Cloud VIRTUAL EVENT Aug 13th, 2020
| ©2020 F5 NETWORKS - CONFIDENTIAL2
| ©2020 F5 NETWORKS - CONFIDENTIAL3
| ©2020 F5 NETWORKS - CONFIDENTIAL4
| ©2020 F5 NETWORKS - CONFIDENTIAL5
| ©2020 F5 NETWORKS - CONFIDENTIAL6 The Cloud Offers Promise
| ©2020 F5 NETWORKS - CONFIDENTIAL7 More Specifically…
| ©2020 F5 NETWORKS - CONFIDENTIAL8 VirtuallyAll Managed CloudApp Delivery and WAF ServicesAre Actually Managed Versions of… & But with a limited subset of config options exposed for both Legacy workloads are difficult to migrate without fully refactoring your apps first, increasing migration time and decreasing the chance of success And the limited feature set exposed is often lacking key needed functionality for greenfield apps as well
| ©2020 F5 NETWORKS - CONFIDENTIAL9 And each cloud provider tends to tightly couple services with their own cloud
| ©2020 F5 NETWORKS - CONFIDENTIAL10 Flexibility – Same configurations and software in every environment, and can be used to solve many different potential problems Simplicity – Potential for a single platform for App Delivery and Security to manage and monitor. Strategic Outcomes – Solve application routing and security problems once NGINX Plus RunsAnywhere
The NGINX Application Platform A suite of products that together form the core of what organizations need to create applications with performance, reliability, security, and scale. 11 The NGINX Application Platform is a suite of products that together form the core of what organizations need to create applications with performance, reliability, security, and scale. The NGINX Application Platform includes NGINX Plus for load balancing and application delivery, the NGINX WAF for security, and NGINX Unit to run the application code, all monitored and managed by NGINX Controller. Ingress Controller
| ©2020 F5 NETWORKS - CONFIDENTIAL12 12 NGINX Plus R22 Dynamic Application Gateway, unifying: • Load Balancer • API Gateway • Kubernetes IC • Cache Proxy • And more… Key R22 features: • OCSP Support • OIDC w/Multiple IDP’s • Enhanced OIDC metrics • Enhanced rate and connection limiting metrics • Nginx JS Support for Raw Header Object • And more…
NGINX Plus CHRIS AKKER TECHNICAL SOLUTIONSARCHITECT NGINX
| ©2020 F5 NETWORKS - CONFIDENTIAL14 FEATURES COMPARISON CONFIDENTIAL NginxPlus vs CloudLBs • Advanced L7 routing • Layer 4 & Layer 7 mixed • Dynamic Reconfiguration– No downtime • 120 Realtime L4-L7statistics • K-V Memory Store • HighAvailability options • Authenticationoptions • Rate Limiting • Advanced Caching • Health Checks • UpstreamAPI • CLI access • App Protect WAFoption ( New ) • Kubernetes Ingress Controller option • Cost
| ©2020 F5 NETWORKS - CONFIDENTIAL15 15 • NGINX commonly used as Ingress Controller • Dynamic reconfiguration of endpoints (no configuration reloading - downtime) • Move Layer7 logic closer to the App, managed by DevOps • Additional metrics, provided by a streamlined Prometheus exporter • Dedicated Helm chart repository • Support for Custom resources to expose more NGINX Plus features • Health checks Nginx Plus Kubernetes Ingress Controller An advancedLayer 7 load-balancingsolution for exposingKubernetes Services
kubernetes/ingress-nginx • Kubernetes community • Custom NGINX build based on OpenResty/LUA that includes third-party code • Community support only nginxinc/kubernetes-ingress • NGINX Inc Commercial software • NGINX Plus KIC • Significant Performance Increase • Enterprise support NGINX Ingress Controllers
Demo Highlights ENVIRONMENT OVERVIEW NGINX PLUS DASHBOARD OVERVIEW DYNAMIC SCALING / RECONFIGURATION DYNAMIC LOAD BALANCING PROMETHEUS / GRAFANA INTEGRATION
DemoArchitecture 3-node Kubernetes cluster, NginxPlus Ingress Controllers, for URL path routing with TLS. coffee service tea service pod pod example.com/coffee example.com/tea LoadBalancer (CloudProvider) Ingress Ingress K8s 3- node Cluster
| ©2020 F5 NETWORKS - CONFIDENTIAL19 MORE INFORMATION AT NGINX.COM Demo Config of the IngressController • Kind = Ingress • Host = Host Header • TLS = True • Layer 7 url Path Routing • /tea and /coffee • Health Checks apiVersion: extensions/v1beta1 kind: Ingress metadata: name: cafe-ingress spec: tls: - hosts: - cafe.example.com secretName: cafe-secret rules: - host: cafe.example.com http: paths: - path: /tea backend: serviceName: tea-svc servicePort: 80 - path: /coffee backend: serviceName: coffee-svc servicePort: 80
