402 Study notes
Foundational Cloud Concepts
Compare and contrast the various cloud business models and technologies
Infrastructure as a Service (IaaS): IaaS delivers computing infrastructure as a service. Instead of purchasing hardware and other infrastructure components, customers use some form of virtualization to access outsourced resources. Because consumption is on an on-demand basis, costs directly reflect the amount of use.
Platform as a Service (PaaS): PaaS delivers computing and development platforms (for example, Microsoft .NET, Java EE, Google applications) as a service, giving users the ability to deploy and develop applications without significant hardware and software expense or management time. Since the deployment platform is very specific, like .NET, there might be limitations of the types of applications that might be supported. For instance, Google App Engine only supports applications written using Python while Heroku supports Ruby on Rails application development.
Software as a Service (SaaS): By delivering applications as a service, SaaS offers customers pre-packaged/pre-built applications through a standard web browser. With SaaS, customers can avoid the installation and management of software on their own computers and further benefit from centralized, automatic software updates as well as lower costs. Customers don’t need to dedicate valuable resources to software deployment or management.
Apply concepts related to cloud Identity Access Management technologies
Describe the terminology, modules, and technical requirements related to
application bursting and mobility
REF;https://www.f5.com/services/resources/white-papers/the-f5-cloud-bursting-reference-architecture
Apply concepts related to application bursting and mobility
Cloud Infrastructure Design
Describe the F5 licensing and support characteristics for cloud deployments
Evaluate variables relevant to the design of a cloud solution that meets business requirement
Enumerate the available permutations and combinations of F5 virtualization U/A technologies
Recognize the constraints imposed by various SDN technologies on F5 components
Relate technical requirements to F5 platforms and virtualization technologies
Evaluate variables relevant to architeching solutions using single and multi-tier F5 products in various cloud environments
Evaluate the variables relevant to the design of green-field data centers and application delivery architectures to function as a cloud service provider
Apply key concepts related to the design on-demand provisioning of application services
Evaluate variables relevant to the design of on-demand provisioning of application services
Cloud Migration
Evaluate variables relevant to the creation and validation of a Cloud migration plan for applications
Apply key concepts required for the implementation of a Cloud migration plan for applications
Evaluate variables relevant to the implementation of a cloud migration plan for applications
Apply key concepts required to leverage technologies to integrate with various SDN environments
Evaluate variables rlevant to the leveraging of technologies to integrate with various SDN environments
Cloud Deployment
Analyze cloud service provider instance sizing and location as it relates to BIG-IP requirements
Apply the key concepts required to deploy F5 instances on a cloud infrastructure
Cloud Orchestration and Automation
Apply the N/E/S/W-bound API model in order to orchestrate service creation
Apply the key concepts required to automate and orchestrate using F5 RESTful APIs
Evaluate the variables relevant to automation and orchestration using F5 RESTful APIs
Apply the key concepts required to design a cloud bursting solution
Evaluate the variables relevant to design a cloud bursting solution
Determine how to utilize cloud deployment templates to create on demand provisioning of application services
Evaluate cloud deployment templates for the creation of on-demand provisioning of application services
Apply the key concepts required to create a workflow for dynamic provisioning of an F5 instance
Apply the key concepts required to create a workflow for dynamic provisioning of an F5 instance
BIG-IP Cloud Edition
Cloud edition is composed of tightly integrated BIG-IQ Centralized Management and BIG-IP Per-App VEs to deliver advanced app services and lifecycle management—including autoscale, self-service management for app owners, and per-app analytics—in VMware private cloud and AWS or Microsoft Azure public cloud environments.
Dedicated per-app services are available for:
BIG-IP Local Traffic Manager: Delivers intelligent traffic management, as well as SSL offload and application optimization, for the best end-user experience.
F5 Advanced Web Application Firewall: Provides the industry’s most advanced WAF to protect all your applications against automated web attacks, credential theft, and L7 DDoS.
Licensing
subscription,
ELA,
perpetual licensing.
EXAM Notes
How long is the 402 exam?
The 402 exam is 105 minutes long.
How many items are on the 402 exam?
