Technology is hard. As technologists, I think we like it that way. It’s built‑in job security, right? Well, unfortunately, the modern application world has become unproductively hard. We need to make it easier.
That’s why I like describing the current developer paradox as the need to run safely with scissors.
NGINX Balances Developer Choice with Infrastructure Guardrails
Running with scissors is a simple metaphor for what is the admittedly difficult ask we make of software engineers. Developers need to run. Time to market and feature velocity are critical to the success of digital businesses. As a result, we don’t want to encumber developers with processes or technology choices that slow them down. Instead we empower them to pick tools and stacks that let them deliver code to customers as quickly as possible.
But there’s a catch. In the world of fast releases, multiple daily (or hourly or minutely!) changes, and fail‑fast development, we risk introducing application downtime into digital experiences – that risk is the metaphorical scissors that make it dangerous to run fast. On some level we know it’s wrong to make developers run with scissors. But the speed upside trumps the downtime downside.
That frames the dilemma of our era: we need our developers to run with scissors, but we don’t want anybody to get hurt. Is there a solution?
At NGINX, the answer is “yes”. I’m excited to announce eight new or significantly enhanced solutions built to unleash developer speed without sacrificing the governance, visibility, and control infrastructure teams require.
Load Balancing and Security DNS Solutions Empower Self‑Service
As my colleague, Gus Robertson, eloquently points out in his recent blog The Essence of Sprint Is Speed, self‑service is an important part of developer empowerment. He talks about developers as the engines of digital transformation. And if they’re not presented with easy-to-use, capable tools, they take matters into their own hands. The result is shadow IT and significant infrastructure risk.
Self‑service turns this on its head. It provides infrastructure teams with a way to release the application delivery and security technologies that developers need for A/B, canary, blue‑green, and circuit‑breaker patterns. But it does so within the guardrails that ensure the consistency, reliability, and security that ensure your apps remain running once in production.
To help infrastructure teams be the superheroes in the developer self‑service story, NGINX is announcing four updated solutions:
- NGINX Controller 3.8 and 3.9 enhance app‑centric policies and the self‑service portal.
With Controller 3.0, we introduced application‑centric workflows and self‑service portals. Controller 3.8 and 3.9 introduce URI rewrites and redirects, header manipulation, advanced app routing, service discovery, data-center–aware upstream support, and more. The result? Your Dev and DevOps teams get the power of their preferred NGINX load balancing and proxy capabilities with richer analytics, a declarative API for CI/CD integration, and role‑based access control (RBAC) to ensure teams are seeing only what’s relevant to them. Controller 3.8 also enhances the developer portal for API management, ensuring developers can publish, document, and monitor their APIs in detail.
Controller 3.8 is generally available today and 3.9 is planned for this month.
[Editor – NGINX Controller is now F5 NGINX Management Suite.]
- NGINX Controller Application Security delivers internal WAF-as-a-Service.
Hot on the heels of introducing NGINX App Protect – a native NGINX WAF built on F5’s market‑leading technology – NGINX is introducing Controller Application Security for managing App Protect policies, rules, and integration with NGINX Plus ADC capabilities. Now NGINX App Protect inherits Controller’s API, analytics, and self‑service capabilities, enabling security teams to set up more guardrails without slowing down developer productivity.
Controller App Security is in private beta now and will be generally available by the end of 2020. We have a limited number of spots left in the private beta, so register now if you’re interested.
- NGINX App Protect 2.0 enhances security for Kubernetes and APIs.
NGINX App Protect 2.0 introduces new integrations with NGINX Ingress Controller for Kubernetes, more advanced API security, and improved user signature updating capabilities. NGINX App Protect is a lightweight, fast WAF designed to “shift security left”. Because NGINX App Protect deploys as an API‑enabled WAF natively on NGINX Plus, you can build it into CI/CD pipelines and introduce it as an automated component earlier in the software delivery lifecycle.
NGINX App Protect 2.0 released last week. You can start a free trial along with NGINX Plus right now.
- Tighter integration and support for Red Hat.
Self‑service works when your app delivery and security technologies integrate with your CI/CD and automation tools. Making that integration easy is why we’re excited to announce several joint solutions and investments in the Red Hat portfolio. Whether you’re a RHEL shop invested in FIPS compliance, an Ansible user wanting to automate NGINX, or an OpenShift adopter seeking to deliver enterprise apps with speed, NGINX and Red Hat have released secure, scalable, and resilient application delivery solutions.
Ingress and Service Mesh Solutions Make Kubernetes Production‑Grade
Kubernetes is the keystone of modern application architectures. Microservices lend themselves well to a containerized format, and Kubernetes has emerged as the de facto way to orchestrate container environments. Yet many organizations struggle to deploy Kubernetes in production. Why? Limited tooling for traffic management, security, and visibility make Kubernetes difficult to operate at scale.