| ©2020 F5 NETWORKS - CONFIDENTIAL20 ● NGINX Ingress Controller https://github.com/nginxinc/kubernetes-ingress/ ● Examples https://github.com/nginxinc/kubernetes- ingress/tree/master/examples-of-custom-resources ● Testing the Performance of the NGINX Ingress Controller for Kubernetes https://www.nginx.com/blog/testing-performance-nginx-ingress-controller- kubernetes/ ● Release 1.8.0 blog post https://www.nginx.com/blog/announcing-nginx-ingress- controller-for-kubernetes-release-1-8-0/ Try it out
NGINX App Protect DANIEL EDGAR TECHNICAL PRODUCT MANAGER NGINX
| ©2020 F5 NETWORKS - CONFIDENTIAL22 0 2000 4000 6000 8000 10000 12000 14000 16000 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 YoY Increase in CVEs Note: Excludes any rejections or disputes. New vulnerabilities are discovered in all manner of software all the time They are exploited by both malicious bots and human attackers Do you know how many affect your application stack(s)? Can you keep up with the pace of published vulnerabilities? Do you want to?
| ©2020 F5 NETWORKS - CONFIDENTIAL24 How do you protect apps? Active attacks Vulnerabilities Risk and address compliance
| ©2020 F5 NETWORKS - CONFIDENTIAL25 Strong App Security Built for Modern Apps CI/CD Friendly NGINX App Protect
| ©2020 F5 NETWORKS - CONFIDENTIAL26 Declarative Policy Helps CI/CD Motion INFRASTRUCTURE AND SECURITY AS CODE SourceCode Repository CI/CD Pipeline Tool IT Automation Applicationcode/config forApp X security policy/config forApp X Pipeline for build/test/deployof App X Ansible playbook for deployment of App X with its app services Owned by SecOps Operated by DevOps { "entityChanges": { "type": "explicit" }, "entity": { "name": "bak" }, "entityKind": "tm:asm:policies:filetypes:filetypestate", "action": "delete", "description": "Delete Disallowed File Type" }
| ©2020 F5 NETWORKS - CONFIDENTIAL27 Deployment options
| ©2020 F5 NETWORKS - CONFIDENTIAL28 Ingress Controller pod pod pod pod pod Per-Pod proxy Per-Service proxy Kubernetes adds several more locations to deploy Application Services API Gateway Load Balancer App Security Four locations to deploy Application Services: • Edge: External load balancers and proxies • Ingress Controller: Entry-point into Kubernetes • Per-Service Proxy: Interior service proxy tier • Per-Pod Proxy: Proxy embedded in pod Edge Standard App Protect NGINX-Proxy deployment
Demo BASIC ELEMENTS OF NGINX APP PROTECT
| ©2020 F5 NETWORKS - CONFIDENTIAL30 INSTALL NGINX APP PROTECT Demo Setup 10.1.1.4 Artifactory (App Protect) 10.1.1.7 Clean CentOS 10.1.1.5 App 8080 Host: InstallNGINX App Protect on NGINX+ @10.1.1.7 (VM)
Demo SECURITY AUTOMATION IN THE CLOUD
| ©2020 F5 NETWORKS - CONFIDENTIAL32 Linux Linux Linux Linux Linux Cloud NGINX+ NGINX+ NGINX+ NGINX+ NGINX+ OWASP ZAP Ansible Ansible Role Demo RAPID, CONSISTENT DEPLOYMENT AND PROTECTION 🔥 NGINX App Protect NGINX App Protect NGINX App Protect NGINX App Protect NGINX App Protect
| ©2020 F5 NETWORKS - CONFIDENTIAL34 Questions?
| ©2020 F535 September 15-17, 2020 VIRTUAL EVENT Sprint is a three-day virtual event designed to inspire and engage developers, architects, and operators looking to use NGINX technologies to develop and deliver modern applications at scale. www.nginx.com/events/nginx-sprint-2020 GOALS • Introduce solutions and evolution of NGINX. • Engage with the NGINX community and users. • Attract 1,500 live attendees/day.
| ©2020 F536 Day One: Keynotes SEPTEMBER 15 Duration: 2 hours Pre-recorded and streamed “live” • Provide thought leadership, roadmap review, and announce new solutions • Invite external influencers and maybe customers to present • Engage audience with post-keynote analysis from Tech Field Day Day Two: Demos SEPTEMBER 16 Duration: 1.5 hours Live, interactive session • Provide 6-7 short demos showing of NGINX and F5 products • Have demos build on each other, creating a single app by the end • Use delegates from TechField Day as audience proxy Day Three: Hackathon SEPTEMBER 17 Duration: 2-3 hours Live streamed session • Have teams present ideas and prototypes • Judge and award winners
| ©2020 F5 NETWORKS - CONFIDENTIAL37 Thank You!

Recommended

How to Get Started With NGINX
How to Get Started With NGINXHow to Get Started With NGINX
How to Get Started With NGINXNGINX, Inc.
 
Découvrez NGINX AppProtect
Découvrez NGINX AppProtectDécouvrez NGINX AppProtect
Découvrez NGINX AppProtectNGINX, Inc.
 
NGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJNGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJNGINX, Inc.
 
Application Security with NGINX
Application Security with NGINXApplication Security with NGINX
Application Security with NGINXNGINX, Inc.
 
Get the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXGet the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXNGINX, Inc.
 
Accélérez vos déploiements applicatifs avec NGINX Controller
Accélérez vos déploiements applicatifs avec NGINX ControllerAccélérez vos déploiements applicatifs avec NGINX Controller
Accélérez vos déploiements applicatifs avec NGINX ControllerNGINX, Inc.
 
Fundamentals of microservices
Fundamentals of microservicesFundamentals of microservices
Fundamentals of microservicesNGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
 

Recommended

How to Get Started With NGINX
How to Get Started With NGINXHow to Get Started With NGINX
How to Get Started With NGINXNGINX, Inc.
 
Découvrez NGINX AppProtect
Découvrez NGINX AppProtectDécouvrez NGINX AppProtect
Découvrez NGINX AppProtectNGINX, Inc.
 
NGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJNGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJNGINX, Inc.
 
Application Security with NGINX
Application Security with NGINXApplication Security with NGINX
Application Security with NGINXNGINX, Inc.
 
Get the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXGet the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXNGINX, Inc.
 
Accélérez vos déploiements applicatifs avec NGINX Controller
Accélérez vos déploiements applicatifs avec NGINX ControllerAccélérez vos déploiements applicatifs avec NGINX Controller
Accélérez vos déploiements applicatifs avec NGINX ControllerNGINX, Inc.
 
Fundamentals of microservices
Fundamentals of microservicesFundamentals of microservices
Fundamentals of microservicesNGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
 
Nim tames sprawl
Nim tames sprawlNim tames sprawl
Nim tames sprawlNGINX, Inc.
 
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...NGINX, Inc.
 
Migrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADCMigrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADCNGINX, Inc.
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
 
API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​NGINX, Inc.
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshNGINX, Inc.
 
What's New with NGINX Application Security Solutions
What's New with NGINX Application Security SolutionsWhat's New with NGINX Application Security Solutions
What's New with NGINX Application Security SolutionsNGINX, Inc.
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingNGINX, Inc.
 
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...NGINX, Inc.
 
NGINX Basics and Best Practices Workshop
NGINX Basics and Best Practices WorkshopNGINX Basics and Best Practices Workshop
NGINX Basics and Best Practices WorkshopNGINX, Inc.
 
Application Security with NGINX | APAC
Application Security with NGINX | APACApplication Security with NGINX | APAC
Application Security with NGINX | APACNGINX, Inc.
 
Secured APIM-as-a-Service
Secured APIM-as-a-ServiceSecured APIM-as-a-Service
Secured APIM-as-a-ServiceNGINX, Inc.
 
Relevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXRelevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXNGINX, Inc.
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX, Inc.
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerNGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerKatherine Bagood
 
Architecting for now & the future with NGINX London April 19
Architecting for now & the future with NGINX London April 19Architecting for now & the future with NGINX London April 19
Architecting for now & the future with NGINX London April 19NGINX, Inc.
 
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEAReplacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEANGINX, Inc.
 
Production-Grade Kubernetes With NGINX Ingress Controller
Production-Grade Kubernetes With NGINX Ingress ControllerProduction-Grade Kubernetes With NGINX Ingress Controller
Production-Grade Kubernetes With NGINX Ingress ControllerNGINX, Inc.
 
Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesKangaroot
 
Nginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkNginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkJuraj Hantak
 

More Related Content

What's hot

Nim tames sprawl
Nim tames sprawlNim tames sprawl
Nim tames sprawlNGINX, Inc.
 
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...NGINX, Inc.
 
Migrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADCMigrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADCNGINX, Inc.
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
 
API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​NGINX, Inc.
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshNGINX, Inc.
 
What's New with NGINX Application Security Solutions
What's New with NGINX Application Security SolutionsWhat's New with NGINX Application Security Solutions
What's New with NGINX Application Security SolutionsNGINX, Inc.
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingNGINX, Inc.
 
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...NGINX, Inc.
 
NGINX Basics and Best Practices Workshop
NGINX Basics and Best Practices WorkshopNGINX Basics and Best Practices Workshop
NGINX Basics and Best Practices WorkshopNGINX, Inc.
 
Application Security with NGINX | APAC
Application Security with NGINX | APACApplication Security with NGINX | APAC
Application Security with NGINX | APACNGINX, Inc.
 
Secured APIM-as-a-Service
Secured APIM-as-a-ServiceSecured APIM-as-a-Service
Secured APIM-as-a-ServiceNGINX, Inc.
 
Relevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXRelevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXNGINX, Inc.
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX, Inc.
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerNGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerKatherine Bagood
 
Architecting for now & the future with NGINX London April 19
Architecting for now & the future with NGINX London April 19Architecting for now & the future with NGINX London April 19
Architecting for now & the future with NGINX London April 19NGINX, Inc.
 
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEAReplacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEANGINX, Inc.
 
Production-Grade Kubernetes With NGINX Ingress Controller
Production-Grade Kubernetes With NGINX Ingress ControllerProduction-Grade Kubernetes With NGINX Ingress Controller
Production-Grade Kubernetes With NGINX Ingress ControllerNGINX, Inc.
 

What's hot (20)

Nim tames sprawl
Nim tames sprawlNim tames sprawl
Nim tames sprawl
 
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
 
Migrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADCMigrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADC
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps Workshop
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
 
API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
 
What's New with NGINX Application Security Solutions
What's New with NGINX Application Security SolutionsWhat's New with NGINX Application Security Solutions
What's New with NGINX Application Security Solutions
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
 
NGINX Basics and Best Practices Workshop
NGINX Basics and Best Practices WorkshopNGINX Basics and Best Practices Workshop
NGINX Basics and Best Practices Workshop
 
Application Security with NGINX | APAC
Application Security with NGINX | APACApplication Security with NGINX | APAC
Application Security with NGINX | APAC
 
Secured APIM-as-a-Service
Secured APIM-as-a-ServiceSecured APIM-as-a-Service
Secured APIM-as-a-Service
 
Relevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXRelevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINX
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerNGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
 
Architecting for now & the future with NGINX London April 19
Architecting for now & the future with NGINX London April 19Architecting for now & the future with NGINX London April 19
Architecting for now & the future with NGINX London April 19
 
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEAReplacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
 
Production-Grade Kubernetes With NGINX Ingress Controller
Production-Grade Kubernetes With NGINX Ingress ControllerProduction-Grade Kubernetes With NGINX Ingress Controller
Production-Grade Kubernetes With NGINX Ingress Controller
 

Similar to Securing Your Apps & APIs in the Cloud

Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesKangaroot
 
Nginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkNginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkJuraj Hantak
 
Load Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINXLoad Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINXAine Long
 
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEANGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEAAine Long
 
