Partner POV | Data Plane Management for Modern Apps

This article was written by Brett Wolmarans, Sr. Product Manager NGINX One at NGINIX, and was contributed by F5.

Applications have changed, and so has the way we think about managing applications.

We have moved from monolithic to microservices, from on-prem to cloud and past that to multi-cloud and hybrid. We deploy applications in Containers, running on Kubernetes. 

More and more of our application code is libraries and external APIs. We connect all our internal services via APIs and often managing the internal data plane (East-West)  is as challenging as managing the external connections (North-South). Of course, two enormous considerations are security and AI. 

Managing security has never been more complicated, with many more smaller applications, third-party APIs and code, and diverse infrastructure environments and architectures. For AI, an entirely new set of traffic patterns and security requirements have started to emerge. 

This is the application delivery landscape facing Platform Operations, Networking Operations, Security, and Development teams. 

A Management Manifesto

A key part of handling this new level of complexity at the data plane and application delivery level is ensuring that teams can manage all their application delivery infrastructure uniformly and with a unified core philosophy. 

This means application delivery management must incorporate all of the following:

• Non-opinionated and flexible — It will be easy to implement across the entire range of use cases (web server, reverse proxy, application delivery, Kubernetes/microservices, application security, CDN). Users should get what they want, where they want it, how they want it, and have the ability to change their mind whenever necessary. This future-proofs architectures and also removes the cognitive load of forcing users to learn new systems or add another tile or dashboard to their routines.
• Simple API interface — It will be easy to connect to any existing developer toolchain, platform, or system via RESTful APIs. This API will not only connect quickly and simply to other platforms but it will be used as both the governance and observability plane for all application delivery data.
• Scales quickly, easily, and affordably in any cloud environment — It will be cloud and environment agnostic, delivering data plane, app delivery, and security capabilities on any cloud, any PaaS or orchestration engine, and for function-based and serverless environments. If you can't scale it quickly, then it won't work in many cloud native use cases.
• Simplified security — It will make securing your applications in any environment easier to implement and manage, by making it easier to patch and update all code, and push new configurations. With so many security tools floating around, the application delivery tier should do its part of reducing sprawl and making the lives of everyone responsible for security easier.
• Intelligence for optimizing configurations — It will leverage all of global intelligence to offer intelligent suggestions on configuring your data plane, reducing errors, and increasing application performance. This will turn all users into experts, and leverage collective wisdom and best practices to improve knowledge transfer and skills, while powering automations where appropriate.
• Extensibility — It will be easy to integrate with other platforms for networking, observability and security, and application delivery, making it easier for network operations and security operations teams to secure and manage their technology estate without adopting new tools or workflows. The single pane of glass model is only one modality, but keeping flexible and extensible lets users define their product and consumption in ways that fit their needs.

The New Elephant in the Application Delivery Room: Compliance and Governance

A growing imperative for all technology organizations is ensuring that their infrastructure is in compliance with key regulations and laws. Aside from existing mandates like HIPAA and PCI-DSS, a new wave of mandates recently landed from the likes of the U.S. Security and Exchange Commission and the European Union with the Digital Operational Resilience Act (DORA). 

The cornerstone of all compliance and governance is identifying all instances running in your environments and their status. Ironically, this remains a challenge for many security teams and even for Platform Ops teams, who must corral developers deploying open source packages that may not be actively managed by the enterprise. 

To address this, technology teams must have robust software asset inventory capabilities, not only to detect what's running but also what version and the security status of those assets. 

The Future for Modern Apps is Bright and Centralized

The good news? Ongoing trends for how applications are built, with so many third-party components, and deployed, in so many different environments, organically forces technology teams to embrace the management and principles we lay out here.

The future of modern apps is unfolding rapidly, bringing both challenges and opportunities. As we navigate this complex landscape of microservices, multi-cloud environments, and Kubernetes deployments, the need for unified management becomes clear. Teams that embrace flexible, scalable, and integrated approaches to application delivery will be better positioned to succeed. 

This isn't just about keeping pace with technology—it's about leveraging it to create more secure, efficient, and innovative applications. The road ahead may be demanding, but for those ready to adapt and evolve, it offers the potential for significant advancements in how we build, deploy, and manage modern applications.

Leading by Example

An example of a new approach to thinking about management of modern apps is to re-imagine management tools. More and more, we are seeing management tools manifest in a Software-as-a-Service ( SaaS ) form-factor. And this small change can bring profound benefits.

Traditionally, in years past management tools lived in our environments, and while that brought certain advantages it also brought many headaches, stemming from using a tool to manage the same environments that tool lives in, is problematic.

Moving the management tool to SaaS means the uptime, care, and feeding of the management platform is somebody else's problem, and the Platform Team can instead focus on consuming the benefits without having the burden of maintenance. 

If you are looking for an actual specific example of this, F5's new NGINX One management tool is an enterprise tool that is open at no cost for teams to kick the tires on during the early access phase. 

As part of the F5 Distributed Cloud, NGINX One can be used to manage a fleet of NGINX instances, no matter how large or how small. 

Whatever approach we ultimately decide to take, we need to keep up with the changes happening around us to stay relevant. 

As Platform Operations, Networking Operations, Security, and Development teams, we are at a unique juncture where we have the rare chance to optimize the management architectures our organizations rely on.

Let's not waste the opportunity!