 So guys you all heard about the UDP packet walked into bar it went unacknowledged All right, that was a network joke All right. Hello everyone. My name is John Gruber. I'm with F5 networks and I seem to be the perennial presenter for our vendor summit Today we're going to talk about being all in So I want you to get used to thinking of the thought about being all in because it wasn't something F5 got immediately This is your F5 mea culpa You saw in the keynote addresses where they talked about the difference between getting the technology and getting the community or getting the culture Well, we got the technology in fact last year we stood here and talked about our LBAS driver We have LBAS v1. We have LBAS v2. We talked about all these operational features We have in our agent nobody else has we talked about being able to scale out environments being able to differentiate environments all this stuff and Then we told you to go get it from dev central We told you it was a RPM or a Debian package and we said this is how you obtain our software and this is how you deploy these solutions It worked many of our customers followed us down this journey and they said we should do this and they started saying things like this Because they were asking a very fundamental question and that was did we actually get the culture and it turned out There needed to be a drastic change inside of F5 in order for us to say that we got the culture and I'm very proud to be able to say we got it Because we started a team in Boulder, Colorado started over we picked folks that had the mindset not of a enterprise networking company but had the mindset of more entrepreneurial thinking and We said our open-stack efforts needed to be seeded out of there Because we needed to be able to say something to you that we hadn't been able to say so far and that is we are Wow, I'm glad you guys can read now. What that means for you is that our software That you used to download and look like this Now looks like this. That's github That's better and it's a little more important than that because what you're gonna find out is all that code on github in The repos that are there that you can see we have supported code in that repo Which means you can call us and more importantly than that That means I can come out to you and we can make creative solutions together Simply by forking the repo doing the work doing a pull request against our repo get our Travis CI to kick off on this Do all of the testing if it gets in our master branch. It's now a supported solution. I Couldn't do that with you before and in fact, we're doing all of our development in github So you can even see really wonky things like When our developers, I don't know who that idiot is puts bad commits in It's all there and you can see it because once again, we figured it out finally and we're Wow, you guys are slow someone said on Alright, so let's talk about what that means that means we now have an aggressive roadmap for OpenStack That means we can start building the services with our customers That means our smart customers are now taking the feedback they have from us and they're pushing it back We have a lot of great plans and we're very excited by the way you can have the meeting We can show you this in detail and talk about in detail But we wanted to let you know that this is a cultural shift at f5 This is a change in who we are and how we behave with you and customers and it was OpenStack that pushed us there Now what does this mean? Well today? We have to adjust our products to be more like you because once again We've decided to be all in today if you went and got our software plants to say for a second You'd get it from downloads at f5.com. There's export controls. There's all this enterprise stuff on it There's all these images and what you would get is a very generalized Virtual appliance that was built to work on multiple hypervisors and do all these things nothing that's necessarily all in about this So what are we going to do? We're going to do what a good community member would do we're going to take heat Non-proprietary you can do this we're going to take heat. We're going to take a little cloud in it We're going to take that V and we're going to make it an OpenStack V and then we're going to put it into Your glance repository and then we're going to publish a nova flavors because you can orchestrate this stuff in OpenStack, right? And any vendor that's all in should and that's what we're doing. So We're going to do it based upon a policy file that's written in JSON because that's kind of an OpenStack thing to do Right and it's going to synchronize so you can decide what f5 software you want an f5 software you don't want Again, we're going to patch the images. We're going to publish them in the glance for you We're going to add specific nova flavors that look good. So you're not burning out your quotas running ADCs Now what that means is we've transitioned our products from being generalized to being ones That are really OpenStack specific they integrate with OpenStack. They pull metadata for your keys They do security integration right with OpenStack with Neutron All the network service integration is there when you launch the devices and we do our own licensing orchestration So that what you get when you start them looks like a fully active ADC in OpenStack Let's show you this again. Are you seeing anything proprietary here? Are you just seeing heat templates? They're heat templates and they're on get hub and they're visible and you can use them and they're supported because F5 figured something out and we are All right, who said it? I'll throw it to the center Up lousy shot. Okay, and you'll notice as these things build all we're going to do is launch a little instance read the policy file We're using cloud. We're losing a cloud in it instance to orchestrate this whole thing And you'll start to see all of our software show up in your cloud again. We're patching the images We're going to push them in To glance and then we're going to add your nova flavors all F5 software functionality is available in your OpenStack cloud. Let me repeat that all F5 software functionality is available in your OpenStack cloud So what this translates to you is we just gave you a Lego block and Let's ask how creative can you get with a Lego block? It's a block a little imagination later. It's a whole lot more, isn't it? And if you notice again, you don't have to publish all these things, but you see we're publishing all of our software So it's available to all your tenants. This is an admin task, but again, it's the Lego block Now Lego blocks are neat, but we should want more than red bricks Don't you agree? And F5 