BLOG | NGINX

在不影响速度的同时保护云原生应用

NGINX-Part-of-F5-horiz-black-type-RGB
Jenn Gile 缩略图
Jenn Gile
Published November 04, 2020

Organizations are rapidly adopting cloud‑native app delivery – 27% of organizations plan to deploy more than half of their apps in the cloud by the end of this year and by 2022, 35% of all production apps will be cloud native, according to the API management survey that NGINX commissioned from IDC for 2019. The drive to cloud migration and cloud‑native app development unlocks IT agility and exceptional digital experiences for customers. And yet cloud‑native app delivery comes with challenges of security, visibility, and control. Why do these challenges persist? We’re seeing several drivers.

Risks of Cloud-Native App Delivery

Here are some of the pain points we observe in cloud‑native app delivery:

  • Cloud‑native app delivery causes tool sprawl and offers inconsistent enterprise‑grade services

    Apps hosted in the cloud are considered more difficult to manage than on‑premises apps, not because security and visibility options are worse, but because they are different. Since we can no longer rely on ring‑fenced security, we must use cloud‑friendly tooling to build security into the lifecycle of each app. However, that tooling varies from cloud to cloud, with differing levels of quality and numbers of features making visibility and control inconsistent across clouds. Although cloud architectures are critical to supporting digital business efforts, they result in a corresponding explosion in complexity due to tool sprawl.

  • Cloud‑native app delivery costs can be unpredictable and expensive

    Conventional wisdom says that public clouds are cheaper than on‑prem deployments because infrastructure management is delegated to cloud providers – goodbye servers! Yet 82% of enterprises ranked “spend” as a top challenge in the cloud. Why? Because it’s hard to know what your deployment is going to cost until after it’s been built. Often the services must be compiled in a piecemeal fashion and many products carry bloated code that increases costs. Some clouds require you to pay for both incoming and outgoing traffic. And of course, while the tooling offered by a specific cloud provider might meet your needs today, if you move an app to a different cloud you might have to scrap your technology investment and start from scratch.

  • SecOps struggle to protect cloud‑native apps and are at odds with DevOps

    Most organizations report a skill gap in security and struggle to fill security roles despite the high unemployment and economic recession caused by COVID‑19. Even with adequate staffing, SecOps teams struggle to keep up with the breakneck app release cadence that has become typical. Tool sprawl presents a steep learning curve, leading to inconsistent policies and difficulty remaining compliant with regulations. And so SecOps becomes the villain, with DevOps viewing them as a major constraint on the ability to deliver software quickly. Shadow IT and vulnerabilities become the norm. Security is sacrificed to achieve speed.

How NGINX Can Help

We’ve painted a rather gloomy picture of cloud‑native app delivery, but at NGINX we see a bright future. From self‑service provisioning to turnkey environments, our offerings help you migrate your apps, integrate your environments, and automate your toil. With the NGINX Application Platform, you can:

We Reduce Tool Sprawl and Provide a Standard Set of Services

To simplify your stack and implement standard, enterprise‑grade services across a hybrid‑ or multi‑cloud environment, you need a cloud‑agnostic solution that provides the same services across all your environments. The NGINX Application Platform does just that.

  • NGINX Plus with NGINX App Protect – The only all-in-one load balancer, reverse proxy, and API gateway with WAF. Operate standalone or integrate with public cloud services to enable high‑performance app delivery while protecting your apps from a range of threats including the OWASP Top 10 and beyond.

  • NGINX Ingress Controller with NGINX App Protect – The best-in-class traffic management solution for containerized, cloud‑native environments. NGINX App Protect is embedded in NGINX Ingress Controller, moving WAF protection closer to apps and eliminating the need for a separate WAF device.

  • NGINX Controller – Visibility and control of your NGINX Plus instances across your cloud and on‑prem environments. The Controller App Security add‑on (currently in beta) enables SecOps to protect apps and APIs across multiple clouds.

We Reduce Complexity and Cost Without a Performance Penalty

To accurately forecast spend and save money in the cloud, it’s not enough just to simplify your stack with a cloud‑agnostic solution. You also need solutions that don’t hog CPU or slow down your apps. It’s tricky to find all-in-one solutions that meet these criteria, but NGINX does.

  • Lightweight with low latency – NGINX lowers total cost of ownership because our data plane is the smallest and fastest on the planet. Once you’ve purchased NGINX Plus with NGINX App Protect, there are no additional costs beyond paying for the cloud instance where they’re hosted. NGINX App Protect outperforms other WAFs, providing improved security without impacting performance.
  • Private offers – Save 10% to 20% annually by negotiating a custom price for NGINX Plus with NGINX App Protect. This is currently available on the AWS Marketplace and we expect to extend private offers in Azure and Google Cloud Platform in 2021.

We Make Security Easy and Bring Teams Together

SecOps can turn from villain to hero in the eyes of DevOps by making security easy and pain‑free. The final step, after simplifying your stack and selecting cost‑effective solutions, is to enable automation of security. With CI/CD‑friendly tools and self‑service app management, NGINX helps you bridge the divide between SecOps and DevOps.

  • CI/CD integration – NGINX solutions can be incorporated into DevOps workflows using APIs and are compatible with popular tools including Ansible, Chef, and Puppet. DevOps can rapidly deploy load balancers, DNS, and security while allowing NetOps and SecOps to retain control over enterprise‑wide networking and security for business‑critical apps.
  • Self‑service – NetOps and SecOps teams can establish guardrails (not gates) by setting up preapproved parameters, allowing developers to manage their cloud‑native services and apps without impacting other teams, safely giving the option to share infrastructure resources without outages.

Cloud Marketplace Options

Today you can bring your own NGINX licenses (BYOL) to the cloud of your choice, or purchase NGINX Plus (with or without NGINX App Protect) directly from the AWS, Azure, and Google Cloud Platform marketplaces. In 2021, we plan to offer NGINX Plus, optionally with NGINX App Protect, in additional cloud marketplaces and release NGINX Ingress Controller with NGINX App Protect on several container marketplaces.

Ready to Try NGINX in the Cloud?

Start 30‑day trials of NGINX Plus with NGINX App Protect and NGINX Controller, check out the documentation (AWS, Azure, Google Cloud Platform), and enroll in the instructor‑led class Intro to NGINX App Protect.

Contact us to learn how we can help with your cloud strategy and see if a private offer is right for your organization.


"This blog post may reference products that are no longer available and/or no longer supported. For the most current information about available F5 NGINX products and solutions, explore our NGINX product family. NGINX is now part of F5. All previous NGINX.com links will redirect to similar NGINX content on F5.com."