NGINX One Update: New Features Released

At NGINX, we pride ourselves on our CVE transparency and getting fixes out as fast as possible. Commercial solutions from many different vendors scan for unpatched CVE’s, including NGINX CVEs. Because NGINX is so widely deployed (top five most pulled images on docker hub), we wanted to give our customers an easy way to focus on and more easily fix CVE’s in their NGINX fleets.

To address this, we surface CVE’s in two ways in NGINX One. First, when added a “CVEs Detected” column to your instance list with color code indicating severity. This allows you to quickly identify where to put energy making fixes.

Before cloud computing, advanced users deployed clustering (using Layer 2 and Layer 3) to group multiple NGINX instances together, achieving high availability, load balancing, and scalability for web applications and services. With cloud computing, load balancing became table stakes. Layer 3 and Layer 2 failover mechanisms fell out of favor. However, the new cloud architecture did not solve the problem of maintaining identical configurations on NGINX instances. Equally challenging, in dynamic environments, simply finding which instances were serving which applications or services, as well as their corresponding IP, DNS and other relevant records, might require reaching out and waiting for multiple teams during a configuration upgrade or CVE patching cycle.

NGINX One now lets you group your NGINX instances into logical groups called Clusters. The Cluster dashboard shows the synchronization status of all instances managed by NGINX One. Changes made to any instance in the cluster will automatically mirror over to all members of the group, automatically synchronizing updates and configuration changes. With Clusters, high availability is click-ops or a brief CLI push, with minimal toil.

NGINX One uses an Agent, a very powerful pattern growing in popularity across the world of tech. NGINX Agent runs as a Linux process and communicates back-and-forth to NGINX and the NGINX One SaaS console. Agent pushes metrics, stats, and observability from NGINX to NGINX One and propagates changes from NGINX One down to NGINX. In the past, you needed to build your own Dockerfile that included Agent to deploy NGINX containerized workloads and connect them to NGINX One. We released an official Image hosted in our private registry to make this easy. We plan to release an Image soon for NGINX Open source, as well.

After collecting initial feedback from customers, sellers, and our F5 operations functions, we have decided to defer the delivery of a consumption-based pricing model for NGINX One. At launch, we will maintain our current per-instance and per-node pricing models to minimize disruption and provide a seamless transition for existing customers. However, we intend to offer consumption pricing options in the future as we continue to monitor customer needs and incorporate feedback.

In the coming months we will be adding many new features to NGINX One. Some things on our roadmap include:

• Setting up a “docker pull” with pre-built NGINX Plus Agent containers, in public registries and more options for pre-built configurations in our private registries for NGINX Plus
• Staged configurations that allow you to create configurations and stage them for review, approval and later publication
• Alerting and notifications on critical items like upcoming certificate expiry, newly found Instances, and other important events such as new CVE’s
• Application Performance Monitoring for detailed visibility into the performance and behavior of your individual applications including requests, responses, roundtrip times, and other performance indicators — in real-time.
• SSL certificate management capabilities, including adding, updating, and deleting SSL certificates, as well as viewing all SSL certificates, for both managed and unmanaged NGINX instances.
• AI-powered chatbots and more in-application engagement including guided tours, interactive configuration help and setup guidance.
• Expanding NGINX One to connect with NGINX Ingress Controller for Kubernetes clusters and NGINX Unit.
• Enabling new capabilities that work across both NGINX and F5 Distributed Cloud such as advanced DNS, multi-cloud load balancing and networking, and WAAP (Web Application and API Protection) Security integration.

The beauty of SaaS is that the model allows us to push code changes and new features far more quickly and securely. We are building NGINX One in partnership with our customers and watching closely to see how they use the product to guide our feature prioritization. Our hope is that NGINX One gives all our users a better way to NGINX that saves them toil, simplifies troubleshooting, improves security, and helps them deliver a better application experience to their users. We’ve done a lot in three months and plan to keep our foot on the accelerator, pushing out new features regularly and quickly. So please keep an eye out for changes in NGINX One because it's only going to get better. As always, we welcome your feedback.

Are you a professional interested in trying NGINX One with your own NGINX Plus or NGINX Open Source instances? We invite you to Click here to join the early access waitlist, space is limited, so we recommend that you sign up today.