Weitere ähnliche Inhalte Ähnlich wie Modern App Architecture - Microservices, API Friendly (20) Mehr von DevOps Indonesia (20) Kürzlich hochgeladen (20) Modern App Architecture - Microservices, API Friendly5. | ©2019 F5 NETWORKS5 CONFIDENTIAL
Modern App Architecture:
Microservices, API Friendly
Andre Iswanto
6. | ©2019 F5 NETWORKS6 CONFIDENTIAL
Three outcomes
enterprises
expect from digital
transformation
Customer
experience
Business
agility
Digital
ROI
8. | ©2019 F5 NETWORKS8
The Application Landscape Is Transforming
1 F5 State of Application Services Report 2018 2 IDC FutureScape 2019 3 Cisco Global Cloud Index: 2016-2021
Cloud is now DevOps is rising Technology is changing
65%
Organizations expanding
DevOps methods into larger
business by 20212
87%
Customers adopting multi-
cloud strategies and
approaches1
85%
New app workload instances
that are container-based—
95% by 20213
11. | ©2019 F511
D.T. challenges
ORGANIZATIONS MUST RETHINK SECURITY
Applications
Processes and skills
Technology stacks and tools
Security
How do you deploy and manage a
global application security policy?
SOURCE: F5 STATE OF APPLICATION SERVICES 2019 REPORT
Applications and identities
were the initial targets in
86% of breaches.
86%
12. | ©2019 F512
APPLICATION ATTACKS
L7 DoS
API attacks
SQL/PHP Injection
Client-side attacks
APP INFRASTRUCTURE ATTACKS
DDoS
Encrypted threats
Man-in-the-middle
DNS spoofing
SOPHISTICATED ATTACKS
APT
Multi-cloud threats
Malicious bots
Threat campaigns
and malware
ACCESS LEVEL ATTACKS
Session hijacking
Credential theft
Brute force
Phishing
Application threats
13. | ©2019 F513
OWASP API Security
1. HTTPS
2. Access Control
3. JWT
4. API Keys
5. Restrict HTTP Methods
6. Input Validation
7. Validate Content Type
8. Management endpoints
9. Error handling
10. Audit logs
11. Security headers
12. Cross-Origin Resource Sharing (CORS)
13. Sensitive information in HTTP requests
14. HTTP Return Code
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/REST_Security_Cheat_Sheet.md
14. Confidential /
Sophisticated Attack on Client Side
Magecart-style Attacks Steal PCI and PII
Malicious or
compromised
JavaScript on the
webpage
(Event Listeners)
The JS instructs
the browser to
make outbound
XHR calls to
exfiltrate
sensitive data
SE 14
16. | ©2019 F516
F5 Application Security framework
INTELLIGENT SECURITY
THREAT SERVICES
Risk-based analytics and security
stop today's sophisticated attacks.
APPLICATION
INFRASTRUCTURE SECURITY
Security infused into business and
application development practices
TRUSTED
APPLICATION ACCESS
Modern authentication with
every app and service
APPLICATION
LAYER SECURITY
Common security policies
across all multi-cloud apps
18. | ©2019 F518
BENEFITS
• Create and publish multiple APIs, definitions, and configs
quickly and easily
• Protect apps from DDoS and other attacks while
ensuring performance with proactive security features
• Get deep visibility into app and API health with per-
instance performance monitoring and proactive alerting
• Deploy your way in the environment of your choice and
leverage your existing technology investments
API Management
REDUCED COMPLEXITY, INCREASED PERFORMANCE
| ©2019 F518
DEFINITION
AND PUBLICATION
SECURITY
TRAFFIC
MGMT.