has a bunch of different colors of bricks. In fact in this example again We're launching heat template notice you're setting you're setting your your default accounts on your appliances passwords right here But we also do a bunch of other security stuff randomized passwords and other good things you should do in cloud In this case, however, we're not just building red blocks We're going to build blocks this time through the heat template and again fully open You guys can use these things that our web application firewalls These don't show up as just generalized ADCs notice some common security group things So we're not wasting a bunch of space notice the license integration These are showing up as our ASM product or the web application firewall You can launch these things in pods and we're doing all the orchestration for you It's all on GitHub. It's all done in an open-stack way now. We built a wall walls are cool But they're not the only thing you can do right F5 has made a living and helping applications be better Add a little neutron integration and a little more heat maybe a cloud in it script here and there and again all from us Even integration with our own management platform with big IQ and we're going to do one further step for you We're going to change from just doing things like walls or just doing things like load balancers To doing full clusters. Why because we know that's what people use F5 for they use the F5 high availability Which by the all the things you're used to seeing I'm going to ask how hard is true availability in a open-source proxy How hard is it? This is why you have vendors We do high availability. Do you think we should be able to orchestrate that whole high availability for you? Yeah, we can do it an active standard. We could do active active active. This is the kind of company because this is Really using the ADC for what it was built for and that is to be the platform on which you develop your application Which is the middleware that gives you all that functionality all that business logic all that stuff You've been doing with that five for all these years in your open-stack cloud and now again We've moved forward in our little Lego block history and now you have full clusters. You have pulled license management You have fully operational tenant networks coming up. Everything's ready to go You can put the initial config on the box You can do everything you want to do because again in this picture and we'll show it running to you You're gonna get sick of me saying this do you see anything proprietary here? No, this is all heat. This is all open source. This is a patchy to license This is supported because we figured it out because we are finally Yeah All these years I've been working to try to try to we open stack. We got it We finally got it and again watch this will launch it will flow flow that will put the whole cluster together for you We'll launch the various instances. You'll notice in this orchestration. There was only really one object that object represented the whole cluster Now with all the now to platform now you can build it And you'll notice when we look at the heat at the heat stack all of our heat stacks are built So on their outputs, you'll see the output here We output all the variables necessary to let a higher level orchestrator consume these platforms So if you have a higher level cloud orchestrator, it's just reading the outputs from heat and programming this now ADC platform you have associated with your application and again We're just left the floating a piece so we could log in and show you that we weren't kidding. It's actually all the way clustered It's all the way done. It's ready to go. It's ready to be the platform in which you deliver your application So now if we go a little bit more from the platform idea, we can sit there and say once again We're gonna a little more heat and by the way heat's composable. You all appreciate that, right? so we do Lego blocks we build them up and up and up and We can do things like add a separate controller for things like firewall control for centralized control of firewalls or WAFs and we can add this whole picture together. How many Know what Lego Mindstorm is? That's where you take your Legos and you add some neat things and you get this remote control thing for them And you can get them to automate and do really cool stuff, right? Well that automation is unique to Legos and sometimes the automation is unique to F5 So in this picture right here, we're going to take that same wall that we built before We're going to build it again But this time we're going to take those elements in that wall and we're going to register them with the centralized manager So what does this mean? That means a cloud provider can do things like launch a WAF inside of a tenant for them and manage it back at the sock Does that make sense? Because who really knows how to run a firewall probably the security guys in the enterprise They can launch these within the tenant and then manage them centrally in the sock and you'll see it We fired all up and again this time we're building draw bridges. Why because these things are automated I can move them up and down. I can change the policies I can do all of these things in a centralized fashion They're showing up in our orchestrator and everything's happening now I'm showing you our control panel the thing that was on that Lego Mindstorm iPad thing But all of the integration for the infrastructure remember the keynote address that said the infrastructure services layer all The orchestration with the infrastructure layers all done through heat It's all open source. It's all given to you because we wanted to make sure we were doing it in an all-in way Everybody understand that? centralized managed tenant ADC services But that's not the only thing we can do Inside of f5. We already have a technology to do declarative deployment of complex ADC services These are the l4 through 7 services that add the special things to your application This is the reason why you buy f5. This is the feature set that that keeps growing that we keep that we keep Adding to the feature to let specific things happen like building a mobile application where the tcp layer is tuned For mobile networks That's pretty neat. That's all stuff you can do with f5 now if we're giving you a library of functions and we have this advanced Templating language ourselves. What do you think we're going to do if we're a vendor who's decided that we're all in? We're going to marry it to heat We're gonna expose all of our iApp templates through heat Which means once again? You have full control of your f5 device. You have control of every l4 through 7 feature from heat Is that what you wanted? Let's see it now. This one's kind of an interesting one because because heat's composable What you'll see from us is we're going to launch the whole app and this is what you wanted You're going to launch the web servers You're going to actually launch the entire ADC cluster You're going to sit there and then proceed to use our iApp integration and we'll show to you This is the heat template notice I'm using a standard f5 iApp and inside this iApp you'll see custom f5 heat resources which you put on your heat engine There's the one right there that maps it to the iApp language for f5 and as you go through you'll see that you can do lots Of things here's wan compression. There's your TCP optimization for mobile This is for a mobile application as you go down you'll see SSL offloads on there You see cookie persistences to find Anything you can do there's message by message for web applications land optimized towards your servers all the good things You count on from us and you'll see it's a pretty simple thing There's iRules you could tax my rules in there if you want all your pool members all of this is exposed through heat So that you can build orchestration layers on top of this so that you can make this part of your application deployments in your cloud Look what we built now Something that'll do the Kessel run in 12 parsecs Out of Lego blocks those Lego blocks from the community and again to show you that we're doing this We already showed you the VIP we actually left the big IP Self IP attached so that bring the demo so we could log in and show you everything that's been exposed But this is what the heat template built you'll go through and notice the standard template There it is Look at all that config look at all that stuff that got exposed to the template. It's all there L4 through 7 services fully exposed to you through heat all of the features Now one of the thing I did want to show you is like all things because you should absolutely follow lifecycle management of Open stack when you're doing infrastructure as a service type deployments watch what happens when I delete it I just deleted the stack notices changing watch this what's going to happen to my oh, it's gone Why because I deleted the stack Isn't that what you wanted it should follow the lifecycle management for virtual functions from open stack You have every bit of software we have every bit of functionality the f5 has you have in your open stack cloud today supported through open source orchestration So whether we're talking to you about big old multi-tenant services like lbaz or lbaz v2 or taking over the else L3 router later this year or moving into the firewalls of service for the perimeter all those multi-tenant infrastructure services Or whether we're talking to you about single-tenant application deployments of your ADCs It's all there You have every bit of functionality we have and again it was all exposed Through open stack means because after all these years we finally figured it out And I'm very pleased to say All these solutions are open-stacky it's open-stacky because Thank God Took a long time, but we're all in Questions So so he asked a question about the ve if neutron breaks same exact analogous picture to your old data center if your switch broke This is why you have ha if you notice in the heat templates we use to launch our ve's We actually give it a parameter for let you put it in an availability zone So if you've set your availability zones properly, we'll make sure the ve's that are ha aren't aren't on the same Hypervisor so if that neutron instance goes poof If that that agent decides then that's that soft switch decides to go away It's the same case as you would in a physical data center if the switch went away and we failed over Make sense Any other questions anybody want to talk about anything hard we should be doing? Yes, sir So Mike asked about setting up users in f5 and the answer is heat will follow the authorization model the individual f5 things set Up as in the tenants themselves those are autonomous Those are autonomous to the tenant and there's some good reasons to have them be such on the multi-tenant stuff We need to talk there's some stuff coming but for the single tenant pieces those belong to the tenant Does that make sense their idea of what authenticates and what doesn't needs to belong to the tenant? Okay How does licensing work? It's a wonderful question. You just saw it's blitz right through that We have both at scale which is what we call our internet sass licensing Which means the boxes go out and talk to activate that f5.com and we have this thing called It's a pool manager. It's a pool license manager that gets set up as part of your infrastructure They heat templates themselves support both type of license orchestrations So if you decide to put in a base key so it's bring your own key And it goes against our sass service that works as part of the orchestration if you have it can point me to the license Server in there you put in the license server destination You tell me what pool you want it to be part of the heat template licenses the device right from there So all of the license orchestration in both license activation types f5 support are supported in our heat templates Does that answer it? You want us to do that. You don't want to do that. Yeah He wants us to pay for it too. Well, you know All things can we make the license server highly available? Haven't yet, but that would be heat template thing on my side Sounds like something you and I should fork the repo and get working and then we could give it back to all of these guys Because that's what it means to be all in that means Mike and I can make this happen Means I can go to you with the smart design I can fork the repo get it to work the way you want it to work and we can push it back up through the repo So we can give it to the rest of everybody else That's pretty cool We're waiting to do that for a long time Well, if that's it, I've got 50 seconds. I can give back so in 50 seconds. I'm just gonna throw hats Anybody rather have a kushmall. Whoa Hands up. Oh Got a question. Sorry. I'll see if I can do this both at once Yes Not yet But again something we could fork and something we do we have we have a couple at CD type integrations that are doing the exact Same thing there should be no reason we can't get that to work Everything is exposed through an API those APIs can you can follow the exact way? We're doing through our templates to get it to work Let's talk about what you want it to do and again, we can push it back up That's the power of what our culture change meant is that you and I can have that conversation. I think that's it