Dear Cisco, Stop the Lame “Meme” Marketing - It Sucks…..Badly
October 28, 2008 by Greg Ferro · 1 Comment
Dear Cisco, Have you suddenly hired too many marketing people ?
Read more
Rant: SecureCRT - Too Expensive - Alternatives Putty, Tera Term ?
October 24, 2008 by Greg Ferro · 19 Comments
SecureCRT is a common choice for SSH Client for MS Windows. I want to buy SecureCRT but its too expensive. Way too expensive. Or is it just me ? Read more
Rant: Certguard in Computerworld - Go and Register Your Disgust
September 5, 2008 by Greg Ferro · 8 Comments
Certguard have been mentioned in a Computerworld article about exam cheats. Please go and leave a comment to show how disgusting that Certguard, who falsely accuse people of cheating, have been used for comment.
Rant:Managing Is Easy Compared to Technical Life
September 4, 2008 by Greg Ferro · 9 Comments
Not everyone will be a good manager, but very few people will ever be a good, I mean _really_ good, technician or engineer. You should be willing to pay for that.
Rant:New Logos ? Tasteless Rubbish
August 26, 2008 by Greg Ferro · 6 Comments
When I first heard about the logos, I thought, fair enough. Now I have had a closer look, and taken a few days to think about it - they are rubbish. Read more
Rant: I Loathe Voicemail, Its Disruptive and Inefficient
August 13, 2008 by Greg Ferro · 2 Comments
Its hard to describe how disruptive voice mail can be to an organised engineering day. The idea that someone can leave a message which requires me to undertake a further action (usually without confirmation) is anathema to being organised and getting things done. Read more
Rant: F5 LTM and GTM Doesn’t Do External AAA Authorization
February 27, 2008 by Greg Ferro · 3 Comments
F5 BigIP LTM and GTM does not have any user authorisation capability for administration by Radius or TACACS. Can you believe that?
They have been producing F5 BigIP software for more than a decade and I cannot believe that customers have not been asking to provide external user authorisation. To compare, I have just been configuring APC Switched Rack Power Distribution bars, and they have Radius authorisation. How can a product costing tens of thousands not support this feature when a product worth a few hundred can ?
Service Oriented !
My data centres are now being driven to Service Oriented Networking, and without AAA servers I cannot control security policy to my F5 devices. If I had only one or two of these, this might be OK, but the business needs are that I MUST have multiple units (and F5 BigIP does not support hypervirtualization or even paravirtualization, just a simple resource partition )
Authentication
The F5 does support authentication, however this means that you must still create the user account on the F5 and configure all the necessary group privileges for the user. Not a brilliant idea when you have around fifty operators in a 24/7 NOC and the staff turnover is high.
Conclusion
F5 seems to be concentrating on nifty features for Microsoft sys admins (Powershell, iControl) , but missing out on fundamentals for networking. I hope someone is listening: external device authentication and authorisation is a mandatory requirement in modern networking, and the current method in BigIP is not good enough. I have talked about comparing the F5 and ACE here, minus 5 points to F5. for this.
