SDN Journal Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, Pat Romanski, TJ Randall

Related Topics: @DevOpsSummit, Containers Expo Blog, SDN Journal

@DevOpsSummit: Blog Feed Post

The Power of Programmability By @LMacVittie | @DevOpsSummit #DevOps

The power of programmability associated with app services

The Power of Programmability Goes Beyond Load Balancing

Most of the time when we think about (and honestly, talk about) “programmability” of app services (in the network) we end up illustrating its potential by using load balancing or perhaps app security.  That’s because the possibilities seem endless for those services, with countless examples to be found.

But the power of programmability associated with app services – the “software defined” piece of Software Defined Application Services (SDAS) – is not relegated to just load balancing and app security. It can also be applied to other app services, like DNS.

I know, DNS is not often associated with app services but it is. It’s use today is almost exclusively to direct users to the right location of an app on the Internet. It’s an app service, translating IP addresses into much more interesting (and memorable) host names.

And it’s vulnerable. Right now.

The Internet (or at least parts of it) got pretty upset by the notice that BIND (probably the most ubiquitous DNS implementation on the planet) was vulnerable to CVE-2015-5477. It would probably get more attention (and the entire Internet upset) if it had a snazzy name like “Stagefright” or “Heartbleed” but DNS is used to being left out of the spotlight that way.

It is getting noticed, however. Just not by the kind of folks you invite to the data center for a tour.

Ars Technica is reporting the vulnerability is being actively exploited and the accompanying article contains more information on how to grep through those logs to find out if you’re under attack.

Now that you know that, you might wonder what to do. Well, there is a patch – that’s always best way to address a vulnerability.

That said, what caught my eye was a statement in an article (that shall remain nameless and linkless) claiming “There’s no specific way to protect against the attack, other than installing the patch immediately.”

Actually, there is. Which brings us to the point of this post: programmability.

BIG-IP DNS is just as programmable as the other app services that make up the “Availability” services in F5 Synthesis. Those are load balancing and global server load balancing, if you were wondering. DNS is critical, CRITICAL I say, to availability. Without DNS most mobile apps would simply stop working because they depend on importance data path programmability 2014DNS to locate its data-center counterpart for login and status updates and what-have-you. Without DNS most people would assume the Internet was broken because they don’t actually memorize the IP addresses of the sites they frequent.

And when that DNS is either served directly by or virtualized by BIG-IP DNS, well, it’s also programmable. It’s got a full set of DNS related rules that can aid in just the situation we find ourselves in today: a vulnerability that threatens it.

A very short rule (really, it’s 6 lines and that’s counting the closing braces required) will simply reject any DNS “TKEY” request. Go ahead, you can check it out right here on DevCentral.

That’s important to know in case you can’t patch immediately for any number of reasons that often cause delays in patching platforms – especially in large organizations. The blast radius from a patch gone bad in the network to any critical service (like DNS) can be daunting enough to encourage a more cautious approach. That’s one of the reasons programmability is an invaluable tool in the security toolbox – because it allows for immediate virtual patching of a vulnerability until the service or platform or application is patched through normal channels.

The ability of organizations to use programmability of app services to respond to threats like this (and others) is important. The majority of respondents in our State of Application Delivery 2015 report (spoiler: and again in our upcoming 2016 report) placed a high level of importance on just this capability and no doubt they take advantage of it to tailor application services to address the unique challenges every organization eventually faces – as well as the shared challenges posed by vulnerabilities across the application and infrastructure stacks.

Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.

CloudEXPO Stories
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next-gen applications and how to address the challenges of building applications that harness all data types and sources.
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments that frequently get lost in the hype. The panel will discuss their perspective on what they see as they key challenges and/or impediments to adoption, and how they see those issues could be resolved or mitigated.
CloudEXPO New York 2018, colocated with DevOpsSUMMIT and DXWorldEXPO New York 2018 will be held November 12-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI and Machine Learning to one location.
DXWorldEXPO LLC announced today that Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, software-defined solution with rich machine intelligence.
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.