Keeping your F5 Big-IP (load balancer – LTM, GTM, ASM, AFM) device installations up to date is a critical priority for business owners and operators to optimize the security, performance, and total cost of ownership of your F5 devices. The Golden Configuration Compliance on F5 BIG-IP workflow is used to run a compliance check across all the managed F5 BIG-IP devices. Using it, the F5 device configurations are checked against the pre-loaded golden configurations.
The need for having configuration compliance for your F5 devices network
Having a configuration compliance assists F5 network engineers with the following. It helps them to –
- Simplify management of complex network infrastructures
- Standardize the growing business processes
- Have a consistent policy enforcement across the network
- Meet internal and external regulatory compliance
- Be ready for network audits
What is a “Golden Configuration” and how does it work in ADC+ ?
A golden configuration is a configuration version that can be used as a standard configuration for error free and rapid deployment.
Whenever the devices are added to the ADC+ inventory, it parses all the information and stores it in its configuration database. The golden configurations are loaded in collections – a user exposed database and the users have the flexibility to modify this database.
When the Golden configuration workflow starts, the configurations in the configuration database are fetched and checked against the golden configuration. Each and every object of the target configuration is mapped against the golden configuration. After the comparison is done a report is generated automatically which can be auto sent to email addresses of intended recipients.
If the configuration in the target device matches with the golden configuration the workflow stops there but in case certain objects are non-compliant the new configuration for the device is generated which is sent for a change approval process to the user.
On user’s approval it will go through a pre-validation and then the change implementation happens. The approved configuration is then pushed to the devices to make them compliant. Also, once the configurations are pushed a post validation check is done to make sure all the configurations are working successfully.
Automate F5 Golden Configuration with ADC+
Advantages of using Golden Configuration workflow through ADC+
- Application flexibility
ADC+ golden configuration workflow can be applied to one or multiple devices simultaneously. It can also work on different devices (F5, NGINX, AVI etc.), or a group of devices. In fact, different golden configurations can be applied to different groups of devices. This saves a lot of time vis a vis manual operations and also increases the accuracy and reliability of the operation.
- Configuration Changes made easy
ADC+ lets you choose the configuration that you want to apply to a particular set of devices through collections. Modifying those configurations is also easy, where you just have to make changes to the parameter values in the predefined configuration excel template and upload it back to golden configuration collections.
- Workflow Auto-Scheduling
NetOps teams can schedule the golden configuration workflow to run at periodic intervals and thus automate process monitoring and also ensure that the process compliance is maintained.
- GUI-based workflow modifications
ADC+ comes with a workflow design studio that can model any NetOps process in a visual way. You can modify the golden configuration workflow and add new subflows like an ITSM tool integration for raising a support ticket or any other pre-packaged workflow. ADC+ comes with scores of configurable workflows that can be linked to each other by just a simple drag and drop. Design studio can also be used to set up alerts and notifications at any step of the workflow.
Operations Visibility
ADC+ gives you real-time visibility of the golden configuration workflow in action. You can do a pre-validation of the configurations that are to be applied and the targeted devices these are being applied to. In fact, configurations and logs of the operation can be seen at any stage of the workflow application. This kind of visibility makes it easy for NetOps teams to troubleshoot in case any step goes wrong.
- Compliance Reporting
One of the key uses of ADC+ Golden Configuration workflow is to check the devices for compliance. Post the workflow has run, it automatically emails a compliance report to NetOps specifying the current state of the device, whether it is compliant or not. The report shows values for different object parameters and also highlights those parameters that don’t match the golden configuration object values.
- Works in hybrid environments
The golden configuration works on F5 devices spread across private and public clouds. The only prerequisite is that the configuration of the target device should be added in the device inventory and it should be in a managed state. As long as the device is reachable the configuration compliance can be enforced. ADC+ is a virtual instant that can be installed as a single or multi node. Moreover, when managing devices in a multi cloud environment it is advisable that the nodes be kept nearer to the devices to reduce latency.
Automate F5 Golden Configuration with ADC+
Learn how golden configurations can be applied through ADC+ in 4 simple steps and how a large organization reduced the time taken for compliance checks by upto 95% by downloading the infographic.