f5 big-ip cloud edition channel sales playbook big-iq management* • ease of use and self-service...
TRANSCRIPT
F5 BIG-IP Cloud EditionChannel Sales Playbook
Value to Partners
Understanding the Market and Customer Challenges
What is BIG-IP Cloud Edition
Discovery questions & Objection Handling
F5 vs. Competition
Key Use Cases & Selling motion
Buying Options; Resources & Next Steps
Enhanced BIG-IQ Management*
• Ease of Use and Self-Service
• Application Level Analytics
• AutoScale and Multi-Cloud Presence
Per-App VE
• Dedicated
• Right-sized
• Industry-Leading ADC & WAF
BIG-IP Cloud Edition is a bundled solution composed of Per-App VEs and the
enhanced manageability of BIG-IQ, delivering dedicated, right-sized F5
Application Services.
• •
•
Valueproposition
Targetapplications
Target customer segment
Target buyer (influencers)
Business / licensing model
Virtual Edition
Best-in-class F5 Application
Services for traditional applications
Mission-critical and high-TCO
traditional apps, deployed on-
premises or in (virtual) private
cloud
Large Enterprise and Service
Providers
NetOps (SecOps)
Perpetual and subscription
packaged software
Cloud Edition
Best-in-class per-app F5 Application
Services for (virtual) private & public
cloud applications
Moderate-TCO traditional apps,
deployed on-premises or in (virtual)
private cloud
Large Enterprise and Managed
Service Providers
NetOps (SecOps, DevOps)
Perpetual and subscription packaged
software
• Pricing aligned to per-app
deployment model
• F5 ELA & Subscription
licensing reduces
consumption friction
• Select the appropriate
performance level
• Scale out with additional
Per-App VE instances as
needed
• No overprovisioning
• Up to 50% reduction in
spin-up time for LTM
• Up to 40% reduction in
spin-up time for WAF
• 40% - 50% Smaller Disk
Image size
• Reduced CapEx / OpEx
costs
Cost Effective
Licensing ModelDeploy Only What
You NeedSlimmed Down
VE Platform*
*- Applies to both Per-App VE and Standard VE
• F5 PAYG, ELA, &
Subscription licensing
reduces consumption
friction
• Subscription and ELA
enable growth in yearly
net-new revenue bookings
• Opportunity for partner-led
professional services
• Drive net-new pipeline
from new apps or apps that
aren’t using BIG-IP today
• Lower cost will drive larger
deal sizes due to higher
unit count
• Displace potential
competitors
• Capture more IT spend
transitioning to private or
public cloud projects
• Same F5 app services
simplifies sales motion
• Attractive solution for
customers considering
competitive vADCs
Larger &
Longer DealsDrive Account
Sales Growth
Smooth Transition
to Cloud
BIG-IP Cloud Edition Drives Partner Services
• Installation & Configuration of BIG-IQ 6.0+
• Training / Transfer of Information (ToI)
• Including BIG-IQ 6.0 with new features and pricing (for CE only)
Installation/Configuration
TemplateBuilding
API Integration
• Building & testing templates for LTM & Advanced WAF
• Documentation (compliance) & training on developed templates
• Integration of BIG-IQ with 3rd party Orchestration & Management Apps
• Training / Transfer of Information (ToI) to customer
AnnualReview
• BIG-IQ Upgrade / Optimization
• 3rd party Compliance & documentation review
Utilize your F5
Super-NetOps
training!
Explosion In Apps Demands
Scalable Operations
• New app growth will increase 19%
CAGR by 20211
• Enterprises have on average 200
apps2 and smartphone users have
more than 80 apps on their phone3
App Teams Require Fast
Time to Market
• 40% of IT spend on apps today are
based on DevOps Model6
• More than 70% of configuration and
deployment steps are automated6
Verizon 2017 Data Breach Investigations Report
Shape 2017 Credential Spill Report
Increasing Web Application
Attacks
• 36% polled had less than 25% of
their apps protected with a WAF.2
• Web App Attacks are the #1
Source of Data Breaches (29%)4
• 3B Credentials Reported Stolen in
20165
1Source: Cisco Global Cloud Index (2016 – 2021)2Source: F5 2018 SOAD Report 5Source: Techcrunch Jan 17 2018 article
6Source: F5 2018 SOAD Report and
2017 State of DevOps Report
IT Is Unable To Support Business Growth At Scale
Explosion In Apps Requires
Scalable Operations
• Inability to deploy and scale app
services efficiently
• Lack of visibility into each app’s
availability and health
App Teams Require Fast
Time to Market
• Multi-tenant app services model
inhibits flexibility and control
• IT-dependency and security
requirements slow time to service
Increasing Web
Application Attacks
• Every unprotected app is a
potential security vulnerability
• Compliance gaps due to non-
standard policies
© F5 Networks | CONFIDENTIAL
The solution: NetOps Collaboration Adapt Quickly To Automate and Deliver App Services To Customers
Frictionless Access
And Right-Sized Offers
• Fast and flexible instantiation
• Faster development & deployment
• Better alignment to capacity needs
with autoscale
Agility and
Per-App Visibility
• Self-service deployments that
conform to corporate standards
• Simplified upgrades
• App-centric performance and
analytics
Development Integration
and Openness
• Private or Public cloud platform
support
• Deployment without deep
domain expertise
• Greater automation through
published REST APIs © F5 Networks | CONFIDENTIAL
Dedicated Services
For Apps
Easiest To Use
And Operate
Cost Effective Services
For Next Tier Of Apps
Best Protection
For More Apps
Self-Service
For App Team
Agile
App Services
AutoScale
When Needed
On Demand
Scalability
1 2 3 4
Dedicated Services
For Apps
Easiest To Use
And Operate
Cost Effective Services
For Next Tier Of Apps
Best Protection
For More Apps
Self-Service
For App Team
Agile
App Services
AutoScale
When Needed
On Demand
Scalability
1 2 3 4
• Industry-leading dedicated traffic management and app
protection for existing apps
• Right-sized to enable per app deployment of services
• Upgrades and config changes tailored for each app reduces
change window friction for each business unit
• Isolation of service failure reduces impacts to business
operations
• Fast issue resolution with granular per-app analytics fpr app
teams
Break down barriers to deploying app services faster1
L7 Traffic Mgmt
and App Protection
(LTM, Adv. WAF)
Per-App vADC
App N
App 2
App 1
CE
CE
CE
• Quick dashboard view of applications
• Drill down to specific app
• App health, performance stats, and security statusUI subject to change
Drill Down To App Health, Key Metrics and Events/Alerts
1
UI subject to change
Fast issue resolution with granular per-app analytics
Dedicated Services
For Apps
Easiest To Use
And Operate
Cost Effective Services
For Next Tier Of Apps
Best Protection
For More Apps
Self-Service
For App Team
Agile
App Services
AutoScale
When Needed
On Demand
Scalability
1 2 3 4
Customer Scenario #2 – New Apps Without F5
© 2017 F5 Networks 23
Security risk with no app protection, every app is a potential vulnerability
NetOps/SecOps says….
F5 Sales Response…..
“I would like to add
F5 in front of more
apps, but I have
limited resources
and BIG-IP is too
complex…”
“…and we need a
solution that we
can give them at a
competitive cost”
2
“I need to be more
responsive to app teams.
I’m worried that they will
use a less capable
solution that is difficult for
me to manage and
support once it’s deployed
in production…”
“ I am worried about
protecting all the apps and
there are non-compliant
apps being developed by
the app teams. This could
end up being a major
security risk..”
• You can now simplify your
operations while enabling increased
scale
• F5 offers right priced licensing &
right sized platforms
• Let us show you how template
driven deployment can standardized
security & compliance.
