Posted by: psilva | July 5, 2016

Q/A with Yann Desmarest – DevCentral’s Featured Member for July


YD3Yann Desmarest is the Innovation Center Manager at e-Xpert Solutions SA and one of DevCentral’s top contributors. e-Xpert Solutions SA is a F5 Gold Partner, Unity Partner Support and a Guardian Partner. Yann has been a BIG-IP administrator for 6 years and enjoys basketball, table tennis, hacking, cinema and manga (especially Naruto).

And one of his favorite activities is developing complex iRules and that’s why he is DevCentral’s Featured Member for July!

We got a chance to chat with Yann about his work, his life and why he enjoys participating in the DevCentral Community.

DevCentral: Hi Yann. Thanks for your time. You’ve been a tremendous contributor to the DevCentral community over the years and wondered what keeps you involved?

Yann: I’m always looking for new challenges and DevCentral is a really good place to solve complex issues and to share knowledge and experiences with peers. It’s also a place that I can find useful information on iControl, iRules and iApps code.

DC: Tell us a little about the areas of BIG-IP expertise you have.

YD: At my earliest stage in the business world, I was involved on basic BIG-IP LTM projects. After some successful experiences, I wondered if I could rise up to another level and decided to learn BIG-IP ASM, APM and GTM modules as well.

Now, I think I’m pretty comfortable with all F5 BIG-IP modules but I’m clearly specialized in security and more precisely the authentication and WebSSO part delivered by BIG-IP APM.

I also acquired some development skills using iRules and iControl.

DC: You often participate and post in the Codeshare area – tell us about some of your favorite submitted iRules/iApps and how they work.

YD: I’ve had several requests to protect Microsoft Skype for Business Edge services against NTLM brute force and dos attacks. I decided to develop an iRule to intercept the encrypted traffic and identify NTLM authentication attempts on the SIP flow. Then, suspicious IPs and users are blacklisted for a duration that you can define in the RULE_INIT event.

I had also requirements to provide Client certificate authentication on Microsoft Exchange ActiveSync for Apple iOS devices. The main issue is that this kind of authentication requires a Mobile Device Management or Apple Configurator system. Deploying a full MDM for that need may be overkill so we developed an iRule that provisions the Exchange payload to the iOS device. The client certificate is retrieved using SCEP protocol. Now, with the availability of iRulesLX, I will be able to extend this feature to retrieve a certificate using third party APIs.

And finally my favorite is the APM Full Step Up Authentication iRule and Access profile that we published on DevCentral. I had a look at the Step-Up authentication feature on the APM v12.1.0 and found that it’s currently limited. I decided to develop my own configuration to make it more flexible and mainly to have this feature available for older BIG-IP versions. No doubt that my configuration will be deprecated in future releases because APM will enhance its own feature set.

I have many more iRules, iApps and iControl scripts to share with the community in the future.

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

logo_pantoneYD: I had a requirement to integrate APM with an iOS and Android mobile application. The application use SOAP body to POST credentials and a second factor was required for external users. I had to intercept the SOAP body to retrieve the username and password, then play those credentials through an external REST API web service and if the user is connecting from a public IP address, prompt the end user for a second factor that I send to a third party web gateway. This is a lot of peers and exchanges to integrate in the authentication process. I had also to implement full SOAP responses and handle errors. I consulted DevCentral and the iRules wiki to find how to use sideband connections, ifiles, ACCESS events and some crypto commands. Without the DevCentral community, I would not have been able to face this challenge.

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

YD: Computer science was part of my life since the very beginning. Later, I decided to be an IT expert, to solve complex challenges and to help people securing their environments. Now, I’m following my dreams and work hard to be a computer expert.

Just few words to thank all my colleagues and our F5 Field System Engineers that help me a lot to acquire more skills and experience on F5 technologies.

DC: Thanks Yann! Check out all of Yann’s DevCentral contributions and follow him @expertsolch

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: