F5 APPLICATION DELIVERY
SERVICES IN THE GOOGLE
CLOUD
Public cloud vendors oer enterprises increased scalability and flexibility,
alongwith a reduction in infrastructure and operational costs. As a result, 89
percent of companies are housing part of their application portfolio in the public
cloud.
1
Whether located in the public cloud, private cloud, or an on-premises data
center, applications require specific services to ensure their security, availability, and
performance. F5® BIG-IP® virtual editions (VEs) provide all of these benefits. Now
fully integrated into the Google Cloud Engine, BIG-IP VEs extend F5’s application
delivery capabilities beyond that of the traditional data center perimeter.
OVERVIEW
F5 APPLICATION DELIVERY SERVICES IN THE GOOGLE CLOUD
2
CHALLENGE
Infinite scalability, unmatched flexibility, and reduced overheads make computing in the public cloud
seem like the perfect IT solution. However, many enterprises making the shift to the cloud do so
amidst concerns that their applications’ security and performance may be diminished, or that they’ll
fall victim to vendor lock-in and incur large re-architecting costs. This is a common fear, with a recent
study finding that 78 percent of IT decision makers worry about the portability of their workloads in
the cloud.
2
Increased network segregation and inconsistent application services across hybrid cloud
architectures are also placing additional strain on IT departments while generating new security
vulnerabilities for attackers to take advantage of. But it doesn’t need to be this way.
SOLUTION
Following continued adoption of the Google Cloud among enterprises, F5 has made BIG-IP virtual
editions available in the Google Cloud Launcher, which deploys VEs directly into a virtual cloud
environment. Because VEs are built on the same base code as BIG-IP hardware, they can oer
complete feature parity with their physical counterparts. This allows you to take advantage of the
scalability and flexibility of the public cloud without jeopardizing application performance and security.
Whether you decide to run your applications entirely in the Google Cloud or across a hybrid cloud
architecture, F5 will protect your applications and data. F5’s application services can also be quickly
and easily replicated across data centers and all leading cloud environments—reducing
re-architecting time and costs, should you ever need to relocate your application workloads.
EMPLOY ENTERPRISE-CLASS SECURITY FOR GOOGLE CLOUD APPLICATIONS
Public cloud security can be broken down into two distinct categories: security of the cloud and
security in the cloud. The first relates to the security of the underpinning infrastructure including
compute resources, databases, and networking, which is the sole responsibility of the cloud
provider. On the other hand, security in the cloud implies the security of any applications and
theirsupporting data, which is ultimately the responsibility of the application owner.
Running BIG-IP VEs in your Google Cloud environment and taking advantage of F5’s advanced
L4–7 security services is the easiest and most eective way of ensuring your applications and
network are continuously protected. At the network level, BIG-IP® Advanced Firewall Manager™
Virtual Edition (AFM VE) defends against large volumetric based DDoS attacks. At the application
level, BIG-IP® Application Security Manager™ Virtual Edition (ASM VE) mitigates against common
application vulnerabilities and L7 DDoS attacks, while providing protection against all OWASP top
10 threats. Should you already have BIG-IP security modules elsewhere within your hybrid-cloud
infrastructure, it’s simple to replicate the custom security policies you currently employ onto BIG-IP
VEs in the Google Cloud—ensuring consistent security across your architecture.
KEY BENEFITS
Cut costs by scaling in the cloud,
not on premises
Protect customer data anywhere
within a hybrid cloud architecture
Easily move workloads between
Google Cloud and data centers
Maintain high availability of web
applications
Keep sensitive data on premises
Increase agility of deployment
through automation
Simplify architecture with a single
set of programmable, consistent
app services
Provide advanced app services
for apps running in GKE and GKE
On-Prem
F5 APPLICATION DELIVERY SERVICES IN THE GOOGLE CLOUD
3
BIG-IP
ASM
VE
BIG-IP
ASM
VE
BIG-IP
AFM
VE
BIG-IP
LTM
VE
BIG-IP
LTM
VE
BIG-IP
ASM
VE
BIG-IP
LTM
VE
BIG-IP
APM
VE
BIG-IP
DNS
VE
BIG-IP
LTM
VE
us-west1-a us-west1-b
Database Web Apps
Active
Directory
Web Apps Web Apps
ON-PREMISES DATA CENTER
GOOGLE CLOUD PLATFORM
GOOGLE CLOUD PLATFORM—WESTERN U.S.
GOOGLE CLOUD PLATFORM—WESTERN EUROPE
CORPORATE SUBNET
Google Cloud
Interconnect
On-Premises
Net
BIG-IP
ASM
VE
BIG-IP
LTM
VE
BIG-IP
ASM
VE
BIG-IP
LTM
VE
europe-west1-a europe-west1-b
Web Apps Web Apps
Figure 1: F5 offers consistent enterprise-class application services to applications located anywhere within
hybrid-cloud architectures.
INCREASE FLEXIBILITY AND SCALABILITY WITH CLOUD BURSTING
The promise of limitless scalability causes many to move applications entirely to the public cloud,
butfor those who are still wary of the cloud, this scalability be exploited in another way: cloud
bursting. This deployment model allows an application to run primarily within a data center or private
cloud, and suddenly burst into the public cloud when the demand for computational resources
spikes. Designing a federated cloud in this way has many benefits from an economic standpoint,
anddeploying BIG-IP VEs into this arrangement enables fast, seamless, geolocation-based
redirection of application users over secure SSL VPN connections. The user experience remains
unaected regardless of whether your application islocated on premises or in the Google Cloud.