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJDeploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJNGINX, Inc.
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Building a Service Mesh with NGINX Owen Garrett.pptx
Building a Service Mesh with NGINX Owen Garrett.pptxBuilding a Service Mesh with NGINX Owen Garrett.pptx
Building a Service Mesh with NGINX Owen Garrett.pptxPINGXIONG3
 
From Code to Customer with F5 and NGNX London Nov 19
From Code to Customer with F5 and NGNX London Nov 19From Code to Customer with F5 and NGNX London Nov 19
From Code to Customer with F5 and NGNX London Nov 19NGINX, Inc.
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017Guy Brown
 
F5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-CloudF5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-Cloudabenyeung1
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service MeshRam Vennam
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...VMworld
 
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ... GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...James Anderson
 
.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp.NET Cloud-Native Bootcamp
.NET Cloud-Native BootcampVMware Tanzu
 
Openshift serverless Solution
Openshift serverless SolutionOpenshift serverless Solution
Openshift serverless SolutionRyan ZhangCheng
 
Cisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterCisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterF5NetworksAPJ
 
F5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxF5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxabenyeung1
 
Interop2018 contrail ContrailEnterpriseMulticloud
Interop2018 contrail ContrailEnterpriseMulticloudInterop2018 contrail ContrailEnterpriseMulticloud
Interop2018 contrail ContrailEnterpriseMulticloudDaisuke Nakajima
 

Similar to Securing Your Apps & APIs in the Cloud (20)

Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native Kubernetes
 
Nginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkNginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lk
 
Load Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINXLoad Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINX
 
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEANGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
 
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJDeploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Building a Service Mesh with NGINX Owen Garrett.pptx
Building a Service Mesh with NGINX Owen Garrett.pptxBuilding a Service Mesh with NGINX Owen Garrett.pptx
Building a Service Mesh with NGINX Owen Garrett.pptx
 
From Code to Customer with F5 and NGNX London Nov 19
From Code to Customer with F5 and NGNX London Nov 19From Code to Customer with F5 and NGNX London Nov 19
From Code to Customer with F5 and NGNX London Nov 19
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017
 
F5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-CloudF5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-Cloud
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
 
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ... GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
 
.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp
 
Openshift serverless Solution
Openshift serverless SolutionOpenshift serverless Solution
Openshift serverless Solution
 
Cisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterCisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data Center
 
F5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxF5 Distributed Cloud.pptx
F5 Distributed Cloud.pptx
 
Interop2018 contrail ContrailEnterpriseMulticloud
Interop2018 contrail ContrailEnterpriseMulticloudInterop2018 contrail ContrailEnterpriseMulticloud
Interop2018 contrail ContrailEnterpriseMulticloud
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Securing Your Apps & APIs in the Cloud