(API GW)
ONGOING MONITORING
AND MAINTENANCE
ANALYTICS TO
ASSESS API
VALUE
ONBOARDING
(DEV PORTAL)
API MANAGEMENT
19. Billing Service
Edge API Gateway
Billing Service
Billing Service
Other API
/api/other/topup
/api/other/user
Payment API
/api/payment/inquiry
/api/payment/payment
Paylater API
/api/paylater/payment
/api/paylater/settlement
Payment Service
Payment Service
Payment Service
Service
registry
Service
registry
API Security
API
API
Protection
Authentication
• TLS Termination
• API OWASP
• Bot protection
• DDoS protection
• Authentication & Authorization
with Oauth 2.0
Attackers
Legitimate
users
{“filter”:”|cat
/etc/password“,”order”:”
asc”,”limit”:50}
{“filter”:”user=marcel“,
”order”:”asc”,”limit”:5
0}
API Security & Management
21. | ©2019 F521
The Application Factory
THE GROWTH ENGINE OF THE APPLICATION ECONOMY
| ©2019 F521
22. | ©2019 F5 NETWORKS22
http://www.itsmacademy.com/content/webinar/SRE%20-%20An%20Enterprise%20Adoption%20Story.pdf
23. | ©2020 F523 CONFIDENTIAL
SRE’s 5 Pillars of Success
https://en.wikipedia.org/wiki/Site_Reliability_Engineering
24. | ©2019 F5 NETWORKS24
Code to Customer
Device
fingerprint
User
identity &
behavior
Future
services
CustomerCode
API
gateway
CDNIngress
Controller
App / web
server
Load
balancer
DNSApp
Security
DDoSFuture
services
Containers
Purpose-built
hardware
Public
cloud
Virtual
machines
Software
as a Service
Commodity
hardware
ANY INFRASTRUCTURE
Mobile POSLaptop IoT
ANY DEVICE
PLATFORM CONTROL PLANES
BIG-IP NGINX FUTURE
VISIBILTY,
INSIGHTS &
ORCHESTRATION
TELEMETRY TELEMETRY
26. | ©2019 F526
F5 Automation Toolchain
CLOUD
TEMPLATES
DECLARATIVE
ONBOARDING
EXTENSION
APP SERVICES 3
EXTENSION
TELEMETRY
STREAMING
EXTENSION
Start BIG-IP
instances in public
and private clouds
Initial configuration of
BIG-IP instances
Deploy classic and
advanced application
services on BIG-IP
using declarative
REST APIs
Stream telemetry,
events, and logs from
BIG-IP to various
analytics and logging
solutions
L4-L7L1-L3
BOOTSTRAP ONBOARD DEPLOY APP SERVICES MONITORING/TELEMETRY
30. CI/CD (Continuous Integration Continuous Delivery)
Commit
Changes
Build
Image
Deploy
Development
Deploy Application Service
Platform (F5 & NGINX)
Apps Vulnerabilities
Scan
Penetration
Testing
Generate
Reports
Approval
Workflow
Deploy
Production
AS3
Big Data
Logging, Application Performance Monitoring & Analytics
TS TS
HTTPS
HTTPS
HTTPS
DC1
DC2
Controller &
Dashboard
AS3
32. | ©2019 F5 NETWORKS32
DevOpsDays Jakarta 2020
Venue Sponsor
33. | ©2019 F5 NETWORKS33
DevOpsDays Jakarta 2020
Platinum Sponsors
34. | ©2019 F5 NETWORKS34
DevOpsDays Jakarta 2020
Gold Sponsors
35. | ©2019 F5 NETWORKS35
DevOpsDays Jakarta 2020
Silver Sponsors
36. | ©2019 F5 NETWORKS36
DevOpsDays Jakarta 2020
University Partners
37. | ©2019 F5 NETWORKS37
DevOpsDays Jakarta 2020
Community Partners
38. | ©2019 F5 NETWORKS38
DevOpsDays Jakarta 2020
Media Partners
39. | ©2019 F5 NETWORKS39
Stay Connected
@IDDevOps @IDDevOps @IDDevOps
DevOps Indonesia
DevOps Indonesia DevOps Indonesia
40. | ©2019 F5 NETWORKS40
THANK YOU !
Alone We are smart, together We are brilliant