A tool to demo a F5 Secure Cloud Architecture along with Automation ToolChain
This tool will help you deploy a full infrastructure on Azure including F5 VEs, VNETs, NSG, Linux and Applications with the use of Terraform and help you demonstrate the Automation lifecycle with F5's Automation Toolchain (DO, AS3 and TS).
The demo tool runs as a docker container.
$ docker run -dit -p 80:80 skenderidis/sca_demoTo get started...
In order for the demo to work you need to have your DNS zone configured in Azure under a resource group called "f5demo_dns". This zone is used to register the F5 devices that will be created as well as provide a public FQDN for the apps that we will be publishing. Note: It is important that the Resource Group is called "f5demo_dns" as it is being used by terraform to make all the neccessary configurations.
Follow the instructions on the following link on how to create a service principal. https://clouddocs.f5.com/training/community/azure-saca/html/class1/intro.html#create-a-service-principal
Follow the instructions on the following link on how to create programmatic deployments. https://clouddocs.f5.com/training/community/azure-saca/html/class1/intro.html#enable-programmatic-deployment. You have to enable programmatic deployment for the following 4 types:
"F5 BIG-IP Virtual Edition - BEST (PAYG, 25Mbps)"
"F5 BIG-IP Virtual Edition - BEST (PAYG, 200Mbps)"
"F5 Advanced WAF (PAYG, 200Mbps)"
"F5 BIG-IP VE – ALL (BYOL, 2 Boot Locations)"
To successfully deploy the infrastructure you will need to fill in at least the following information:
- Resource Group name (The RG name cannot already exist on your Azure)
- DNS Zone name (you should have already created this DNS Zone under f5demo_dns Resource Group name
- Select the license type you require (PAYG 25Mbps, BYOL, etc)
- Service principal details
Once the infrastructure is deployed, the Declerative Onboarding step will appear. Select only the modules you want to proviion and if you selected BYOL then you will be required to provide licenses for the F5 devices.
Important Note: For API High Availability you will need to press the "Configure CFE" button. Before you press the button you will need to go to Azure portal, select the resource group you have just created, go to Access Control and add role assignment (Contributor) for the 2 F5 VMs that we have just created. This will allow the F5 VMs to communicate with Azure API.
To publish a workload fill in the following information:
- Application Name
- Select the backend Services and the ports
- Choose if you require Persistence
- Select which functionalities to enable. (WAF, BOT and DDoS are not enabled yet)
This step is yet to be developed