• Only F5 enables app teams to
deploy advanced app security with
compliant policies in seconds
• Consistent traffic management and app protection for all apps
• Cost effective F5 app services for the next tier of apps
• Right-priced licensing and right-sized platform
• Advance protection for all apps with Gartner MQ leader in WAF
• Easy to deploy for app teams with pre-built app templates and
approved security policy, reducing complexity and time to market
• Improved productivity with automated provisioning by app teams
Remove barriers to deploying F5 services for more and new apps1
L7 Traffic Mgmt
and App Protection
(LTM, Adv. WAF)
Per-App vADC
App N
App 2
App 1
CE
CE
CE
Reduce Security Risk For All Apps
Protect All Applications
• Prevent attacks, takeover, or data exfiltration through
unprotected web and mobile apps
• Stop L7 DDoS attacks that impact app performance
and availability
• Centralize polices and audit logs ensure consistency
for compliance reporting
Advanced Protection: Stop New, Evolving Attacks
• Only leading per-app advanced WAF to protect against
sophisticated attacks
• Policy builder auto-tunes blocking for a wide range of attacks
• Proactive bot detection and mitigation
• Prevention of credential theft and stuffing
Mobile
Bot Mitigation
Credential Protection
App-Layer DoS
Hacker
Anti-bot
Mobile SDK
Bots
BIG-IP Cloud Edition
Advanced WAF
Userscredentials
Advanced Protection For More Applications
BIG-IP Cloud Edition
Advanced WAF
CEAdv WAF
CEAdv WAF
CEAdv WAF
Dedicated Services
For Apps
Easiest To Use
And Operate
Cost Effective Services
For Next Tier Of Apps
Best Protection
For More Apps
Self-Service
For App Team
Agile
App Services
AutoScale
When Needed
On Demand
Scalability
1 2 3 4
Customer Scenario #3 – App Team Want Self-Service
© 2017 F5 Networks 27Company Confidential
NetOps reluctant to give App teams access to BIG-IP or for them to use other products
F5 Sales Response..
“I’m being
overwhelmed with
change requests
and basic tickets is
taking more and
more of my time, I
can’t scale…”
NetOps/App Owner says….
3
“I need to provide more
responsive service to the
application teams so that
they don’t bypass us or
not follow our policies…”
• F5 can now provide simple
application specific dashboards
for app teams to view and
manage their apps.
• You can deploy our services
simply via dashboard GUI or
automatically via single API.
• You (NetOps) can offer a service
catalog providing simple to use
predefined application services
“I want to deploy, upgrade
and manage my apps on
my schedule. I want to be
able to monitor the
performance/health and
troubleshoot issues myself”
“I want to offer App teams
simple self-service that is
easy to use and enforces
the compliant levels of
security across all of our
applications”
•
•
•
•
•
•
Self-Service Provisioning In Seconds
3
NetOps/SecOps Publishes Adv WAF Policies For Specific Apps
UI subject to change
•
•
”Published” security policies
Enforces the selected WAF policy for this template
List of WAF policies
3
Dedicated Services
For Apps
Easiest To Use
And Operate
Cost Effective Services
For Next Tier Of Apps
Best Protection
For More Apps
Self-Service
For App Team
Agile
App Services
AutoScale
When Needed
On Demand
Scalability
1 2 3 4
Customer Scenario #4 – Scale and Upgrade On Demand
© 2017 F5 Networks 31Company Confidential
No need to overprovision and traditional in-place upgrades go away
F5 Sales Response..
“I cannot accurately predict
the required F5 resources
for each application. This
means I must over provision
services for every
application we support. …”
“…and I want
to pay for it all
when needed”NetOps says….
4
“It’s difficult to
automate and
orchestrate our F5
services based on
application load…”
• With BIG-IP Cloud Edition, we now
provide simple right sized solution that
can auto-scale when more capacity is
needed.
• Also, F5 provides rolling upgrades
that align to “Pave & Nuke” model.
Spin up new instance running latest
code and delete old instance.
• F5 offers ELA or Subscription
consumption model providing
maximum flexibility and aligns to
OpEx model.
“I need a more
flexible, cost effective
way to scale our
application services
deployments…”
On Demand Scalability With No Need To Overprovision
32
• Quick response to increased load with auto-scaling
of app services and security
• Auto-scale based on threshold policies
• Once traffic peak subsides, additional instances are
spun down
Autoscaling options:
• Template-based autoscaling policies
• Trigger based on CPU, memory, throughput - in/out
• Manual scale-out for pre-planned events
• Supported in VMware and AWS*
L7 Traffic Mgmt.
+ App protection
(LTM, WAF)
Per-App
App
CE
CE
CE
© F5 Networks | CONFIDENTIAL
4
* - Additional environments planned
•
•
•
• *
Automatic Scale Out
UI subject to change* - Additional environments planned
Initiate manual Scale Out
Select Trigger Metric
4
34
L7 Traffic Mgmt.
+ App Protection
(LTM, WAF)
Per-App
App
Traffic
Distribution
•
•
•v13.1
Traditional In-Place Upgrades Go Away
v14.1
CE
CE
© F5 Networks | CONFIDENTIAL
* - Additional environments planned
4
Outbound Marketing
Is There Need For Per-App Services?
Sell Cloud Edition Value
Position Cloud Edition To App Team
Stress ‘teamwork + Security’ in conversations with NetOps and App Teams
1 2 3
Talk to NetOps
• Discuss per-app architecture
model and benefits
• Identify existing apps without
BIG-IP in front of them or
new apps
• Introduce Cloud Edition with
OpEx consumption models
• Discuss how CE will help
build bridge and teamwork
with App Teams
Review Enhanced
Manageability and Analytics
• Dedicated per-app services
• Respond to app team
requests
• Maintain control, including
security
• Analytics for troubleshooting
• Get intro to App Teams
Position Cloud Edition as
removing bottlenecks
• Self-service provisioning
• “Self-diagnostics” with per-
app visibility and analytics
• “No networking expertise
required”
• Position pre-built WAF
template with approved policy
for every app
•
•
•
•
•
•
•
NetOps/SecOps App Owners/Dev
Key Talking Points for NetOps & DevOps
Qualifying Question(s) Objective(s) of Question Your Response
Do you have challenges with consolidated
shared app services model (multiple apps
behind single BIG-IP deployment) for some
applications?
• Identify potential shift to per-app model
• Understand what specific issues they have (if any)
BIG-IP Cloud Edition enables you to provide dedicated app
services for your existing apps as well as other apps that don’t
have BIG-IP in front of them
Are your app teams demanding faster
response and deploying their own load
balancing products?
• Identify pain point and issues associated with
rogue app teams (shadow IT)
• Understand how they feel about Inconsistent
services
BIG-IP Cloud Edition enables you to provide self service catalog of
app services to app teams that you control and can
maintain/enforce approved policies.
What is your application protection strategy?
Do you protect all your apps or just some?
How do you decide what apps to protect?
• Understand types of apps existing and planned
• Identify app owners to target for conversations
• Understand their security posture related to all
their apps
Any app in your network can be a point of entry for the hackers.
Cloud Edition enables you to provide app protection for all your
apps via pre-built WAF template
Do you have traffic and security policies you
want app developers to use?
• Identify pain points around app layer security,
policy management & compliance
BIG-IP Cloud Edition enables you to create, propagate and
manage a single set of policies across all applications, from
development to production
Are you using app services? If so, what?
• Understand if they are using ADC or WAF and if
so, which apps
• Validate what clouds they are using
BIG-IP Cloud Edition includes traffic management and advanced
WAF for every app. Full lifecycle management and simple
deployment is initially available for VMware and AWS clouds, with
other cloud environments coming
What is important to you for these new apps?
What app services are you looking at and
how will you choose the solution?
• Understanding new buyer criteria. Sensitive to
cost/price or product capabilities?
F5 makes it easier to extend our app services for your new apps
that addresses both:
Price: BIG-IP Cloud Edition delivers ADC and WAF services for
each app in a cost effective model.
Product: F5 intelligent traffic management and Advanced WAF
provide capabilities not available with other products.
Objection F5 Response
F5 is too complex for App teams (“we don’t want them
to touch our BIG-IP”)
• Pre-built and custom app templates abstracts the complexity of deploying app services. Only specific
configuration options are exposed
• App teams can view and manage only their apps through simple to use App Dashboard that provides app
specific analytics and designated taks (take pool members up/down).
How will we manage all of
the per-app VEs?
• BIG-IP Cloud Edition delivers full lifecycle management including automatic spin up/spin down of VE
instances, provisioning, and configuration. Full visibility and analytics plus autoscaling are available
We have ‘good enough’ load balancing and security
with ‘X’ product so we’re fine
• F5 provides intelligent traffic management solution that is support more than web apps, more protocols, and
has granular programmability with both TCL and node.js scripting
• Does you WAF protect against bots that simulate human behavior, stolen account credentials, and L7
DDoS attacks
• F5’s web application firewall self learns and automatically builds rules and polices to protect from constantly
changing attacks.
Per app model is expensive compared to shared
services across multiple apps
• BIG-IP Cloud Edition pricing is aligned with per-app services including the most advanced WAF. The
enhanced manageability and self-service available for the app teams reduces your overall TCO. No need to
overprovision, so less upfront costs, you can autoscale more VE instances when needed.
