SOLUTION GUIDE

AUTOMATE DEVOPS/SECOPS
DEPLOYMENT WITH CI/CD
PIPELINE INTEGRATIONS
The continuous integration and continuous delivery (CI/CD) practices of software
development promise to bring new software or new features to market faster.

AUTOMATE DEVOPS/SECOPS DEPLOYMENT WITH CI/CD PIPELINE INTEGRATIONS 1

 By focusing on frequent code integration, automated testing, and keeping
the mainline code version in a state that is deployable to production at any
time, CI/CD aims to eliminate the risks and friction of traditional waterfall
software development. Add to that the practice of continuous deployment
and you can move to a situation where the latest and greatest software version
is not just always ready to be deployed—it’s deployed on a frequent basis.

The practice and culture of CI/CD is supported by critical software tools

that enable an application to go from new code version to fully tested
feature delivery in alow-friction work flow with minimal human intervention.
Alongside the evolution of highly virtualized, automatable cloud and
CI/CD AIMS TO ELIMINATE
container platforms, this innovation in delivery methods has contributed to
THE RISKS OF TRADITIONAL the rapid increase in the number and functionality of applications in a typical
SOFTWARE DEVELOPMENT enterprise. It’s no wonder applications are becoming a key asset of any
business.

No matter how or where applications are deployed, however, they need the
support of application services such as traffic management, content routing,
bot defense, and API security. Most well-functioning CI/CD pipelines handle
the integration and deployment of application code with minimal human
intervention. However, many organizations still manage application services
and policies—often manual configurations of network and security policy—
through a slow, ticket-driven process.

This can sometimes lead to decisions to bypass corporate security policy,

network operations,and other controls in favor of releasing code quickly.
How can you ensure that critical applications get the services they require—
without slowing down release cycles?

INTEGRATE APP SERVICES DEPLOYMENTS INTO

DEVELOPMENT WORKFLOWS
You need powerful application security and optimization services integrated with the
container platform management plane.

The only viable solution is to insert the configuration and deployment of app services into the same
tool chain that is being used to deploy the rest of the software stack. Integrating code and artifacts
to insert application services into the workflows that build, test, and then deploy applications has

AUTOMATE DEVOPS/SECOPS DEPLOYMENT WITH CI/CD PIPELINE INTEGRATIONS 2

 two key advantages:

• Application code is tested with production-version application services in place. If there are
interoperability issues between a security policy and a new software feature, they can be
detected during the testing process and the software build can be aborted.

• Applications deployed to production get the security and application delivery services they
need—at the time they need them. Instead of being additional components that are not
automatically deployed, application security services and DDoS mitigations can be deployed
alongside applications at every step of a workflow.

HOW IT WORKS
A typical deployment workflow contains a number of services. Sometimes more than one of
these services might be provided by a single component, but in general the following buckets of
functionality exist:

INTEGRATE CODE TO INSERT

INTO THE APPLICATION
SERVICES WORKFLOWS THAT Service Catalog Source Commit

BUILD, TEST, AND DEPLOY

APPLICATIONS Source Code Automation Element App. Service
Orchestrator
Manager Tool Manager Platform

Source Code Pipelines and Config Management Platform Management App Services Delivery
Repo - IAC Workflows Playbooks Logging Reporting Telemetry
Revision Control Approvals
App Services Catalog Certificate
Webhook Scheduling Management

Application
Service

Security
Optimization
Traffic Management

AUTOMATE DEVOPS/SECOPS DEPLOYMENT WITH CI/CD PIPELINE INTEGRATIONS 3

 Source code manager (SCM)—This is where application code, infrastructure code, and the other
text-based artifacts needed to build and deploy an application are kept. The SCM is generally the
“source of truth,” because in an ideal world, changes to the application or infrastructure it runs on
can only be made by altering the source and running the workflow. Application services definitions
and configurations need to be stored under source control where they can be managed
and versioned.

Orchestrator—Converting numerous text files into the next social media platform requires multiple
jobs, steps and, possibly, approval processes. An orchestration tool creates software build, test,
and integration pipelines—plus jobs to create the test infrastructure and configurations. In many
cases, approval steps might still be required to complete the deployment of built software into

APPLICATION DEPLOYMENT production environments. Application services, too, need to be created by the orchestrator,

WORKFLOW SERVICES sometimes directly integrating into application services platforms and sometimes via secondary
automation tools.

