F5 NGINX Unveils New Open Source Subscription
July 2023 by Marc Jacob
F5 NGINX has announced a new subscription option that adds enterprise-level capabilities and support to the hugely NGINX Open Source web server, which currently powers over 400 million websites.
The Open Source Subscription1 is a bundle that includes enterprise support to navigate regulatory requirements, enterprise features to address a wide range of traffic management and identity use cases, as well as fleet management for risk reduction via simplified NGINX administration.
Accelerating patches and fixes
One of the main benefits of bringing enterprise support into the mix is the ability to initiate timely patches and fixes.
A common vulnerability with any open source software (OSS) is the time it can take to address Common Vulnerabilities and Exposures (CVEs) and bugs, which without support can take weeks, or even months.
Open Source Subscription customers get immediate access to patches and fixes, proactive notifications of CVEs, and more, including:
• Security patches in the latest mainline and stable releases
• Critical bug fixes in the latest mainline release
• Non-critical bug fixes in the latest or a future mainline release
Staying ahead of regulatory compliance
Regulatory compliance is another notable challenge across the industry, and an increasing number of companies and governments are concerned about software supply chain issues. Many are adopting the practice of building a software bill of materials (SBOM) to reduce risk.
However, as the SBOM concept matures, regulators are starting to require patching "on a reasonably justified regular cycle", with timely patches for serious vulnerabilities found outside of the normal patch cycle.
With the Open Source Subscription, NGINX Open Source instances can meet any organisation’s OSS software requirements by demonstrating due diligence, traceability, and compliance with relevant regulations – especially when it comes to security aspects.
New levels of confidentiality
Getting good support requires sharing configuration files. However, sharing configs with a community member or in forums, can expose organisations to security vulnerabilities (or even breaches). Just one simple piece of NGINX code shared on Stack Overflow could offer bad actors insight into how to exploit your apps or architecture.
The Open Source Subscription grants direct access to F5’s team of security experts to ensure configs stay confidential.
Enterprise Features Via Automatic Access to NGINX Plus
The Open Source Subscription also provides direct access to NGINX Plus at no added cost. Organisations can now choose when to use NGINX Open Source or NGINX Plus based on specific business needs.
NGINX Plus handles advanced use cases and provides out-of-the-box capabilities for load balancing, API gateway, Ingress controller, and more. Many current F5 customers use NGINX Plus for business-critical apps and APIs that have stringent requirements related to uptime, availability, security, and identity.
NGINX Plus can also:
• Reduce latency and outages with session persistence, high availability, and active health checks
• Update configurations without a reload using dynamic reconfiguration
• Easily troubleshoot issues via real-time monitoring, native OpenTelemetry, and over one hundred additional metrics exportable to your favourite monitoring tools
• Implement API gateway use cases, such as rate limiting
Fleet management with Instance Manager
Finally, the Open Source Subscription includes NGINX Management Suite Instance Manager, which enables you to centrally inventory all NGINX Open Source, NGINX Plus, and NGINX App Protect WAF instances to ease configuring, securing, and monitoring your NGINX fleet.
By getting an accurate count of instances in any environment, including Kubernetes, organisations can:
• Monitor inventory instances and discover software versions with potential CVE exposures
• Learn about configuration problems and resolve them with a built-in editor that leverages best practice recommendations
• Visualise protection insights, analyse possible threats, and identify opportunities for tuning your WAF policies with Security Monitoring
With Instance Manager, customers can also track, manage, and deploy SSL/TLS certificates on instances (including by finding and updating expiring certificates) and rotate the encryption keys regularly (or whenever a key has been compromised).
In addition, Instance Manager provides events and metrics data that helps to collect valuable NGINX metrics and then forward them to commonly used monitoring, visibility, and alerting tools via API. In addition, you can get unique, curated insights into the protection of your apps and APIs, such as when NGINX App Protect is added.