When we prepare for our Featured Member series, I typically send out a questionnaire and the DevCentral member writes out their answers. With the opening question I’ll do a bit of editing and use that for the intro. This month however, airloom’s Kevin Davies did such a great job with the opening, I decided to simply let him tell his story. A long-time DevCentral member and always engaged with the community, Kevin Davies is DevCentral’s Featured Member to close out 2017. Congrats Kevin!
DevCentral: First, please explain to the DevCentral community a little about yourself, what you do and why it’s important.
Kevin: I suppose my interest in technology came from a desire to know how things work. My first job in computers was doing exactly that, building them at a small computer store in Brisbane. I have always been technical, being the pioneer in my family I immediately saw the potential they would bring and how it might shape the world…
I remember a quiet night alone in the office struggling to understand SCO Unix, as I’d come from a MS-DOS background. Yet I persisted, and using the SLIP protocol with static IP addressing, I successfully connected our business to the University, so we could receive email. This was back when Universities were connected globally and world wide web as we know it today, did not exist… yet.
My next role was to join an ISP as a help desk guy. Always in search of more knowledge, I figured the quickest way to get it was to immerse myself. Dealing with 10,000 users you rapidly discover the problems people are faced with as they try to get a handle on these things called modems! It was a great experience, and I attained my CCNA certification there. By the time I left three and a half years later, I was literally running the network.
Then I joined Unisys in a security role, to further expand my knowledge of firewalls and the way they operated. This required a deeper understanding of protocols, there were some very interesting problems you would come across. I lived for those moments and always found troubleshooting something I really enjoyed. During this job I transitioned from a Brisbane country town to Sydney the big city.
After various contracts and the GFC, I ended up at CSC doing more security, this time Checkpoint firewalls. It was here that I worked with my first BIG-IP. A load balancer, I mean what’s there to learn I thought? You send traffic here, you send traffic there… how little did I know. It wasn’t until I joined Red Education doing professional services that I came to understand the true capability of the device. Where I learned iRules provide customers with tremendous flexibility and iApps, API and automation toolsets make these devices scale and deploy in hybrid environments.
Now I work for airloom, the #1 F5 engineering partner in A/NZ, APJ and joint #1 globally providing solutions that no-one else could deliver. My first week at airloom I sat my 401 exams. My second week I was learning a completely new product. The third was sitting down with customers. They have a consistently high level of expertise that is not found elsewhere in Australia. They recruit and maintain the best, to deliver the outcomes customers need. After eight years F5 experience I thought would arrive here at least on par with the guys within the team. I was wrong.
DC: You are a very active contributor in the DevCentral community. What keeps you involved?
KD: I’ve always enjoyed helping others, it’s part of my DNA being a consultant. It is why I have enjoyed being an instructor as well as doing professional services for the last eight years. I’ve found that giving back to the community that has helped me is my way of saying thank you. From an airloom perspective the team is entirely focused on helping customers being successful so giving is what we do day in and day out.
DC:Tell us a little about the areas of BIG-IP expertise you have.
KD: I have enjoyed making the BIG-IP do magic for customers. It really is a powerful integration toolset in the right hands. Everyone needs to get traffic from A to B. With one of these the capability to add world class protection at any layer, multiple layers of authentication or even inspection becomes possible. That’s on top of providing high availability and redundancy for any application. Its level of detail and control is quite astonishing.
I’ve made stateless applications stateful, one protocol talk to another, the list goes on. My favorite has been iRules, I used to have a motto on the wall when I worked in one place for a few months… “iRules for breakfast, how many do you do?” That stateful piece was all written using iRules and saved the business over a million dollars in project costs whilst delivering projects quicker and with less errors.
I have deployed nearly every product, my most recent has been migrating customers from legacy F5 physical appliances into virtualized appliances running vCMP. Instead of just running one BIG-IP they can have eight of them on a mid-range appliance. F5’s zero contention virtualization platform means customers can have the speed and the flexibility to provision BIG-IP’s with N dedicated processing cores.
One of my favorite F5 product modules is APM. The visual policy editor is a brilliant tool for building your own custom security policy and provides incredibly flexibility. The authentication point to end all authentication points… SAML, OAUTH, OTP, AD, Radius, Tacacs, DIY. You can roll your own N factor auth with built-in/external MFA and have all of it layered using SSO. It really is the authentication cornerstone of the products and is a joy to work with.
DC: You are a Distinguished Engineer at airloom. Can you describe your typical workday and how you manage work/life balance?
KD: On Monday’s I prepare for the weekly briefing, check outcomes from the previous week and start planning the day. Then tee myself up a list of things to do, including client meetings and begin preparation for them. These continue till the end of the day. I might be in the office one day, working remotely or both. We have no local infra except for a printer and wireless access points, everything we do is in the cloud. This means we are free to work from any location be it at home, office or customer site.
The role of an airloom Distinguished Engineer is a pretty awesome one, we report to our CTO Adrian (Nobby) Noblett who was the former F5 Solution Architect for APJ. Our role as DE’s is to help our client’s get the most out of their technology investments, however we are also given the creative license to develop new solutions we believe will help our clients. We have several goals to work towards on a regular basis, and they are not just about projects but also coming up with industry leading solutions no one else is across so we stay ahead of the curve and ensure our clients have access to the best solutions ahead of the entire market.
DC: You have a number of F5 Certifications including Technology Specialist (LTM) certifications. Why are these important to you and how have they helped with your career?
KD: I am certified in LTM, GTM, ASM, APM. I also just recently attained the Security Solutions Expert. F5 certifications are serious business. They provide assessment and recognition of technical skillset. This is valuable to airloom & valuable to my career and on top of my experience shows that someone is serious about maintaining their knowledge level on a product. I appreciate F5 are diligent about detecting and eradicating shortcuts as this maintains the value of the certification. The blueprints and study guide provided with each exam are highly relevant and far more than many other vendors provide to help professionals prepare themselves. From an airloom perspective it is a requirement that all DE’s are 401 level certified to hold the DE title at airloom, and we actually have the equal most number of 401’s in the world in our team!
DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.
KD: There have been many. The biggest was an iRule solution that a customer refused to implement as a black box solution! The data flow was deemed mission critical so they required on going monitoring. This meant writing another iRule to collect statistics. Then another to display them. The solution itself used about 100 subtables, the statistics around 1000 as it tracked not only the success or failure but all possible execution outcomes, effectively profiling the solution behavior per transaction.
This was then output not only as a html web page showing the effectiveness of the solution, but also available in XML format to be polled by a 3rd party monitoring platform. Their monitoring dashboard had graphs for each transaction type showing its effectiveness over time. It seemed overkill at the time however over three weeks the effectiveness of the solution gradually tapered off from 98% to 0% and by that time we were furiously troubleshooting with F5 support.
It turned out about 1 in 200,000 calls to a certain command would return an undocumented outcome. Once known the code was updated, the problem now was the BIG-IP contained hundreds of invalid table entries that never expire. Failing over was not a solution because the HA device maintained an identical copy through session table mirroring. The most effective solution involved a fourth and final iRule to iterate through every permutation and remove the invalid table entries.
DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?
KD: I think a tour guide. I love talking to people and seeing new things. I could probably travel for ten years and only see half what the world has to offer. Human beings are quite creative people and cultural differences produce an amazing diversity of ideas around the globe.
This is a Security Bloggers Network syndicated blog post authored by psilva. Read the original post at: psilva's prophecies