The 402 exam has 60 scored items and 5 unscored/pilot items.
• Some of the items contain exhibits. We strongly encourage viewing the entire exhibit.
• Some of the items contain case studies. The case studies are static and do not change
from one item to the next. We strongly encourage reading the entire case study.
What is the 402 exam passing score?
The 402 exam passing score is approximately 55%
What F5 certifications will be refreshed by passing the 402 exam?
• F5 Certified! Administrator, BIG-IP
• F5 Certified! Technology Specialist, BIG-IP LTM
• F5 Certified! Technology Specialist, BIG-IP DNS
What format is the 402 exam?
• The 402 exam is multiple choice.
• The exam contains exhibits and case studies.
• 1st failure: Exam hold for 15 days.
• 2nd failure: Exam hold for 30 days.
• 3rd failure: Exam hold for 45 days
• 4th failure: Exam hold for one (1) year.
auto scale cft
https://www.youtube.com/watch?v=VQ3IgGWsePs
--------------------- SORT NOTES------------------------------
Exam Tips:
1- (Must) licensing models and its related (Throughput, Resources Capacity).
2- (Must) Licensing and Cost you have to know how to reduce the cost when choosing the licensing model.
3- Focus on F5 with AWS CSP, forget about Azure, Google, i mean the HA setup on AWS and how the Autoscaling works on AWS.
3- understand the REST API in general and its related components, and how it works with F5 BIGIP and sometimes with BIG-IQ
3- Understand the Authentication/Authorization on REST API.
https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/authentication.html
Authorization to invoke Declarative Onboarding includes authorization to GET declarations stored in Declarative Onboarding.
Declarative Onboarding does not require its own credentials, however you must have administrator credentials for the BIG-IP that is running Declarative Onboarding.
Because Declarative Onboarding is an iControl LX extension, you can authenticate by including one of the following header values in your HTTP requests.
Basic Auth¶
To use Basic authentication, add a new request header: Authorization: Basic {Base64encoded value of username:password}. (If using a RESTful API client like Postman, in the Authorization tab, type the user name and password for a BIG-IP user account with Administrator permissions, which automatically adds the encoded header.)
Token Auth¶
To use Token Authentication, add a new request header: X-F5-Auth-Token: {tokenValue}
By default, the token has an expiration time of 1200 seconds
4- Read about (iAPP LX, iCONTROL LX, iWorkflow).
iApps LX
iApps® LX is built on top of the iControl® LX framework and enables application management and deployment of functionality within a BIG-IP® system and with any external managed device that you can send an API request to. Examples of external API systems are a customer’s OpenStack interface, an LDAP active directory server or any cloud connector. iApps LX can also be used to create a wizard for different Big-IP configurations, such as a routing decision table to configure routing rules. With iApps LX, you can create a custom UI with strong authentication.
iApps LX is built on a REST API framework, allowing bi-directional communication and commands.
iApps LX uses JavaScript, making its creation and deployment of template configurations (within and beyond the BIG-IP) seamless. iApps LX is implemented by creating and deploying block instances, which can be done from REST API commands (see Creating an iApps LX block instance using REST APIs) or from the BIG-IP GUI (see Creating an iApps LX block instance from the BIG-IP GUI).
An iApps LX block instance is created from a JSON template, which can be created or imported as part of an iApps LX RPM package.
As iApps LX is built on the iControl LX framework, it relies on creating extensions using nodejs to extend REST APIs.
F5 iRules LX - Introduction /DEMO
https://www.youtube.com/watch?v=7yRP2fPCxIs
iControl LX Extension Overview
The iControl® LX extension allows you to use Node.js to extend the REST API on any BIG-IP device or iWorkflow platform. You can write an iControl LX extension to implement your REST API using JavaScript to represent the URI resources (nouns) that you can then invoke in a RESTful manner. The REST verb handlers can then perform appropriate actions local to the F5 devices or across the distributed data center. An iControl LX extension is an extensibility point attached to a specific URI, enabling customer-provided JavaScript/Node.js code to run in the context of the BIG-IP/iWorkflow control plane extending the REST API with additional services. You can extend existing F5 REST APIs as well as convert your own services into multiple extensions that are run on F5’s control plane.
