Class 1: [Day-0] CE - Fundamental ================================= Objective: ---------- Introduction to F5 Distributed Cloud (F5XC) and Customer Edge (CE) .. NOTE:: No explicit action require for this class. Ensure you read and understand F5 Distributed Cloud and the construct of CE. What is F5 Distribured Cloud Services ------------------------------------- F5 Distributed Cloud Services are SaaS-based security, networking, and application management services that enable customers to deploy, secure, and operate their applications in a cloud-native environment wherever needed – data center, multi-cloud, or the network or enterprise edge. Video below will explain who is F5 and how F5 Distributed Cloud Services fits into F5 Vision - **"Secure, deliver and optimize every app and API, anywhere"** .. raw:: html F5XC components and terminology ------------------------------- Here are the high level description of each components involve in the class. Please refer to F5 official documentation for details. .. image:: ./_static/class1-1.png RE - Regional Edge ~~~~~~~~~~~~~~~~~~ Regional Edges (RE) in F5 Distributed Cloud Global Infrastructure - F5 Distributed Cloud points of presence with their own highly meshed backbone are used to provide customer services (eg. Mesh or App Stack). These points of presence are also used to connect multiple customer Sites to each other. These REs can also be used to expose customer services to the public internet. These RE sites can also be used to run customer applications so that they are closer to end consumers on public Internet or their distributed application locations. CE - Customer Edge ~~~~~~~~~~~~~~~~~~ A cluster of nodes locates at the edge of a site and either run customer workloads or acts as a gateway to interconnect site-local resources to the F5 Distributed Cloud global network. Distributed Cloud Mesh / Mesh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ F5® Distributed Cloud Mesh is used to connect, secure, control and observe applications deployed within a single cloud location or applications distributed across multiple clouds and edge sites. Its unique proxy-based and zero-trust architecture significantly improves security as it provides application access without providing any network connectivity across clusters and sites. In addition, using our global network backbone, we are able to deliver deterministic, reliable, and secure connectivity across multi-cloud, edge, and to/from the Internet. vK8S - Virtual Kubernetes ~~~~~~~~~~~~~~~~~~~~~~~~~ F5 Distributed Cloud Services support a Kubernetes compatible API for centralized orchestration of applications across a fleet of sites (customer sites or F5 Distributed Cloud Regional Edge). This API is “Kubernetes compatible” because not all Kubernetes APIs or resources are supported. However, for the API(s) that are supported, it is hundred percent compatible. We have implemented a distributed control plane within our global infrastructure to manage scheduling and scaling of applications across multiple (tens to hundreds of thousands of) sites, where each site in itself is also a managed physical K8s cluster. mK8s - Managed Kubernetes / pk8s - physical Kubernetes / AppStack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ F5® Distributed Cloud App Stack is a SaaS-based offering to deploy, secure, and operate a fleet of applications across the distributed infrastructure in multi-cloud or edge. It can scale to a large number of clusters and locations with centralized orchestration, observability, and operations to reduce the complexity of managing a fleet of distributed clusters. Sites ~~~~~ This could be a customer location like AWS, Azure, private cloud, or an edge site. In order to run F5 Distributed Cloud Services (eg. F5® Distributed Cloud Mesh or F5® Distributed Cloud App Stack), the site needs to be deployed with one or more instances of F5 Distributed Cloud Node, a software appliance that is managed from Console. This site is where customer applications and F5 Distributed Cloud services are running. Theoretically, there could be more than one site in a customer location and these sites may optionally connect to each other directly using site-to-site tunnels. These customer sites automatically connect to our global network by setting up redundant IPSEC or SSL tunnels to the Regional Edge sites. Overall Lab Architecture ------------------------ .. image:: ./_static/class1-2.png Governance and Automation : Day0, Day1 and Day-2 ------------------------------------------------ This class/lab workflow follow the Application Delivery Framework with the emphasis of governance, control and automation. The entire app delivery lifecycle followed the lifecycle from Day0, Day1 and Day2. .. image:: ./_static/class1-0.png For the purpose of this class, here are the high level task of each day. +----------+--------------------------------------------------------------------------------------+ | | Tasks | +==========+======================================================================================+ | Day-0 | Infrastructure Provisioning - Enroll and