  • 1. Securing Your Apps & APIs in the Cloud VIRTUAL EVENT Aug 13th, 2020
  • 2. | ©2020 F5 NETWORKS - CONFIDENTIAL2
  • 3. | ©2020 F5 NETWORKS - CONFIDENTIAL3
  • 4. | ©2020 F5 NETWORKS - CONFIDENTIAL4
  • 5. | ©2020 F5 NETWORKS - CONFIDENTIAL5
  • 6. | ©2020 F5 NETWORKS - CONFIDENTIAL6 The Cloud Offers Promise
  • 7. | ©2020 F5 NETWORKS - CONFIDENTIAL7 More Specifically…
  • 8. | ©2020 F5 NETWORKS - CONFIDENTIAL8 VirtuallyAll Managed CloudApp Delivery and WAF ServicesAre Actually Managed Versions of… & But with a limited subset of config options exposed for both Legacy workloads are difficult to migrate without fully refactoring your apps first, increasing migration time and decreasing the chance of success And the limited feature set exposed is often lacking key needed functionality for greenfield apps as well
  • 9. | ©2020 F5 NETWORKS - CONFIDENTIAL9 And each cloud provider tends to tightly couple services with their own cloud
  • 10. | ©2020 F5 NETWORKS - CONFIDENTIAL10 Flexibility – Same configurations and software in every environment, and can be used to solve many different potential problems Simplicity – Potential for a single platform for App Delivery and Security to manage and monitor. Strategic Outcomes – Solve application routing and security problems once NGINX Plus RunsAnywhere
  • 11. The NGINX Application Platform A suite of products that together form the core of what organizations need to create applications with performance, reliability, security, and scale. 11 The NGINX Application Platform is a suite of products that together form the core of what organizations need to create applications with performance, reliability, security, and scale. The NGINX Application Platform includes NGINX Plus for load balancing and application delivery, the NGINX WAF for security, and NGINX Unit to run the application code, all monitored and managed by NGINX Controller. Ingress Controller
  • 12. | ©2020 F5 NETWORKS - CONFIDENTIAL12 12 NGINX Plus R22 Dynamic Application Gateway, unifying: • Load Balancer • API Gateway • Kubernetes IC • Cache Proxy • And more… Key R22 features: • OCSP Support • OIDC w/Multiple IDP’s • Enhanced OIDC metrics • Enhanced rate and connection limiting metrics • Nginx JS Support for Raw Header Object • And more…
  • 13. NGINX Plus CHRIS AKKER TECHNICAL SOLUTIONSARCHITECT NGINX
  • 14. | ©2020 F5 NETWORKS - CONFIDENTIAL14 FEATURES COMPARISON CONFIDENTIAL NginxPlus vs CloudLBs • Advanced L7 routing • Layer 4 & Layer 7 mixed • Dynamic Reconfiguration– No downtime • 120 Realtime L4-L7statistics • K-V Memory Store • HighAvailability options • Authenticationoptions • Rate Limiting • Advanced Caching • Health Checks • UpstreamAPI • CLI access • App Protect WAFoption ( New ) • Kubernetes Ingress Controller option • Cost
  • 15. | ©2020 F5 NETWORKS - CONFIDENTIAL15 15 • NGINX commonly used as Ingress Controller • Dynamic reconfiguration of endpoints (no configuration reloading - downtime) • Move Layer7 logic closer to the App, managed by DevOps • Additional metrics, provided by a streamlined Prometheus exporter • Dedicated Helm chart repository • Support for Custom resources to expose more NGINX Plus features • Health checks Nginx Plus Kubernetes Ingress Controller An advancedLayer 7 load-balancingsolution for exposingKubernetes Services
  • 16. kubernetes/ingress-nginx • Kubernetes community • Custom NGINX build based on OpenResty/LUA that includes third-party code • Community support only nginxinc/kubernetes-ingress • NGINX Inc Commercial software • NGINX Plus KIC • Significant Performance Increase • Enterprise support NGINX Ingress Controllers
  • 17. Demo Highlights ENVIRONMENT OVERVIEW NGINX PLUS DASHBOARD OVERVIEW DYNAMIC SCALING / RECONFIGURATION DYNAMIC LOAD BALANCING PROMETHEUS / GRAFANA INTEGRATION
  • 18. DemoArchitecture 3-node Kubernetes cluster, NginxPlus Ingress Controllers, for URL path routing with TLS. coffee service tea service pod pod example.com/coffee example.com/tea LoadBalancer (CloudProvider) Ingress Ingress K8s 3- node Cluster
  • 19. | ©2020 F5 NETWORKS - CONFIDENTIAL19 MORE INFORMATION AT NGINX.COM Demo Config of the IngressController • Kind = Ingress • Host = Host Header • TLS = True • Layer 7 url Path Routing • /tea and /coffee • Health Checks apiVersion: extensions/v1beta1 kind: Ingress metadata: name: cafe-ingress spec: tls: - hosts: - cafe.example.com secretName: cafe-secret rules: - host: cafe.example.com http: paths: - path: /tea backend: serviceName: tea-svc servicePort: 80 - path: /coffee backend: serviceName: coffee-svc servicePort: 80
