diff --git a/docs/class1/class1.rst b/docs/class1/class1.rst index 08d6b633..4b909335 100644 --- a/docs/class1/class1.rst +++ b/docs/class1/class1.rst @@ -1,4 +1,4 @@ -F5 Distributed Cloud - Introduction to Deployment Models and Services +F5 Distributed Cloud - Foundations of Delivery & Security ========================================================================= Welcome @@ -13,8 +13,6 @@ Objectives: - Gain an understanding of deploying proxy services to securely deliver an application with a public endpoint - Gain an understanding of viewing telemetry data and utilizing it to tune WAAP policies - Gain an understanding of how to deploy a site for providing connectivity to a private endpoint -- Gain an understanding of DNS, Observability, and CDN -- Gain an understanding of Multi-Cloud Networking (MCN) connectivity features (i.e. AWS, Azure, and Google) Lab & Tasks: ------------ diff --git a/docs/class1/lab2.rst b/docs/class1/lab2.rst index 5118548e..8ec012b0 100644 --- a/docs/class1/lab2.rst +++ b/docs/class1/lab2.rst @@ -196,9 +196,13 @@ in AWS via the connection to the CE node in AWS. | | +-----------------------------------------------------------------------------------------------------------------------------------+ -This is similar behavior to what we saw in the previous lab, -but in this case the enforcement of the WAF policy is occurring on the CE node -that is deployed in the AWS Lab Environment and not in the F5 Distributed Cloud Regional Edge. ++-----------------------------------------------------------------------------------------------------------------------------------+ +| | +| This concludes lab 2. In this lab you configured a global load balancer with a WAF policy on a CE node running in AWS for a | +| private end point. That private end point was only accessible via the global load balancer. | +| | +| |labend| | ++-----------------------------------------------------------------------------------------------------------------------------------+ .. |lab300| image:: _static/lab3-appworld2025-topology-diagram.png :width: 800px @@ -228,4 +232,5 @@ that is deployed in the AWS Lab Environment and not in the F5 Distributed Cloud :width: 800px .. |lab313| image:: _static/lab3-appworld2025-waf-block-message.png :width: 800px - +.. |labend| image:: _static/labend.png + :width: 800px diff --git a/docs/class1/lab4.rst b/docs/class1/lab4.rst deleted file mode 100644 index f3fb3f38..00000000 --- a/docs/class1/lab4.rst +++ /dev/null @@ -1,295 +0,0 @@ -Lab 4: Introduction to F5 Distributed Cloud DNS -=============================================================== - -This lab provides an introduction to DNS services available on F5 Distributed Cloud. This -lab will demonstrate where to configured Delegated DNS, Primary and Secondary DNS, and DNS -Load Balancing. All configuration will be made via the F5 Distributed Cloud Console and -within the F5 Distributed Cloud Global Network services architecture. - -Task 1: Delegated DNS -~~~~~~~~~~~~~~~~~~~~~ - -This task reviews where to configure a Delegated DNS Domain. - -+----------------------------------------------------------------------------------------------+ -| 1. If you are not still logged into the F5 Distributed Console, login. | -| | -| 2. If you are on the Main Dashboard Select the DNS Management tile or if you are already in | -| | -| one of the services you can select **DNS Management** from the **Select service** | -| | -| dropdown. | -+----------------------------------------------------------------------------------------------+ -| |lab001| | -| | -| |lab002| | -+----------------------------------------------------------------------------------------------+ - -+----------------------------------------------------------------------------------------------+ -| 3. In the left-hand navigation menu, expand the **Manage** section and click the | -| | -| **Delegated Domain Management** link. | -| | -| 4. Notice that the *lab-sec.f5demos.com* domain has been delegated to this tenant. Delegated | -| | -| domains allow Distributed Cloud to automatically create DNS entries for objects configured| -| | -| within Distributed Cloud. You utilized this feature to create a DNS entry for your | -| | -| application in Lab 1. | -+----------------------------------------------------------------------------------------------+ -| |lab003| | -+----------------------------------------------------------------------------------------------+ - -Task 2: Primary and Secondary DNS -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The following steps will demonstrate where DNS features are configured within the F5 Distributed - -Cloud Console. This task reviews where to configure Primary and Secondary DNS for a zone. - -+----------------------------------------------------------------------------------------------+ -| 1. In the left-hand navigation menu, under the **Manage** section click the **DNS** | -| | -| **Management** link. | -| | -| 2. Click the **Add DNS Zone** button. | -+----------------------------------------------------------------------------------------------+ -| |lab004| | -| | -| |lab005| | -+----------------------------------------------------------------------------------------------+ - -+----------------------------------------------------------------------------------------------+ -| 3. In the resulting window note the **Domain Name** field. This is where you enter the | -| | -| zone domain name that Distributed Cloud will provide DNS responses for. | -| | -| 4. Note the **Zone Type** dropdown under the **DNS Zone Configuration** section. This is | -| | -| where you select if Distributed Cloud will be a Primary or Secondary DNS server for the | -| | -| DNS zone specified. | -| | -| 5. Click **Cancel and Exit** to close this window. | -| | -| .. note:: | -| *Your current role does not have permissions to create Primary or Secondary DNS Zones.* | -| | -| *If you click Save and Exit you will receive an error message stating you do not have* | -| | -| *access with your current role.* | -+----------------------------------------------------------------------------------------------+ -| |lab006| | -| | -| |lab007| | -+----------------------------------------------------------------------------------------------+ - -Task 3: DNS Load Balancers -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This task reviews where to configure DNS Load Balancing. This task demonstrates where to - -configure DNS Load Balancer Health Checks, DNS Load Balancer Pools, and DNS Load Balancers. - -+----------------------------------------------------------------------------------------------+ -| 1. In the left-hand navigation menu, under the **Manage** section expand the **DNS** | -| | -| **Load Balancer Management** section and select **DNS Load Balancer Health Checks.** | -| | -| 2. Click the **Add DNS Load Balancer Health Check** button. | -+----------------------------------------------------------------------------------------------+ -| |lab008| | -| | -| |lab009| | -+----------------------------------------------------------------------------------------------+ - -+----------------------------------------------------------------------------------------------+ -| 3. In the resulting window note the available Health Check Types under the **Health Check** | -| | -| **Type** dropdown. This is where you can select the type of health check that will be | -| | -| utilized to verify the application is available. | -| | -| 4. Click **Cancel and Exit** to close this window. | -| | -| .. note:: | -| *Your current role does not have permissions to create DNS Load Balancer Health Checks.* | -| | -| *If you click Save and Exit you will receive an error message stating you do not have* | -| | -| *access with your current role.* | -+----------------------------------------------------------------------------------------------+ -| |lab010| | -| | -| |lab011| | -+----------------------------------------------------------------------------------------------+ - -+----------------------------------------------------------------------------------------------+ -| 5. In the left-hand navigation menu, under the **Manage** section expand the **DNS** | -| | -| **Load Balancer Management** section and select **DNS Load Balancer Pools.** | -| | -| 6. Click the **Add DNS Load Balancer Pool** button. | -+----------------------------------------------------------------------------------------------+ -| |lab012| | -| | -| |lab013| | -+----------------------------------------------------------------------------------------------+ - -+----------------------------------------------------------------------------------------------+ -| 7. In the resulting window note the available pool member types by expanding the **Pool** | -| | -| **Type** dropdown. This is where you can select the type of pool member that will be | -| | -| DNS load balanced. | -| | -| 8. Select **A** from the **Pool Type** dropdown. | -| | -| 9. Click **Add Item** in the **Pool Members** section. | -| | -| 10. In the resulting window note the **Public IP** field. This is where you specify the | -| | -| the public IP of the pool member. | -| | -| 11. Also note the **Load Balancing Ration** and **Load Balancing Priority** fields. These | -| | -| values control how the pool member will be load balanced. | -| | -| 12. Click **Cancel and Exit** | -| | -| .. note:: | -| *Your current role does not have permissions to create DNS Load Balancer Pools.* | -| | -| *If you click Save and Exit you will receive an error message stating you do not have* | -| | -| *access with your current role.* | -+----------------------------------------------------------------------------------------------+ -| |lab014| | -| | -| |lab015| | -| | -| |lab016| | -| | -| |lab017| | -+----------------------------------------------------------------------------------------------+ - -+----------------------------------------------------------------------------------------------+ -| 13. In the left-hand navigation menu, under the **Manage** section expand the **DNS** | -| | -| **Load Balancer Management** section and select **DNS Load Balancers.