F5 announced an entirely new lineup of services at their yearly Agility conference that promises to shake up the entire app delivery ecosystem in the cloud. At WorldTech IT, we’ve been looking forward to this announcement and are excited to share our thoughts on the big changes.
We’ve seen the same trends as F5; as applications continue to expand in scope, threats against apps increase exponentially, and you need to move quickly to mitigate them. Moving from legacy to modern technologies or maintaining multiple separate environments can further exacerbate these issues. As time goes on, the surface area required to defend against cyber threats can become enormous and unmanageable. The solution often results in leveraging components of cloud SaaS solutions – allowing you to focus on your apps & security, and not infrastructure.
What are F5 Distributed Cloud Services?
You probably know F5 BIG-IP’s role in protecting your web applications against malicious traffic, bot attacks, cyber fraud, and of course, making your applications highly available. Maybe you’ve noticed F5’s continued investment in security software and cloud offerings like NGINX, Volterra, and Shape these past few years. It’s all been building to this—F5 Distributed Cloud Services (XCS for short) are the next evolution in defending legacy infrastructure, modern apps, and APIs in one sophisticated Cloud SaaS solution.
Available through the F5 Distributed Cloud Platform, SaaS-based cloud-native app delivery and security services let you enjoy the benefits of central management while deploying anywhere your app needs to be. Services available on launch include the following:
- F5 Global Network Platform: This is the first app-to-app network specifically designed to secure and connect workloads across multi-cloud or edge, with the flexibility to host workloads for improved performance. Services include L3–L7+ DDoS protection, IPsec encryption between PoPs, segmented traffic using L3 VPNs, AI/ML threat protection, and top of line secure colocation facilities.
- F5 Distributed Cloud Multi-Cloud Transit: Enables multi-cloud networking (MCN) functionality with secure, high-performance connectivity between clouds and a network firewall. Integrate a Layer 3 to Layer 7 stack across networking devices with fine-tuned policies, management tools, and observability dashboards. Integrate across your preferred public cloud provider such as Azure, Amazon Web Services, or Red Hat Openshift.
- F5 Distributed Cloud Load Balancer and Kubernetes Gateway: Easily deploy modern workloads and microservices across distributed clusters, locations, and cloud providers through an integrated load balancer with Kubernetes and API gateways. Utilize HTTP, TCP, or UDP forward proxies; WAFs; AAA and RBAC access control; DNS, Consul, K8, or cross-cluster discovery; multi-cluster service routing; and end-to-end logging for observability.
- F5 Distributed Cloud DDoS Mitigation: Protect your apps against volumetric L3-L7+ DDoS attacks at the network edge, ensuring that the app still has global availability without impacting legitimate customers. Through single pane of glass visibility, provision on-demand, scale networks, expand capacity, deploy new services, maximize uptime and proactively defend against mitigated and active attacks.
- F5 Distributed Cloud WAF: Cloud-based protection for your distributed web applications, easing the burden and complexity of consistently securing apps across cloud, on-premises, and edge locations. Add a new app by defining the origin server, the field qualified domain name (FQDN), and associate it with a policy through a universal API. Employ AI/ML-based techniques with a signature-based WAF, see real-time investigative drilldowns, and harness a powerful rule-based engine to manage traffic.
- F5 Distributed Cloud Bot Defense: Protect applications from bots, automated attacks, scrapers, and exploits. Harness the best of Shape Security and F5’s AI/ML bot prevention on your implementation of choice while maintaining high performance.
- F5 Distributed Cloud API Security: Automatically discover API endpoints connected to your applications, prevent data leakage, and allowlist and monitor anomalous behavior. Deploy rapidly through SaaS using Points of presence (PoPs) for speed, scale, and protection. Observe all your API security and networking metrics in a single dashboard.
- F5 Distributed Cloud Client-Side Defense: An in-browser solution for security monitoring and mitigation. Protect customers from Magecart, formjacking, skimming, PII harvesting, session highjacking, account takeover (ATO), and other critical security vulnerabilities.
- F5 Distributed Cloud Aggregator Management: Embrace open banking while managing aggregator and third-party provider (TPP) risks. Give your customers full access to their data—anytime, anywhere, and any app—while protecting against credential stuffing and ATO risks.
- F5 Distributed Cloud Account Protection: Apply powerful Artificial Intelligence for Online Fraud Protection. Block fraud missed by existing tools, slash friction for legitimate consumers by 90%, and reduce workloads for fraud teams. Evaluate transactions with telemetry, environmental, and behavioral data, connect context to user intent and feed the closed-loop AI for fine-tuned security solutions.
- F5 Distributed Cloud Authentication Intelligence: Eliminate excessive and annoying login requests for legitimate returning consumers, reduce user interface friction, boost topline digital revenue, and improve customer experience, all while leveraging world-class artificial intelligence for the heavy lifting.