  • 20. | ©2020 F5 NETWORKS - CONFIDENTIAL20 ● NGINX Ingress Controller https://github.com/nginxinc/kubernetes-ingress/ ● Examples https://github.com/nginxinc/kubernetes- ingress/tree/master/examples-of-custom-resources ● Testing the Performance of the NGINX Ingress Controller for Kubernetes https://www.nginx.com/blog/testing-performance-nginx-ingress-controller- kubernetes/ ● Release 1.8.0 blog post https://www.nginx.com/blog/announcing-nginx-ingress- controller-for-kubernetes-release-1-8-0/ Try it out
  • 21. NGINX App Protect DANIEL EDGAR TECHNICAL PRODUCT MANAGER NGINX
  • 22. | ©2020 F5 NETWORKS - CONFIDENTIAL22 0 2000 4000 6000 8000 10000 12000 14000 16000 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 YoY Increase in CVEs Note: Excludes any rejections or disputes. New vulnerabilities are discovered in all manner of software all the time They are exploited by both malicious bots and human attackers Do you know how many affect your application stack(s)? Can you keep up with the pace of published vulnerabilities? Do you want to?
  • 23. | ©2020 F5 NETWORKS - CONFIDENTIAL24 How do you protect apps? Active attacks Vulnerabilities Risk and address compliance
  • 24. | ©2020 F5 NETWORKS - CONFIDENTIAL25 Strong App Security Built for Modern Apps CI/CD Friendly NGINX App Protect
  • 25. | ©2020 F5 NETWORKS - CONFIDENTIAL26 Declarative Policy Helps CI/CD Motion INFRASTRUCTURE AND SECURITY AS CODE SourceCode Repository CI/CD Pipeline Tool IT Automation Applicationcode/config forApp X security policy/config forApp X Pipeline for build/test/deployof App X Ansible playbook for deployment of App X with its app services Owned by SecOps Operated by DevOps { "entityChanges": { "type": "explicit" }, "entity": { "name": "bak" }, "entityKind": "tm:asm:policies:filetypes:filetypestate", "action": "delete", "description": "Delete Disallowed File Type" }
  • 26. | ©2020 F5 NETWORKS - CONFIDENTIAL27 Deployment options
  • 27. | ©2020 F5 NETWORKS - CONFIDENTIAL28 Ingress Controller pod pod pod pod pod Per-Pod proxy Per-Service proxy Kubernetes adds several more locations to deploy Application Services API Gateway Load Balancer App Security Four locations to deploy Application Services: • Edge: External load balancers and proxies • Ingress Controller: Entry-point into Kubernetes • Per-Service Proxy: Interior service proxy tier • Per-Pod Proxy: Proxy embedded in pod Edge Standard App Protect NGINX-Proxy deployment
  • 28. Demo BASIC ELEMENTS OF NGINX APP PROTECT
  • 29. | ©2020 F5 NETWORKS - CONFIDENTIAL30 INSTALL NGINX APP PROTECT Demo Setup 10.1.1.4 Artifactory (App Protect) 10.1.1.7 Clean CentOS 10.1.1.5 App 8080 Host: InstallNGINX App Protect on NGINX+ @10.1.1.7 (VM)
  • 31. | ©2020 F5 NETWORKS - CONFIDENTIAL32 Linux Linux Linux Linux Linux Cloud NGINX+ NGINX+ NGINX+ NGINX+ NGINX+ OWASP ZAP Ansible Ansible Role Demo RAPID, CONSISTENT DEPLOYMENT AND PROTECTION 🔥 NGINX App Protect NGINX App Protect NGINX App Protect NGINX App Protect NGINX App Protect
  • 32. | ©2020 F5 NETWORKS - CONFIDENTIAL34 Questions?
  • 33. | ©2020 F535 September 15-17, 2020 VIRTUAL EVENT Sprint is a three-day virtual event designed to inspire and engage developers, architects, and operators looking to use NGINX technologies to develop and deliver modern applications at scale. www.nginx.com/events/nginx-sprint-2020 GOALS • Introduce solutions and evolution of NGINX. • Engage with the NGINX community and users. • Attract 1,500 live attendees/day.
  • 34. | ©2020 F536 Day One: Keynotes SEPTEMBER 15 Duration: 2 hours Pre-recorded and streamed “live” • Provide thought leadership, roadmap review, and announce new solutions • Invite external influencers and maybe customers to present • Engage audience with post-keynote analysis from Tech Field Day Day Two: Demos SEPTEMBER 16 Duration: 1.5 hours Live, interactive session • Provide 6-7 short demos showing of NGINX and F5 products • Have demos build on each other, creating a single app by the end • Use delegates from TechField Day as audience proxy Day Three: Hackathon SEPTEMBER 17 Duration: 2-3 hours Live streamed session • Have teams present ideas and prototypes • Judge and award winners
  • 35. | ©2020 F5 NETWORKS - CONFIDENTIAL37 Thank You!