** | -| | -| 14. Click the **Add DNS Load Balancer** button. | -+----------------------------------------------------------------------------------------------+ -| |lab018| | -| | -| |lab019| | -+----------------------------------------------------------------------------------------------+ - -+----------------------------------------------------------------------------------------------+ -| 15. In the resulting window note the available record types by expanding the **Record Type** | -| | -| dropdown. This is where you can select the type of DNS record to provide by the DNS load | -| | -| balancer. | -| | -| 16. Select **Configure** from the **Load Balancing Rule List** section. | -| | -| 17. In the resulting window click the **Add Item** Button. | -| | -| 18. In the resulting window click **Add Label** under the **Selector Expression.** Note the | -| | -| available Geo Location Selectors. | -| | -| 19. Click outside the dropdown to close the dropdown. | -| | -| 20. Note the **Use DNS Load Balancer pool** dropdown. This is where you select the pool to | -| | -| to be used with this Load Balancing Rule. | -| | -| 21. Click **Cancel and Exit** | -| | -| .. note:: | -| *Your current role does not have permissions to create DNS Load Balancers.* | -| | -| *If you click Save and Exit you will receive an error message stating you do not have* | -| | -| *access with your current role.* | -+----------------------------------------------------------------------------------------------+ -| |lab020| | -| | -| |lab021| | -| | -| |lab022| | -| | -| |lab023| | -| | -| |lab024| | -| | -| |lab025| | -+----------------------------------------------------------------------------------------------+ - -+----------------------------------------------------------------------------------------------+ -| **End of Lab 4:** This concludes Lab 4. In this lab you reviewed where to configure | -| | -| Delegated DNS, Primary and Secondary DNS, and DNS Load Balancing. Distributed Cloud supports| -| | -| multiple DNS deployment models to satisfy different design goals. | -| | -| A brief presentation will be shared prior to the beginning of Lab 5. | -+----------------------------------------------------------------------------------------------+ -| |labend| | -+----------------------------------------------------------------------------------------------+ - -.. |lab001| image:: _static/lab4-001.png - :width: 800px -.. |lab002| image:: _static/lab4-002.png - :width: 800px -.. |lab003| image:: _static/lab4-003.png - :width: 800px -.. |lab004| image:: _static/lab4-004.png - :width: 800px -.. |lab005| image:: _static/lab4-005.png - :width: 800px -.. |lab006| image:: _static/lab4-006.png - :width: 800px -.. |lab007| image:: _static/lab4-007.png - :width: 800px -.. |lab008| image:: _static/lab4-008.png - :width: 800px -.. |lab009| image:: _static/lab4-009.png - :width: 800px -.. |lab010| image:: _static/lab4-010.png - :width: 800px -.. |lab011| image:: _static/lab4-011.png - :width: 800px -.. |lab012| image:: _static/lab4-012.png - :width: 800px -.. |lab013| image:: _static/lab4-013.png - :width: 800px -.. |lab014| image:: _static/lab4-014.png - :width: 800px -.. |lab015| image:: _static/lab4-015.png - :width: 800px -.. |lab016| image:: _static/lab4-016.png - :width: 800px -.. |lab017| image:: _static/lab4-017.png - :width: 800px -.. |lab018| image:: _static/lab4-018.png - :width: 800px -.. |lab019| image:: _static/lab4-019.png - :width: 800px -.. |lab020| image:: _static/lab4-020.png - :width: 800px -.. |lab021| image:: _static/lab4-021.png - :width: 800px -.. |lab022| image:: _static/lab4-022.png - :width: 800px -.. |lab023| image:: _static/lab4-023.png - :width: 800px -.. |lab024| image:: _static/lab4-024.png - :width: 800px -.. |lab025| image:: _static/lab4-025.png - :width: 800px -.. |labend| image:: _static/labend.png - :width: 800px diff --git a/docs/class1/lab5.rst b/docs/class1/lab5.rst deleted file mode 100644 index 1877e5aa..00000000 --- a/docs/class1/lab5.rst +++ /dev/null @@ -1,81 +0,0 @@ -Lab 5: Introduction to Observability -==================================== - -Have you ever wished that you knew about impending application issues before your users or -boss did? Application performance issues or outages usually provide clues before they -manifest into larger problems. Synthetic monitors provides you the opportunity to often fix -them before they become large-scale issues. - -Task 1: Create a synthetic monitor -~~~~~~~~~~~~~~~~~~~~~~~~ - -#. Click the "Select Service" drop down menu on the sidebar and select "Observability". - - .. image:: _static/menu_observability.png - :width: 75% - -#. Click the "Add HTTP Monitor" button. - - .. image:: _static/add_http_monitor.png - :width: 75% - - -#. In the name field, type "example-com". -#. In the URL field, type "https://example.com". -#. Click on the Interval drop down menu, choose "30 seconds". - - .. image:: _static/example-com.png - :width: 75% - -#. In the External Sources area, click the "Add Item" button. - - .. image:: _static/add_item.png - :width: 75% - -#. In the Regions field, select "us-east-2" and "us-west-1" and click Apply. - - .. image:: _static/monitor_sources.png - :width: 75% - -#. Click the "Save and Exit" button at the bottom right. - - .. image:: _static/save-exit.png - :width: 75% - -#. Wait 30-60 seconds for the monitors to update. - -Task 2: Review the synthetic monitor data -~~~~~~~~~~~~~~~~~~~~~~~~ - -1. Click on HTTP Monitors in the sidebar. -2. Click the All Monitors tab near the top of the screen. - - .. image:: _static/all-monitors.png - :width: 75% - -3. Click the "example-com" monitor name that you created previously. - - .. image:: _static/click-example-com.png - :width: 75% - -4. Please take a few minutes to review the information in the report, including: -days until certificate expiration, latency, global response time breakdown, and -response time by region (source). - - .. image:: _static/monitor_data.png - :width: 75% - -5. Click the "TLS Report" link and review the TLS detailed report. -Press the X to close the report and return to the synthetic monitor statistics. - - .. image:: _static/tls_report-link.png - :width: 75% - - - - .. image:: _static/tls-report.png - :width: 75% - -6. Note that you can configure alerts to be sent to you when monitor thresholds are exceeded, -however alerts are out of scope for this lab. - diff --git a/docs/class1/lab6.rst b/docs/class1/lab6.rst deleted file mode 100644 index ce3a3adf..00000000 --- a/docs/class1/lab6.rst +++ /dev/null @@ -1,192 +0,0 @@ -Lab 6: Introduction to Content Delivery Networks (CDN) -===================================================== - -F5 Distributed Cloud CDN (Content Delivery Network) provides integrated security with support for content caching and containerized edge-based workloads for richer digital experiences. Built on a high-performance, secure global private network, F5 Distributed Cloud CDN enables rich digital experiences for end users. Distributed Cloud CDN integrates with critical app security services to empower your organization as it pursues multi-cloud and edge-based initiatives. - -This lab provides an introduction to CDN services available within Distributed Cloud. The following steps will demonstrate the process of configuring CDN features within F5 Distributed Cloud Console. These steps will outline the process of creating CDN Distribution, and the steps involved for CDN Verification & viewing the Dashboard. - -Task 1: Create CDN Distribution -~~~~~~~~~~~~~~~~~~~~~~~~ - -#. Login as SecOps, NetOps, or DevOps User - -#. Select ‘Content Delivery Network’ from Common Services. - - .. image:: _static/lab6-001.PNG - :width: 75% - -You can also select it from the left drop-down menu. - - .. image:: _static/lab6-002.PNG - -#. Select Manage > Distributions > Add Distribution - - .. image:: _static/lab6-003.PNG - :width: 75% - -#. Enter the following variables: - - ================================= ===== - Variable Value - ================================= ===== - Name - Domains - ================================= ===== - - .. image:: _static/lab6-004.PNG - - ================================= ===== - Variable Value - ================================= ===== - Type of CDN Distribution HTTP - ================================= ===== - - .. image:: _static/lab6-005.PNG - - ================================= ============== - Variable Value - ================================= ============== - Automatically Manage DNS Records Enabled/Checked - ================================= ============== - - .. image:: _static/lab6-006.PNG - -#. Under 'CDN Origin Pool' select 'Configure'. - - .. image:: _static/lab6-007.PNG - -#. Enter the following variables under 'Origin Host Header' - - ================================= ===== - Variable Value - ================================= ===== - DNS Name: appedge.one - Enable TLS for Origin Servers No TLS - ================================= ===== - - .. image:: _static/lab6-008b.PNG - -#. Select 'Add Item' under the 'List of Origin Servers'. - - .. image:: _static/lab6-009.PNG - - ================================= ===== - Variable Value - ================================= ===== - Type of Origin Server: Public DNS Name of Origin Server - DNS Name appedge.one - ================================= ===== - - .. image:: _static/lab6-010b.PNG - -#. Select 'Apply' > 'Apply' > 'Save and Exit'. - - .. image:: _static/lab6-011.PNG - -#. The CDN Distribution will take a few moments to deploy. You can click the 'Refresh' button to monitor the status as it goes from ‘Pending’ to ‘Active’. - - .. image:: _static/lab6-012.PNG - -#. Once the CDN Distribution is active you can launch a new browser window and navigate to Performance section within the CDN configuration. Then select the CDN Distribution you just created (namespace-cdn). - - .. image:: _static/lab6-015.PNG - -#. Click around to review to the dashboard statistics. - - .. image:: _static/lab6-016.PNG - -#. On the main dashboard, you will notice requests being categorized