BIG-IP VE is too resource hungry and will cost too
much to run in public cloud
• The new BIG-IP VE Images are smaller and faster to boot. F5 is planning on further reductions in future
versions
F5 does not support integration into our automation
and orchestration tools
• F5 will publish the key workflow APIs for integration to automation systems and we will provide example
Ansible playbooks
Objection F5 Response
The app team is considering using
AVI and they are easier to use, have
analytics, and autoscaling
• F5 now has easy to use, easy to operate advanced app services with
analytics/visibility and autoscaling
• AVI does not have enterprise ready traffic management capabilities
• AVI’s WAF is based on mod_security that has basic functionality and
can leave you vulnerable to attacks and compliance gaps
Avi has a more flexible licensing
model based on pool of resources
• F5 offers both subscription and ELA licensing models that provide
flexibility, predictable budget spend, and aligns to OpEx consumption
Why do you need a separate traffic
distribution device for autoscaling?
Avi’s SEs can do both?
• F5 considered many different designs for autoscaling, having an
explicit two tier model provides more flexibility, enables us to scale
beyond just 4 dataplane instances (Service Engines), and offer DDoS
protection (AFM add-on) to the traffic distribution device (Service
Scaling VE)
“This ADC delivers ‘basic’ traffic
management. You’re going to run into its
limitations quickly!”
• 3rd party plugins/modules and/or
customization required for advanced use
cases
• Built on OpenSSL which increases security
risk exposure
• No equivalent to F5 DevCentral which has
250,000 technical peers; provides
codeshares and Q&A assistance for
application services and security.
“This WAF is ‘Do-It-Yourself’ Protection.
You’ll need to manually tune it every time
applications are updated. Do you have
the expertise for that?”
• Manual deployment with high false positives
that cannot adapt to changing applications
• No option for WAFaaS or up-stream
signaling to combat large/sophisticated
attacks
Application Delivery Controller Web Application Firewall
“Avi Networks delivers ‘basic’ traffic
management. You’re going to run into its
limitations quickly!”
• Basic load-balancing services. Lacking basic
features required by most customers
• Built on OpenSSL which increases security
risk exposure and require constant patching
• No equivalent to F5 DevCentral which has
300,000 technical peers; provides
codeshares and Q&A assistance for
application services and security.
“Avi Networks WAF is basic WAF and
‘Do-It-Yourself’ Protection. No advanced
protection. You’ll need to manually tune
it every time applications are updated.
Do you have the expertise for that?”
• No protection against evolving, sophisticated
threats, automated web attacks (bots),
credential theft, and L7 DDoS
• Manual deployment with high false positives
that cannot adapt to changing applications
Application Delivery Controller Web Application Firewall
ELA/Subscription/PAYG Perpetual
BIG-IP Per-App Virtual Edition (LTM, Adv WAF)
BIG-IQ Management and Analytics *
Autoscale Unlimited VEsFixed number of pre-
purchased VEs
BIG-IP VE Service Scaling (Required For
Autoscaling in VMware) w/ optional AFM add-on
Contract Required
Min Purchase Min deal size requirements 20 Per-App VEs
Purchase Frictionless Individual RegKeys
Reporting required
© F5 Networks | CONFIDENTIAL
* BIG-IQ not offered as subscription
•
•
•
•
•
•
•
•
• OpEx Consumption Model
• Buy only what is needed
• Aligns to autoscale model
•
•
•
•
•
•
•
•
Align To Buyer’s Operational Needs
•
•
•
•
•
•
https://partners.f5.com/Solutions/Cloud/BIG-IP-CE
•
•
•
•
•
• Web-based training
•
•
•
•
Per-App VE VE
# of Applications Supported1 Virtual IP *
3 virtual serversNo Limit
App Services• LTM
• Adv WAF
GBB
(All app services)
Throughput Instances 25M, 200M25M, 200M, 1G, 3G, 5G,
10G, Hi Perf #
Consumption ModelsSubscription, ELA,
Perpetual, PAYG
Subscription, ELA,
Perpetual, PAYG
Code base (TMOS) Same
Ecosystem Support (Private/Public Cloud, Container
Integration)Same
BIG-IQ 6.0 & later – Visibility, Management & Analytics Same
* - 1 wild-card included in Virtual IP # - No license limitations on throughput