Today, let’s take a look at Application Connector. Application Connector connects public clouds to your application service infrastructure within cloud interconnects or data centers. This enables the use of public cloud resources as part of your compute infrastructure while also performing workload discovery and deploying consistent app services across your multi-cloud environments.
The idea behind Application Connector is to have your applications in the cloud but have them considered local to BIG-IP so they don’t have any internet access. BIG-IP gets traffic from the nodes via secure web sockets connection. You can use Application Connector across multiple clouds and you can keep the same virtual server address that you use now. If you’ve been hesitant about moving your applications to the cloud due to worries about security, this is a way to move to the cloud while still using your BIG-IP.
This diagram shows a basic Application Connector set up. You can see it is made up of two components – the Service Center which runs on BIG-IP and the Proxy which runs on a Docker container in the cloud with your application.
This is what a running version of the Proxy looks like. This webpage is running on a Docker container which is running on a lightweight Linux instance in this example on Amazon Web Services. In the top right, you can see we got authentication set up with AWS. Under Proxy Stats, you can also see some details about aggregate traffic passing through the Proxy to the application servers. And under Service Center Connections, notice the BIG-IP that is associated with the Proxy.
And below that under Published Nodes, you can see the list of Published Nodes. Published means that BIG-IP has these nodes available.
Let’s take a quick look at a few possibilities for adding and removing nodes.
Let’s say that these nodes are used in BIG-IP as pool members, so traffic is going to them. If I want to stop sending traffic to one of the nodes, we can simply disable it temporarily and if we’re done with a node, we can delete it completely. This is useful if you are on the Dev Team and you have access to the Proxy but you don’t have access to the BIG-IP. Without contacting IT, you can start and stop traffic to the application.
What happens if I delete a node? If we scroll down a bit more, there are three options: we can auto-publish nodes to BIG-IP or we can easily auto discover them. This means the Proxy will show you the nodes and you can choose whether to publish to BIG-IP.
We went ahead and deleted one of the nodes and now that node appears under the Auto Discovery selection.
And we can decide if we want to publish to BIG-IP.
You also have the option to manually add nodes so no matter where your nodes live, in Azure, Google, AWS or your data center, you can add them here and they’ll communicate with BIG-IP via secure web sockets connection.
Now let’s turn to the BIG-IP. Here is the Service Center and it’s in the iApps section under Application Services>Applications LX. Here, we can see a visual representation of my active Proxy and its related nodes.
If we click Proxies, we can see the Proxy here and if we want to stop authorizing this Proxy we can. This will stop traffic going to these nodes.
If others in the organization add Proxies, we can go in and authorize them.
In addition, if we click API, we get a list of all the programmatic ways we can interact with Application Connector.
Now, on the BIG-IP, if we go to Local Traffic>Pools>Pool List we can look at the pool associated with this deployment. Let’s click Members and we can see that the nodes we’ve been working with are available for us to add to a Pool.
You’d use Application Connector if you’re multi-cloud since it doesn’t matter where you nodes are, BIG-IP considers them local. From a security perspective, no public IPs need to be associated with your applications and keep your encryption keys on BIG-IP and share them across clouds. And the consistency to have BIG-IP services like load balancing, WAF, traffic manipulation and authentication are all centrally managed on BIG-IP. After your initial configuration, no real management needed for low maintenance.
The licensing is included with the iSeries appliance and available as an add-on for other platforms. You can watch the Application Connector – Part 1: Overview video from our TechPubs team.
*** This is a Security Bloggers Network syndicated blog from psilva's prophecies authored by psilva. Read the original post at: https://psilvas.wordpress.com/2018/02/13/application-connector-overview/