as 'Hits' or 'Misses'. - - A cache miss occurs when a client device makes a request to the CDN and the CDN cache does not have the requested content. - - A cache hit occurs when the CDN cache has the requested content. Content is delivered with lower Time-To-First-Byte (TTFB) on a cache hit because the CDN can immediately deliver the content to the end user without having to make an origin pull. - - An origin pull occurs anytime the CDN server needs to pass a request to the origin server. This typically occurs on a cache miss. On an origin pull, the CDN will cache the content contained in the origin server's response. Subsequent requests for the same content will result in a cache hit and lower latency for end users. - -#. You will notice a series of 'Misses' after refreshing the page serveral times. The reason the requests are identified as 'misses' is due to the 'Cache-Control' headers that are being injected into the request/resonse and origin caching. Distributed Cloud CDN allows you to configure advanced "Header Controls' and additional 'Cache Options'. - -#. Lets go back into the CDN Distribution configuration by navigating to Manage > Distributions. - -#. Under the 'Actions' Column, click the ellipses (ie. three dots), then select Manage Configuration. - - .. image:: _static/lab6-017.png - - .. image:: _static/lab6-018.PNG - -#. In the upper right hand corner, select 'Edit Configuration'. - - .. image:: _static/lab6-019.PNG - -#. At the bottom of the screen, under 'Advanced Configuration', select the 'Show Advanced Fields' toggle button. - - .. image:: _static/lab6-020.PNG - - .. image:: _static/lab6-021.PNG - -#. Under 'More Options' > 'Header Control' select 'Configure' - - .. image:: _static/lab6-022.PNG - -#. We are now going to remove the 'Cache-Control' header from both the origin request and response. Select 'Configure' under the 'Remove Origin Request Header' option. - - .. image:: _static/lab6-023.PNG - -#. Select 'Add Item' - - .. image:: _static/lab6-024.PNG - -#. Enter 'Cache-Control' as the header name. Then select 'Apply' at the bottom of the screen. - - .. image:: _static/lab6-025.PNG - -#. Perform the same step for the 'Remove Response Header' option. - - .. image:: _static/lab6-025b.PNG - -#. Select 'Add Item' - - .. image:: _static/lab6-026.PNG - -#. Enter 'Cache-Control' as the header name. Then select 'Apply' at the bottom of the screen. - - .. image:: _static/lab6-027.PNG - -#. You will now see the 'Remove Origin Request Headers' and 'Remove Response Headers' configured. Click 'Apply' at the bottom of the screen. - - .. image:: _static/lab6-028.PNG - -#. You will now be returned to the main Distributed configuration. The final step is to change the 'Default Cache TTL' value from the origin server for demonstration purposes. Select 'Configure' under the 'Cache Options'. - - .. image:: _static/lab6-029.PNG - -#. Under the 'Cache Settings' menu, select 'Default Cache TTL' and set the 'Default Cache TTL' value to '5d' then click 'Apply'. - - .. image:: _static/lab6-030b.PNG - -#. Once 'Header Control' and 'Cache Options' are configured click Save and Exit at the bottom. - - .. image:: _static/lab6-031.PNG - -#. With the advanced options configured, we can now retest/refresh the application to see the new results. - -#. Now you will see the 'hits' counter increase. - - .. image:: _static/lab6-032.PNG - -#. Lab Completed! diff --git a/docs/class1/lab7.rst b/docs/class1/lab7.rst deleted file mode 100644 index 69400b3c..00000000 --- a/docs/class1/lab7.rst +++ /dev/null @@ -1,38 +0,0 @@ -Lab 7: Introduction to MCN -================================== - -This lab will make use of F5 Distributed Cloud Simulators to emulate the process of setting up two different sites (one in AWS, one on premises) - - -F5 provides "simulations" of its services via "F5 Simulators". We will use the -Distributed Cloud Simulator to familiarize you with the MCN concept. - -Task 1: Creating a Site -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Please visit: https://simulator.f5.com/s/cloud2cloud_via_httplb/nav/sim1/020/0 - - -Note that you will need to pay attention for fields that are highlighted. Some of them like "Show Advanced Fields" -may appear on the bottom right of the screen. - -|lab007-1| - -You can opt to fill in the form fields or you can click on the "Next" button to allow the simulator to fill-in -the fields as required. Note that all of these actions can also be performed via the Distributed Cloud API. - -|lab007-2| - -Stop when you reach the step of clicking on "Apply" after creating your AWS Site. - -|lab007-3| - -Congratulations you just simulated deploying your AWS Site via the Distributed Cloud Console. If you like you can complete -running the simulator to deploy an Azure Site and create an HTTP Load Balancer. In the next Lab Exercise we will -be creating Load Balancer resources in the "Live" lab environment. - - - -.. |lab007-1| image:: _static/lab7-001.png -.. |lab007-2| image:: _static/lab7-002.png -.. |lab007-3| image:: _static/lab7-003.png