Plenty of the changes come down to simplifying and consolidating existing F5, Shape, and Volterra services. Many of the modules and features you’re already familiar with now live under F5 Distributed Cloud Services, including F5 Distributed Cloud DDoS Mitigation, F5 Distributed Cloud Bot Defense, F5 Distributed Cloud WAF, and F5 Distributed Cloud API Security.
You might think these are a lot of individual services to implement, even if everything lives in the F5 Distributed Cloud Platform. Fortunately, F5 has considered this issue and developed Use-Cases that deploy complementary cloud services together, starting with Web App and API Protection, Multi-Cloud Networking, and Distributed Cloud Application Delivery Network.
Use-Case: Web Application and API Protection (WAAP)
The primary use-case introduced alongside F5’s DCP is F5 Distributed Cloud Web Application and API Protection. Otherwise known as WAAP, this solution simplifies security and automates processes, letting teams focus on their app rather than its security.
A lot of this will sound familiar. The best Web Application Firewall on the market powers WAAP, none other than F5’s Advanced WAF (AWAF). Also included are the Bot mitigation, DDoS, and API protection you expect from F5 products. The difference is that now these features deploy into a single solution that makes it easy to enforce consistent security policies across an entire environment.
At first glance, you might also think that F5’s Distributed Cloud WAAP sounds like a Content Delivery Network. Looking deeper, you’ll find that a CDN can’t compete with the breadth of features and security features WAAP provides.
| Features | Traditional CDN | Distributed Cloud WAAP |
| Automation for deployment and policy changes | ✓ | ✔ |
| Visualization for violations, traffic patterns, and DDoS events | ✓ | ✔ |
| API auto discovery and allowlisting | ✓ | ✔ |
| Signature scanning and AI/ML for anomaly and malicious user detection | ✘ | ✔ |
| AI/ML for false-positive identification and elimination | ✘ | ✔ |
| Backbone, smart routing, and origin tunneling | Some | ✔ |
| Deployment modes for on-prem (customer edge), public cloud, and F5 global network | ✘ | ✔ |
| Threat campaigns for high-accuracy targeting of threats and intent | ✘ | ✔ |
| App deployment and protection in one common platform | ✘ | ✔ |
Use-Case: Multi-Cloud Networking
The next Use-Case relieves NetOps and DevOps teams from the hassle of managing multiple services across one or more clouds. With Multi-Cloud Networking, organizations can deploy faster, simplify tasks and infrastructure, deliver global and private app-to-app networks, and leverage private connectivity with F5, SaaS, and public cloud providers.
Compared to other solutions, don’t forget the added benefit of consolidating your services under a single platform for observability and management.
| Features | Other solutions | Distributed Cloud Mesh |
| Consolidated L3-L7 networking + security service | ✘ | ✔ |
| Multi-tenancy + self-service for NetOps and DevOps | ✘ | ✔ |
| Multi-layer security | ✘ | ✔ |
| App-to-app connections without exposing the underlying network | ✘ | ✔ |
| Global physical network | ✘ | ✔ |
| Automation assistance for NetOps | ✓ | ✔ |
| Security service insertion | ✓ | ✔ |
| Observability and analytics | External | ✔ |
| Lifecycle management | Controller | SaaS |
Use-Case: F5 App Delivery Network
The final Use-Case offers a new way to deliver modern apps with unparalleled performance and global scale—without servers, complex infrastructure software, or DevOps time. F5’s App Delivery Network (AND) offers cloud-native computing capabilities to improve the end-user experience by distributing applications to the edge of the F5 Global Network.
Again, the comparison to a CDN might seem like an easy reach, but the app delivery specialization is what sets the ADN apart.
| Features | Traditional CDN | Distributed Cloud ADN |
| Full-featured, K8s-based app platform | ✘ | ✔ |
| Works without an origin server | ✘ | ✔ |
| Automated deployments and rollbacks | ✘ | ✔ |
| GitOps and CI/CD tooling | ✘ | ✔ |
| Multi-layer security | ✓ | ✔ |
| Cache management | Required | Not required |
| Observability | Network | Network + apps |
How can I get started with F5 Distributed Cloud Services?
F5 Distributed Cloud Services, WAAP, ADN, and Multi-Cloud Networking are live! The services announced are just the beginning of F5’s entry into the Software as a Service market. The services rolling out today and future cloud-based tools will be an essential addition for organizations looking to simplify, secure, and manage expansive app environments.
WorldTech IT can assist in deploying and maintaining your Cloud Services through F5. While this new tech will undoubtedly save any organization time and money, the majority of organizations still need the expertise to design and maintain a solution specific to their needs. With so many services available, WorldTech IT can also assist in nailing down exactly what you require. Contact us today to purchase and deploy F5 Distributed Cloud Services!
Leave a Reply