IMPROVE PERFORMANCE AND AVAILABILITY WITH GLOBAL TRAFFIC MANAGEMENT
The ability to replicate applications throughout multiple geographical regions across the Google
Cloud empowers application owners to improve redundancy. It also reduces the physical distance
between an endpoint device and an application server, thus providing lower-latency access to
device users. Implementing BIG-IP® DNS Virtual Edition in your cloud network enables you to go
one step further, by using global server load balancing to make informed routing decisions based
on either the physical proximity of a server, or the real-time performance and health of a server.
Thisensures an optimized user application experience, regardless of the user’s location.
KEY FEATURES
Consistent application services
across Google Cloud and
on-premises data center
Web application security and
L4–7 DDoS protection
Secure, policy-driven single
sign-on (SSO) and federated
access
High availability of both Google
cloud-based and on-premises
applications
SSL ooading and stateful L4–7
trac management
Automation and programmability
tools
F5 APPLICATION DELIVERY SERVICES IN THE GOOGLE CLOUD
4
PROVIDE FEDERATED ACCESS TO YOUR GOOGLE CLOUD NETWORK
ANDAPPLICATIONS
Installing BIG-IP VEs into your hybrid cloud environment solves the problem of federating access,
network, and application resources across your data center and Google Cloud environments.
BIG-IP® Access Policy Manager® Virtual Edition (APM VE) uses Security Assertion Markup Language
(SAML) to enable web browser SSO, multi-factor authentication, geolocation restricted access,
anddevice inspection. SAML also eliminates the need to manage independent user accounts
across Software-as-a-Service (SaaS) providers.
OPTIMIZE AND SECURE GKE AND GKE ON-PREM CONTAINERS
Applications are being deployed in container environments more often to facilitate the
development of microservices and other modern application architectures. You can use F5
Container Ingress Services (CIS) in conjunction with BIG-IP Virtual Edition to provide north-south
ingress control, robust security, and performance optimization for containerized apps in GKE and
GKE On-Prem. CIS integrates natively with Kubernetes to automate app services insertion for
containers as they are created, so you can seamlessly move and scale your containers across
ahybrid architecture with consistent, advanced L4–7 app services. CIS is free, open-source,
andavailable on Docker Hub and GitHub.
BOOST DEPLOYMENT AGILITY IN THE GOOGLE CLOUD WITH AUTOMATION TOOLS
Deploying applications in the cloud should always be a fast, eortless process. However, this
is only achievable if the supporting application services can be fabricated in a similar fashion.
With F5-generated Google Deployment templates, the latest versions of BIG-IP VEs can be up
and running in your Google network in a matter of minutes. Using these templates, located in
F5’s GitHub repository, everything from the deployment of essential cloud resources to the
configuration of the BIG-IP VE is performed autonomously in just a few clicks.
Alternatively, F5 iApps® Templates can rapidly configure BIG-IP VEs to best suit the requirements
of a specific application—based on a few simple checkbox inputs provided by the user. These
can then be re-used to configure any BIG-IP device to replicate the configuration settings across
a hybrid-cloud architecture. In this way, iApps Templates reduce IT time consumption and ensure
policy consistency across your deployments.
©2019 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com.
Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or aliation, express or implied, claimed by F5.
DC0519 | JOB-CODE-343886356
IMPROVE EFFICIENCY OF GOOGLE CLOUD APPS WITH ADVANCED
PROGRAMMABILITY
F5 iControl® is an open web- based API that provides complete dynamic control of F5 configuration
objects. You’ll have the power and flexibility to ensure that applications and their underpinning
network—whether in the Google Cloud or in a data center—work together eciently to simplify
management of complex architectures. In addition, you can use the F5 iRules® scripting language
to provide complete programmatic access to trac flowing between hybrid-cloud applications.
iRules allows you to inspect, analyze, and redirect trac entirely based on your custom ruleset.
ENJOY FLEXIBLE LICENSING AND CONSUMPTION MODELS
To better align with public cloud-based usage models, BIG-IP VE oers four dierent options that
give you the flexibility to meet operational needs.
Google’s Pay-As-You-Go (PAYG) is available for those looking to leverage F5 application
delivery controller (ADC) services on a per-hour basis; this option is perfect for dev/test or
short-term projects.
F5’s subscription licensing lets you purchase 1-, 2-, or 3-year BIG-IP VE license subscriptions
that can be deployed in any supported environment. You can self-license additional BIG-IP
VE licenses as needed with fees co-termed to a subscription contract period.
F5’s Enterprise Licensing Agreement (ELA) provides you with the architectural flexibility to
deploy however many VE’s you want, wherever you want, and whenever you want with no
retroactive penalties that can wreak havoc on budgets.
F5’s bring-your-own-license (BYOL) option is a perpetual license that lets you amortize
acquisition costs over a longer period of time.
CONCLUSION
The process of migrating to, or developing in the Google Cloud can be greatly simplified and
accelerated with F5’s application delivery services—dramatically increasing security, performance,
and availability of applications. F5 provides a single application services tier for use across hybrid
cloud architectures, eliminating the need for multiple disparate solutions and the resulting IT strain.
This deployment approach enables enterprises to seamlessly and confidently extend private data
centers into the cloud.
1
rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2016-state-cloud-survey
2
logicworks.com/blog/2016/08/vendor-lock-in-is-big-roadblock-to-cloud-success-survey-finds
FOR MORE INFORMATION ON HOW
F5 AND THE GOOGLE CLOUD CAN
HELP YOUR BUSINESS, PLEASE
VISIT THESE RESOURCES ON
THE WEB.
F5 in Google Cloud Marketplace
Google Technology Alliance
F5 Public Cloud