If you’re a developer, you’re looking to Ingress controllers to handle traffic in and out of your Kubernetes cluster, and sidecar proxies to manage the “east‑west” traffic among containers within the cluster. Both are critical technologies for running Kubernetes in production.
To help developer teams deploy rock‑solid Kubernetes environments, NGINX is making two additional product announcements:
- NGINX Ingress Controller 1.9.0 enables customization of Kubernetes traffic management.
NGINX released version 1.8.0 of our Kubernetes Ingress controller in July, introducing significant customization enhancements with new snippets and templates. Version 1.8.0 also added native support for NGINX App Protect, which brings the power of an advanced WAF powered by F5 to run natively in your Kubernetes cluster. Ingress Controller 1.9.0 adds JWT authentication, rate limiting, and mutual TLS, configured with simple and easy-to-use policy resources so you don’t have to configure NGINX directly with snippets. It also features enhanced logging and diagnostics.
NGINX Ingress Controller 1.9.0 releases in October, followed by additional integrations with F5 BIG-IP devices for a more comprehensive Kubernetes networking solution.
- NGINX Service Mesh 1.0 provides a simpler, easier-to-manage alternative to Istio.
Service meshes have emerged as the leading pattern for east‑west traffic management, observability, and security in large‑scale Kubernetes environments. Istio deployments, like those from Aspen Mesh, are ideal for companies that operate at significant scale. But for many organizations, the overhead of Istio is too much. Introducing NGINX Service Mesh. Based on NGINX Plus, NGINX Service Mesh is a lightweight, fast, intelligent Layer 7 service mesh solution. It’s completely integrated with NGINX Ingress Controller to provide a seamless ingress/egress and intra‑cluster traffic management solution for developers. NGINX Service Mesh extends beyond Kubernetes environments, connecting bare metal and VM environments too.
Stay tuned for an open beta of NGINX Service Mesh in October, with general availability targeted for the first half of 2021.
DNS and Analytics SaaS Deliver Resiliency and Insights in Minutes
NGINX has fine‑tuned the art and science of providing fast, efficient, and lightweight software. But even so, sometimes software is not the right form factor. Software-as-a-service (SaaS) solutions provide an easier-to-consume option for Dev and DevOps teams looking to quickly add application delivery capabilities to their environments. Now all applications can benefit from NGINX optimizing their delivery and security.
F5 Cloud Services are SaaS solutions based on popular NGINX, Shape, and F5 technologies. They provide a developer‑ and DevOps‑friendly set of app delivery and security capabilities. All Cloud Services are API‑first in their design, providing declarative APIs for easy integration into CI/CD frameworks. Rather than infrastructure as code, they are SaaS as code.
To help developer teams get up and running quickly with SaaS in their NGINX Open Source and NGINX Plus environments, we’re announcing two more offerings:
- F5 DNS Cloud Services introduces new primary DNS for global resiliency.
F5 DNS Cloud Services provide secondary and global server load balancing (GSLB) to enhance NGINX Plus environments. Now F5 Cloud Services is introducing a primary DNS offering. DevOps teams can easily set up DNS infrastructure for their own applications without having to go through complex, manual DNS provisioning.
F5 DNS Cloud Services will provide primary DNS by the end of 2020. Sign up for a free F5 Cloud Services account now and get early access to Primary DNS when it releases in October.
- NGINX analytics-as-a-service delivers NGINX insights easily and quickly.
Do you have a large NGINX estate? Perhaps tens, hundreds, or even thousands of instances? Chances are it’s difficult to manage all the complexity. To help, NGINX is delivering easy-to-deploy and configure SaaS cloud services that tightly integrate with your NGINX deployment. Our first offering will be NGINX Analytics Cloud Service, a SaaS‑based solution and successor to NGINX Amplify. Easy to get up and running in minutes, this SaaS offering provides detailed insights beyond the metrics reported on the NGINX Plus live activity monitoring dashboard. It even supports NGINX Open Source monitoring, providing a single source for insight across your entire NGINX fleet.
Learn More at Sprint 2020
We hope you’ll join us for NGINX Sprint 2020, which starts today. It’s a three‑day virtual event designed to help NGINX users learn about new solutions, view hands‑on demos of our software and SaaS in action, and participate in a hackathon to benefit local communities.
I encourage you to register – it’s free! – and tune in. It’s a quick, efficient, and lightweight event (like NGINX) that enables you to stream relevant 15‑ and 20‑minute sessions. If nothing else, watch the Day 1 keynotes where we highlight the eight solutions detailed above. Don’t worry, all live content will be posted for on‑demand viewing.
Who knows, you may just get comfortable permitting your developers to run with scissors after all.