Automation tools—When infrastructure components such as server instances, networking

components, and application services need to be created or altered by an orchestrator, an
automation tool is often used. This might be a locally installed and managed service such as
Ansible, or it could be a cloud service, like Amazon Web Services CloudFormation (and, as with all
things DevOps, there are multiple ways to string tools together).

Element managers—These often act as a target of the automation or orchestration tools. They
represent the automation interface to the infrastructure that actually supplies the services. While
not present in every architecture, element managers can manage licensing, telemetry, reporting,
and platform software versions—plus act as an additional layer of authentication and authorization
for service creation.

Service platform—Generically, a service platform is made up of the components providing the

service, like a container, or an application proxy. This is the ‘final destination” of application or
infrastructure code, a running service on a compute instance, a load balancing process, or an
application-layer firewall configuration.

Of course, something has to initiate the workflow. This might be done using a service catalog with
predefined actions based on a series of templates. Service catalogs can be GUI driven or deployed
via API. In other cases, simply committing new or altered code to a repository might result in
triggering a delivery or deployment workflow using triggers built into the SCM.

AUTOMATE DEVOPS/SECOPS DEPLOYMENT WITH CI/CD PIPELINE INTEGRATIONS 4

 THE ARCHITECTURAL COMPONENTS
To integrate app services deployments into CI/CD workflows, organizations can leverage
a few F5 components.

THE BIG-IP PLATFORM CAN F5® BIG-IP® Platform

DELIVER THE SERVICES BIG-IP is the industry-leading application delivery and security services platform. With scale from
APPLICATIONS NEED— a few megabits to over a terabit per second throughput, an immense range of functionality, and
ANYWHERE THEY NEED THEM availability in a wide range of compute environments (from ruggedized hardware for telco POPs
to public cloud virtual versions), the BIG-IP platform can deliver the services applications need—
anywhere they need them.

F5 Automation Toolchain
The next step, however, is to integrate the deployment of the platform and services into an
organization’s software deployment methodology. F5 offers the widest range of application
services integrations and choices to provide flexibility across toolsets and support public cloud,
private cloud, and on-premises deployments. To simplify and accelerate deployment, F5 has
re-invented the API interface for the BIG-IP platform.

The F5 Automation Toolchain product family comprises the fundamental automation and
orchestration building blocks that enable you to integrate F5 BIG-IP platforms into common
automation patterns such as CI/CD toolchains.

The F5 Automation Toolchain contains the following key components

• Declarative Onboarding Extension (DO)—Declarative L1-L3 BIG-IP onboarding

• Application Services 3 Extension (AS3)—Declarative L4-L7 BIG-IP application services
• Telemetry Streaming Extension (TS)—Automated BIG-IP telemetry streaming to
analytics systems

These tools offer declarative interfaces for configuring F5 BIG-IP application services platforms,
which deliver the security, optimization, and scaling services your applications need, and can be
integrated with automation and orchestration tools. Keeping configuration in an SCM is simple
because all the tools use a simple JSON declaration stored as plain text for configuration. And
a range of cloud templates can help you integrate with public and private cloud platforms for
bootstrapping the BIG-IP platform.

AUTOMATE DEVOPS/SECOPS DEPLOYMENT WITH CI/CD PIPELINE INTEGRATIONS 5

Key components of the F5 Automation
Toolchain

Super-NetOps Training
While an effective software delivery practice relies on the right tools, the heart of the process is
a culture of collaboration and shared responsibility. F5 BIG-IP and the application services the
platform provides have generally been the domain of network and security operations teams. With
this in mind, F5 also offers free training to help NetOps and SecOps professionals extend their
skillset to encompass DevOps tools, methodologies, and workflows. Our Super-NetOps training
provides transferrable, hands-on experience in creating and delivering F5 application services in an
as-a-service model to DevOps teams.

CONCLUSION
The practices of continuous integration, continuous delivery, and continuous deployment offer the
promise of safer, faster, and more efficient software development. Critical to realizing this promise
is the integration of application delivery and security services into the development and
deployment workflows.

F5 offers the platform, the integration, and the training to insert industry-leading application
protection and optimization services into workflows so that software can be built, tested, and
deployed with the services it needs to be secure, fast, and available.

RESOURCES
• Get all the details about the F5 Automation Toolchain.
• Learn more about using the programmability features of the BIG-IP platform.
• Read a practical guide to automating F5 application services.

©2019 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified
at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed
by F5. DC0419 | GUIDE-CLOUD-316650807 AUTOMATE DEVOPS/SECOPS DEPLOYMENT WITH CI/CD PIPELINE INTEGRATIONS 6