IBM® Tivoli® Service Automation Manager - Extension for Juniper SRX Firewall, and,
IBM® Tivoli® Service Automation Manager - Extension for F5 BIG-IP Load Balancer
These network extensions deliver out-of-the-box automation in infrastructure cloud services for configuring security access (Firewall) and scalability and redundancy (Load Balancer).
IBM Tivoli Service Automation Manager - Extension for Juniper SRX Firewall
This extension enables customers to configure network security settings automatically when a project is provisioned, and manage security configuration over the lifetime of the project. Through use of security zones and traffic management policies all virtual networks resources are secured and access to applications and VMs within a project is customizable throughout the project life cycle.
A Juniper SRX Firewall implementation was chosen because of its large diffusion among service providers who are either using or evaluating IBM Tivoli Service Automation Manager.
The Juniper SRX Firewall extension provides the following functionality:
- Create/Delete Projects with Servers – automatically apply default network security settings (based on predefined traffic management policies) to all VMs provisioned within a project, immediately securing inbound and outbound traffic flows.
- Create/Delete Customers – automatically register a customer with a firewall device. All subsequent customer projects are then managed within the customer’s security zone.
- Modify a Firewall Policy – allows management of traffic policies and rules on a per-project basis.
The screenshot below shows a typical firewall setup.
IBM Tivoli Service Automation Manager - Extension for F5 BIG-IP Load Balancer
Load balancing is one of the key values of any cloud project. The load balancer extension enables the definition of rules to automatically distribute the workload amongst VMs in the project whilst providing a single entry point (Virtual-IP) to external users (i.e. it presents itself as a single powerful machine to the user).
The BIG-IP Local Traffic Manager is the F5 product that performs load balancing across servers in a single data center providing intelligent load balancing and traffic management as well as advanced application security, acceleration, and optimization.
The F5 BIG-IP Load Balancer extension provides the following functionality:
- Reserve/Release Virtual IPs –Virtual IPs (VIPs) can be reserved on a project subnet so that load balancer policies can be created between projects
- Create/Modify/Delete a Load Balancer Policy
- Policies can be created, which are used to reach an application running on a pool of VMs
- VIPs and ports are associated to the VMs that will run the application
- Specific BIG-IP device parameters can be set (e.g. load balancing algorithm)
The screenshot below shows one of the load balancer setup screens.
These extensions can be leveraged and verified through testing with other Juniper and F5 devices (with the same use cases). If you have other devices and/or other use cases you may wish to create your own custom extension by using these extensions as a starting point or example.
The diagram below gives and overview of the extension plug-points.
For more information about the Firewall and Load Balancer Extensions, please refer to the Information Center.