Web Development

Portal-based delegation of network services? You can with iControl

Rick Vanover describes one way of delegating network services with the iControl management API. These services include virtual IP addresses for load-balanced Web servers, application servers that run Web services, and systems that have a remote data center or failover capability.

I have found great benefits in using delegation of network services internally. These services include virtual IP addresses for load-balanced Web servers, application servers that run Web services, and systems that have a remote data center or failover capability. The virtual IP addresses, when paired with DNS names, offer great functionality to manage the availability of the applications with their owners. And frequently, changes to these applications are the matters of the business groups and not that of the network administrator. Therefore, enabling a portal for the owners of the applications to move the live node, take one offline for maintenance, or failover administration becomes the natural fit.

One specific way of doing this is using the iControl management API for use with the F5 BigIP series of enterprise devices. In this fashion, we've created a portal that the different groups - Web server team, application team, and others - can log into (and they can only manage their systems) to perform the most frequent and basic tasks of their respective pool. This operator role within the iControl API simply lets them enable or disable a member of the pool. The additions and core changes to the pool however are still set by the network administration team. With this, we are relieved of the middle of the night requests (routine or unscheduled) to take one member of the pool offline or enable the new addition. The figure below shows how the API works for a basic in and out perspective:

iControl basic flow

We have found that the parameters are defined well with the business having access to manage their own pool that is controlled by the network staff to be a win-win situation. Of course, the requisite logging and per-user access is controlled and logged for accountability purposes by the F5, and there is management endorsement to this practice. What is your organization's take on this approach? Share your comments on what you are doing for delegation, and in particular with other products.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

0 comments