BIG-IP and iWorkflow provide a service named restnoded. This service runs as a node.js daemon that enables you to write your extension’s source files using the JavaScript language. The restnoded service is also compliant with iControl REST to enable you to create extensions that use iControl REST end-points. The restnoded service is integrated into the BIG-IP and iWorkflow logging infrastructure and can output logging statements to /var/log/restnoded/restnoded.log.
5- understanding the DNS load-balancing algorithms over the WIP, its a little bit tricky because the questions was asking about dynamic utilization and all LB over WIP are static.
6- How to deals with Burst on Cloud and also choosing the suitable licensing model.
7- APM SAML
8- Failover on the cloud (How, Where)
9- And finally some long exhibits you have to find best way not read them but to answer the questions related to them.
should check this very helpful article
https://devcentral.f5.com/s/articles/F5-High-Availability-Public-Cloud-Guidance
When failover methods use API calls, the results are dependent upon the cloud provider processing that request, how fast, and in what fashion (bulk, sequentially). We use the F5 Cloud Failover Extension (CFE) for BIG-IP failover with the API method. I suggest you head over to the CFE page and take a look!
Key Findings:
Google API failover times depend on number of forwarding rules
Azure API extremely slow to disassociate/associate IPs to NICs (remapping)
Azure API fast when updating routes (UDR, user defined routes)
AWS seems reliable with API regarding IP moves and routes
https://www.restapitutorial.com/lessons/httpmethods.html
Restapitutorial (https://www.restapitutorial.com/lessons/httpmethods.html)
HTTP Methods for RESTful Services
HTTP methods tutorial on how to use them for RESTful API or Web Service.
last thing what is meant by N/E/S/W bound API, which direction is related to which action
This may help
https://docs.microsoft.com/en-au/archive/blogs/tip_of_the_day/tip-of-the-day-demystifying-software-defined-networking-terms-the-cloud-compass-sdn-data-flows
Tip of the Day: Demystifying Software Defined Networking Terms - The Cloud Compass: SDN Data Flows
what the different in "BYOL, PAYG and VLS " license?
https://www.f5.com/pdf/licensing/cloud-licensing-program-overview.pdf
---
-F5 Cloud Licensing Program: as other stated, this is the number 1 must to know topic, almost 20 out of 65
questions are licensing related, you have to understand the good/better/best license model (which BIG IP
module you can provision, etc....), as well as BYOL, PAYG and VLS models.
•
•
https://www.f5.com/pdf/licensing/cloud-licensing-program-overview.pdf
https://www.f5.com/pdf/licensing/good-better-best-licensing-overview.pdf
-Understanding of IaaS, PaaS, SaaS cloud models.
•
https://www.epsilonline.com/qual-la-differenza-iaas-paas-saas/
-Differences between cloud models (hybrid, public, private, etc...)
•
https://azure.microsoft.com/it-it/overview/what-are-private-public-hybrid-clouds/
-Understanding of AWS services related to F5: I suggest you to have a basic understanding at least of the following: EC2, S3, CloudWatch, ELB, CloudFormation.
-Understanding of how autoscaling works on AWS and how to use F5 in an autoscaling group.
•
https://clouddocs.f5.com/cloud/public/v1/aws/AWS_autoscaling.html
-Azure ARM templates: check out the F5 ARM Template for Azure on GitHub, 1NIC, 3NIC etc...
•
•
•
https://devcentral.f5.com/s/articles/deploy-big-ip-ve-in-microsoft-azure-using-an-arm-template-26128
https://github.com/F5Networks/f5-azure-arm-templates
https://github.com/F5Networks/f5-azure-arm-templates/tree/master/supported
-F5 CloudFormation templates for AWS: check them out.
•
https://devcentral.f5.com/s/articles/a-primer-on-f5-aws-cloudformation-templates-32612
•
https://github.com/F5Networks/f5-aws-cloudformation
-Highly suggest you to deploy at least one VE for both AWS/Azure, you need to understand how first access
works (on both AWS and Azure).
