Network Dictionary - Application Delivery Controller
August 21, 2008 by Greg Ferro · 4 Comments
Application Delivery Controller (ADC) - Historically known as a “load balancer”, until someone put a shiny chrome exhaust and new buttons on it and so it needed a new marketing name.
However, the Web Application Firewall and Application Acceleration / Optimisation that are in most ADC are not really load balancing so maybe its alright.
Feel free to call it a load balancer when the sales rep is on the ground, guaranteed to upset them.
Rant: F5 LTM and GTM Doesn’t Do External AAA Authorization
February 27, 2008 by Greg Ferro · 3 Comments
F5 BigIP LTM and GTM does not have any user authorisation capability for administration by Radius or TACACS. Can you believe that?
They have been producing F5 BigIP software for more than a decade and I cannot believe that customers have not been asking to provide external user authorisation. To compare, I have just been configuring APC Switched Rack Power Distribution bars, and they have Radius authorisation. How can a product costing tens of thousands not support this feature when a product worth a few hundred can ?
Service Oriented !
My data centres are now being driven to Service Oriented Networking, and without AAA servers I cannot control security policy to my F5 devices. If I had only one or two of these, this might be OK, but the business needs are that I MUST have multiple units (and F5 BigIP does not support hypervirtualization or even paravirtualization, just a simple resource partition )
Authentication
The F5 does support authentication, however this means that you must still create the user account on the F5 and configure all the necessary group privileges for the user. Not a brilliant idea when you have around fifty operators in a 24/7 NOC and the staff turnover is high.
Conclusion
F5 seems to be concentrating on nifty features for Microsoft sys admins (Powershell, iControl) , but missing out on fundamentals for networking. I hope someone is listening: external device authentication and authorisation is a mandatory requirement in modern networking, and the current method in BigIP is not good enough. I have talked about comparing the F5 and ACE here, minus 5 points to F5. for this.
Cisco Application Control Engine (ACE) - Introduction and Comparison With F5
January 25, 2008 by Greg Ferro · 9 Comments
My new interest of the moment is the Cisco Application Control Engine or ACE module. I have just received a pair of them and planning on starting the configuration in the next couple of days. So perhaps some discussion on the ACE is in order, and why I am considering using both F5 LTM AND the Cisco ACE in this network.
Read more
