If you have come to this blog, then probably you are an F5 engineer who has been spending a lot of time in F5 Device upgrade and is looking for a way to automate the process. Worry not, my friend; the solution is here. Read along!
To improve the security, performance, and total cost of ownership of your BIG-IP systems, F5 advises that you maintain the software on your BIG-IP appliances up to date. Keeping your BIG-IP systems up to date is vital for business owners and network operators.
According to F5’s latest research on the state of applications, 97 percent of enterprises are operating what are described as “conventional applications,” which are those with a monolithic, client-server, or three-tier architecture. Traditional applications often enable the most mission-critical operations within an organization because they were created over several decades to answer the most significant IT enablement needs.
Traditional applications are brittle because they were written in languages that are no longer commonly used, traffic patterns to those apps have changed, or security flaws in these applications remain ignored.
Most organizations give priority to maximizing operational efficiency and minimizing the total cost of ownership when it comes to old applications. Application delivery and security for an older application require a sheathing layer with built-in application security and delivery technology that can solve the issues in the application itself.
This is accomplished by integrating application delivery with application security, utilizing programmability around application services to fill the holes in the application, and pushing the automation envelope.
F5 device Updates vs. Upgrades
F5 device Updates include moving across minor versions (e.g., v14.1.1 to v14.1.2 or v14.1.1.3 to v14.1.1.4). Security enhancements, configuration changes, and updates that are backward compatible are all included in Updates.
Upgrades require moving across major versions of BIG-IP (e.g., 14.x to v15.x). Major version upgrades generally introduce changed behavior and new functionality and therefore require certification, comprehensive testing, and lengthy execution cycles. Both F5 device updates and upgrades need upfront planning and systematic execution.
Watch F5 Big-IP upgrade in action
You can better prepare for the installation if you know whether you’re doing an update or an upgrade. If you’re upgrading, make sure you’re aware of the new features included in the release and whether they apply to you. Updates, on the other hand, do not modify the default behavior of the application. As a result, they may not require the same level of validation and certification as an upgrade.
Benefits/Objectives of performing F5 device upgrades/updates on time
Business Objectives
- Reducing TCO by lowering the cost of monitoring, administering, and troubleshooting BIG-IP systems throughout the entire estate by keeping them up to date and consistent.
- Reducing the risk of business disruption by ensuring that the BIG-IP systems that power mission-critical apps have the most recent bug fixes, security updates, and performance improvements.
- Increasing business agility by automating processes and consolidating application delivery and security using a best-of-breed strategy.
NetOps Objectives
- Adopting a standard operating model across the organization for better agility.
- Save on time and improve operational accuracy.
- Respond to business demands in real-time, minimizing upgrade window and downtime risk.
Moving from the traditional manual approach to automation
In a manual NetOps environment, network operators need to devote time and resources to ensure that they are running the latest application versions and getting the latest capabilities and ensure the security around those vulnerable traditional applications doesn’t become as fragile as the traditional application itself.
Traditionally upgrades are performed by first configuring all of the pre-upgrade prerequisites and then upgrading all of the devices. If a version upgrade is in progress, it may be required to push numerous updates one at a time.
Also, upgrading F5 BIG-IP® devices to their latest versions is a complex, multi-step process. Doing it manually means an error-prone process that usually runs for weeks. Adding to the complexity is the lack of visualization of process flows for NetOps.
ADC+ automation with centralized operations management
AppViewX’s Application Delivery Automation solution allows you to upgrade all F5 BIG-IP devices in your infrastructure at the same time, eliminating the need to update each device individually. You can define the order in which updates should be applied to your devices if there are several updates to be applied. NetOps can plan and schedule when the updates should be pushed to the devices with ADC+. The Upgrade process is logged, and reports are generated.
Using ADC+ upgrades to F5 BIG-IP® devices are managed through a single GUI with a self-service automation catalog. There are pre-built automated workflows for performing device upgrades as well as workflows for Common Vulnerabilities and Exposures that can be scheduled and/or run on-demand (CVE) checks.
NetOps can perform upgrades with Intelligent Pre & Post validation checks through a series of simple steps.
Using ADC+, organizations have reported 90% automation of the entire F5 Big-IP upgrade process and upto 70% reduction in TAT. Download this infographic to know more.