•
•
https://clouddocs.f5.com/cloud/public/v1/aws_index.html
https://clouddocs.f5.com/cloud/public/v1/azure_index.html
-F5 VE sizing: check out the various instances where you can deploy VE on both Azure/AWS, how many
cores are needed to provision every combination of BIGIP modules (LTM+AFM, LTM+APM+ASM, etc....).
•
https://support.f5.com/csp/article/K14810 - good article
•
https://clouddocs.f5.com/cloud/public/v1/matrix.html
-N/E/S/W-bound API model: know which directions is related to which action.
https://community.f5.com/t5/technical-articles/wils-the-data-center-api-compass-rose/ta-p/283999
NORTHBOUND
The northbound API in an SDN architecture describes the APIs used to communicate with the controller. In a general sense, the northbound API is the interconnect with the management ecosystem. That is, with systems external to the device responsible for instructing, monitoring, or otherwise managing the device in some way.
Examples in the enterprise data center would be integration with HP, VMware, and Microsoft management solutions for purposes of automation and orchestration and the sharing of actionable data between systems.
SOUTHBOUND
The southbound API interconnects with the network ecosystem. In an SDN this would be the switching fabric. In other systems this would be those network devices with which the device integrates for the purposes of routing, switching and otherwise directing traffic.
Examples in the enterprise data center would be the use of OpenFlow to communicate with the switch fabric, network virtualization protocols, or the integration of a distributed delivery network.
EASTBOUND
Eastbound describes APIs used to integrate the device with external systems, such as cloud providers and cloud-hosted services.
Examples in the enterprise data center would be a cloud gateway taking advantage of a cloud provider's API to enable a normalized network bridge that extends the data center eastward, into the cloud.
WESTBOUND
Westbound APIs are used to enable integration with the device, a la plug-ins to a platform. These APIs are internal-focused and enable a platform upon which third-party functionality can be developed and deployed.
Examples in the enterprise data center would be proprietary APIs for network operating systems that enable a plug-in architecture for extending device capabilities beyond what is available "out of the box."
•
https://etherealmind.com/northbound-api-southbound-api-eastnorth-lan-navigation-in-an-
openflow-world-and-an-sdn-compass/
-Curl and SSH: there are questions strictly related to CURL and SSH syntax, guess you use them on a daily
basis but give it a little refresh.
•
•
•
https://curl.haxx.se/docs/manpage.html
https://curl.haxx.se/docs/manual.html
https://www.ssh.com/ssh/command
-F5 API: know the syntax of F5 REST API and I mean the classic ones /mgmt/tm/etc... no mentioning of AS3
at all (I guess it didn't even exist when the exam came out). And know the differences between the various
methods (PUT, POST, PATCH).
•
•
•
https://clouddocs.f5.com/api/icontrol-rest/
https://devcentral.f5.com/s/seriesarticlelist?id=aBy1T000000boaXSAQ
https://devcentral.f5.com/s/articles/icontrol-rest-101-modifying-objects
-Knowledge about the Viprion Platform: understand how vcmp works, how to deploy guests and sizing as
well.
•
•
https://f5.com/education/training/free-courses/getting-started-with-viprion
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/vcmp-administration-
viprion-13-0-0/1.html
-knowledge about Authentication protocols: know how to configure SAML with APM and understand
how SAML and OAuth works.
•
•
•
•
https://clouddocs.f5.com/training/community/iam/html/class1/class1.html
https://clouddocs.f5.com/training/community/iam/html/class2/class2.html
https://en.wikipedia.org/wiki/SAML_2.0
https://en.wikipedia.org/wiki/OAuth
+ good number of scenario-based questions like what’s the best solution here, how to reduce costs there
----
Hi guys, I have passed 402 yesterday. There's so many questions related to F5 deployment and how is F5 networking in cloud environment (public, private, hybrid), vCMP, F5 cloud licensing (payg, byol, vls) and its application. Including the good, better, bundle...
****
All I have to say about the exam is you need to know about difference between Virtual Edition, vcmp, route domain differences and license types (good-better-best). And you must have deployed and used f5 at least a few times in the cloud.
During the preparation process, I reviewed F5 cloud documents and AWS installations.