NGINX Melds Open Source Tools into an Enterprise Platform
NGINX has offered a number of very popular open source and enterprise tools for proxy servers, covering Ingress controllers, WebAssembly and other computing technologies. However, this research- and development-oriented organization has also decided to perhaps introduce some discipline into correlating its different offerings into a platform through an API. Hence, the introduction of NGINX One, a pay-as-go enterprise SaaS offering now in preview for early access users.
Just to be clear, this is not another single pane of glass, but an attempt to not only regroup NGINX’s different offerings into a single template. It also facilitates the adoption of NGINX tools with templates it provides. At the same, it offers a path to the parent company F5‘s multicloud management services. Additionally, NGINX aims to extend beyond its platform to include other options, such as observability, multicloud and on-premises and security tools. As NGINX’s popular data plane and other tools mature, so does the company as it begins to pull everything together into a more comprehensive platform that also remains open and compatible to avoid that dreaded vendor lock-in.
“We need to move beyond just a pure developer experience into a more holistic view and really start to consider what we need to deliver to make developers and enterprises successful: How do we integrate with the tooling they have and ensure we can distribute a security policy and posture across the entire enterprise? How do we ensure that our customers have recent instances without vulnerabilities?” Shawn Wormke, general manager of NGINX, told The New Stack during a demo of NGINX One. “These are all important considerations. At the same time, we must integrate with larger enterprise systems.”
The issue NGINX hopes to help organizations solve is how to help solve the unwieldiness that an organization might face when attempting to manage many different tools and platforms and APIs that their users rely on. “Customers often mention having hundreds if not thousands of instances running in their enterprise environment. They might not know what they’re doing, where they’re at, if they’re configured securely, or how to optimize them,” Wormke told The New Stack. “What we’re really focused on is bringing visibility and observability, along with some recommendations for your NGINX estate to be more efficient as you bring it into production.”
Indeed, the proliferation of distributed microservices applications running on Kubernetes clusters across various cloud locations has led to large numbers of informal deployments of NGINX instances for specific apps and use cases, Torsten Volk, an analyst for Enterprise Management Associates (EMA), said. The trend toward deploying large numbers of single-purpose Kubernetes clusters has further fueled the perceived need for dedicated load balancers, reverse proxies, API gateways and ingress controllers that are custom-configured based on specific requirements in terms of performance, scalability and security, Volk said.
“NGINX One addresses the ugly downside of the uncontrolled growth of NGINX instances by providing a unified management platform that provides central control over the deployment, configuration and monitoring of NGINX instances across Kubernetes clusters, clouds and apps,” Volk said.
Specifically, the NGINX One interface will be provided in the generally available release slated for launch by September — as F5 customers use and test it ahead of the release date and new features are added as it is further developed — NGINX Plus, NGINX Open Source, NGINX Unit, NGINX Gateway Fabric and Kubernetes Ingress Controller. For the F5 made available with the NGINX One interface, security and network capabilities will be made available through F5’s WAF (web application firewall) engine (“OneWAF”) to allow organizations to migrate the same policies they were using in BIG-IP Advanced WAF to NGINX App Protect without having to add an additional content delivery network layer, Wormke wrote in a blog post.
“One thing about NGINX that is particularly interesting is its focus not only on NGINX and enterprise developers but also on distributed cloud in F5 Distributed Cloud. This enables us to connect other enterprise products and systems, such as secure multicloud networks, creating a true hybrid multicloud environment,” Wormke told The New Stack. “We can securely connect these without worrying about the underlying cloud networking components, simplifying the process for our users.”
Are You Experienced?
What will not change for the developer is the NGINX experience they are familiar with, Wormke said. “We wanted to ensure that developers can still use open source, place it next to their applications, and get started in familiar ways,” Wormke told The New Stack.
However, as the application matures and moves from the experimental lab into production, developers can attach the necessary tools they require, for observability and security. “They can choose whether to upgrade to NGINX Plus or not,” Wormke told The New Stack. “Even if they stick with open source, they can still leverage these tools needed for success in production, something not possible before.”
NGINX One is indeed not just “another single pane of glass,” as it can provide a universal set of management APIs to gain visibility, observability, and overall compliance control across any number of complex app environments, Volk said. “These APIs could be directly integrated with CI/CD tools, cloud management platforms, monitoring tools or infrastructure as code platforms for corporate IT to proactively establish operational consistency and compliance, Volk said.
Again, the idea is not to force users to adopt NGINX tools or F5’s cloud resources. “We’re making it easier for developers by focusing less on forcing them into our way of doing things and more on integrating with the systems and processes they’ve already chosen. Instead of predefined and narrow use cases, we’re moving to a templating engine, allowing security teams to create security templates that developers can merge with their development,” Wormke said. “This can then be applied directly to the instances, ensuring standards compliance while still allowing freedom in development.”
Users can continue to rely on other tools, such as Grafana or large data aggregation products, so that, with an available API, users can export data into their own tools. “As AI evolves, you’ll also be able to pull insights from these tools,” Wormke said. “This approach bridges the gap between the capabilities that NGINX offers and the workflows and value that an enterprise company expects when bringing applications to production.”
Hands-on
As Jason Clopper, senior product manager at F5 NGINX, showed during the demo, NGINX hopes to help reduce the complexity and challenges of connecting NGINX tools, F5 cloud and network resources and other tools and platforms that organizations might use. For the user lacking experience with a particular tool, the NGINX One template is designed to help shorten the learning gap.
“We often encounter many folks who love the footprint or features of NGINX but are new to it, and they may find the configuration file daunting or getting into those weeds a little tricky. We aim to help them achieve their business outcomes quickly, providing them with the current value they need rapidly,” Clopper told The New Stack. “This approach allows them to get set up quickly and then gradually become more comfortable and advanced as they progress. We’re here to guide them through that journey, helping them accomplish their goals and eventually turning them into experts over time.”
To onboard users, Clopper showed how to add an instance and then a data plane key that allows the user to authenticate, and to a tenant. Or, if the user has an existing instance, Clopper showed how it can be added. He also showed how the curl command works when running a VM and “you just want to one-click run the curl command, copy-paste it,” Clopper said. “It’ll connect the instances and configure it to connect to the service with your data plane key, and you’re done.”
For observability, the main dashboard aggregates all instances for visibility in a single interface. Three statuses are displayed: online, offline and unavailable. Online means, as Clopper showed during the demo, that the agent “is talking to us and NGINX is up and running, while offline means the agent is talking to us but NGINX is not up and running,” Clopper said. “Unavailable means that you want to dig into what available means if the event’s knocked out.”