onboard CE or Cluster of CE nodes onto F5XC | +----------+--------------------------------------------------------------------------------------+ | Day-1 | Setup and continuous delivery of Web Application and API protection (WAAP) on CE | +----------+--------------------------------------------------------------------------------------+ | Day-2 | Operation and Governance - Monitor and Operate CE (Syslog and Alert) | +----------+--------------------------------------------------------------------------------------+ UDF Lab Environment ------------------- Getting ready to F5XC SaaS Console ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following will guide you through the initial Lab environment access within the F5 Distributed Cloud Console. You should have received an email with an invitation to access a F5 Distributed Cloud Tenant or **your instructor provided you with a username and password to logon to console**. If its email, the email will come from **no-reply@volterramails.io**. Make sure you check your spam folder if you didn't receive it. The name of the F5 Distributed Cloud tenant that we will be using in this class document is **apaclab**. You may be using a different tenant. Update appropriately based on your tenant name. Additionally, the following are important elements of this lab and will be used throughout the lab that follow. * F5 Distributed Cloud Console: **https://apaclab.console.ves.volterra.io/** .. NOTE:: Depends on whether this is the first time logon or return login. You may not need to perform the following actions. If you been **given a username and password to login**, likely it is a return login. Hence, you may not require to perform the folloing tasks. After following the invitation email's to **Update Password**, proceed to the first step below. +----------------------------------------------------------------------------------------------+ | 1. Please log into F5 Distributed Cloud Lab Tenant with your user ID (email) and password. | | | | **https://apaclab.console.ves.volterra.io/** | | | | 2. When you first login, accept the Lab tenant EULA. Click the check box and the click | | | | **Accept and Agree**. | | | | 3. Select all persona roles and click **Next** to see all the various configuration options. | | | | Personas can be changed anytime if desired. | | | | 4. Click **Advanced** to expose more menu options and the **Get Started** to begin. You can | | | | change this setting after logging in as well. | | | | 5. Several **Guidance ToolTips** will appear, you can safely close these out. | +----------------------------------------------------------------------------------------------+ | .. image:: ./_static/class1-3.png | | | | .. image:: ./_static/class1-4.png | | | | .. image:: ./_static/class1-5.png | | | | .. image:: ./_static/class1-6.png | +----------------------------------------------------------------------------------------------+ +----------------------------------------------------------------------------------------------+ | 6. You can adjust your work domains and skill level (not required) by clicking on the | | | | **Account** icon in the top right of the screen and then clicking on **Account Settings**.| | | | 7. In the resulting window you can observe the **Work domains and skill level** section and | | | | other administrative functions. | | | | .. note:: | | For the purposes of this Customer Edge lab, administrative permissions are given. | | | +----------------------------------------------------------------------------------------------+ | .. image:: ./_static/class1-7.png | | | | .. image:: ./_static/class1-8.png | +----------------------------------------------------------------------------------------------+ +----------------------------------------------------------------------------------------------+ | 8. Namespaces, which provide an environment for isolating configured applications or | | | | enforcing role-based access controls, are leveraged within the F5 Distributed Cloud | | | | Console. For the purposes of this lab, each lab attendee has been provided a unique | | | | **namespace** which **you may need to switch to for all lab** performed through the class | | | | 9. Click on the **Select Service** in the left-hand navigation. In the resulting fly out | | | | navigation, click **Load Balancers**. | | | +----------------------------------------------------------------------------------------------+ | .. image:: ./_static/class1-9.png | | | | .. image:: ./_static/class1-10.png | +----------------------------------------------------------------------------------------------+ +----------------------------------------------------------------------------------------------+ | **Beginning of Lab:** You are now ready to begin the lab, Enjoy! Ask questions as needed. | +----------------------------------------------------------------------------------------------+ Understading of Lab Setup ------------------------- Ensure you understand the setup of the lab. You may need to refer to this diagram for future lab. .. image:: ./_static/class1-11.png .. toctree:: :maxdepth: 1 :glob: