BIG-IP Access Policy Manager (APM) Sales Presentation Wireframe

F5 BIG-IP Access Policy Manager (APM)

© F5 Networks, Inc 3 © F5 Networks, Inc 3

Authentication, authorization, and SSO to all apps with F5 Application Policy Manager (APM)

Access control over third-party SaaS

Context-aware policy enforcement

Scalability and performance

Simplified policy management

© F5 Networks, Inc 4 © F5 Networks, Inc 4

Security at the critical point in the network

Virtual

Physical

Cloud

Storage

Total Application Delivery Networking Services

Clients Remote access

SSL VPN

APP firewall

© F5 Networks, Inc 5 © F5 Networks, Inc 5

Network

Session

Application

Web application

Physical

Client / Server

L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation

SSL inspection and SSL DDoS mitigation

HTTP proxy, HTTP DDoS and application security

Application health monitoring and performance anomaly detection

Network

Session

Application

Web application

Physical

Client / Server

Full proxy security

High-performance HW

iRules

iControl API

F5’s Approach

•  TMOS traffic plug-ins •  High-performance networking microkernel •  Powerful application protocol support

•  iControl—External monitoring and control •  iRules—Network programming language

IPv4

/IPv

6

SSL

TCP

HTTP

Optional modules plug in for all F5 products and solutions

APM

Fire

wal

l

…

Traffic management microkernel

Proxy

Client side

Server side SS

L

TCP

OneC

onne

ct

HTTP

© F5 Networks, Inc 6 © F5 Networks, Inc 6

•  Industry’s most scalable access gateway •  Consolidates remote access, Web access management, enterprise mobility management, identity

federation and secure web gateway in a single platform •  Protects against data loss, virus infection, and rogue device access •  Replaces web access proxy tiers for common applications reducing infrastructure and management

costs

BIG-IP Access Policy Manager (APM)

Benefits •  Consolidates authentication infrastructure •  Simplifies remote, web, and application access control

Features •  Scales up to 2M users on a single device •  Centralizes single sign-on (SSO) and access control

services •  Full proxy L4-L7 access control at BIG-IP speeds •  Adds endpoint inspection to the access policy •  Visual Policy Editor (VPE) provides policy-based access

control •  VPE Rules ‒ programmatic interface for custom

access policies •  Supports IPv6

BIG-IP APM Unified access and control for BIG-IP

© F5 Networks, Inc 8 © F5 Networks, Inc 8

Visual Policy Editor (VPE)

Endpoint Inspection

Context Aware

© F5 Networks, Inc 9 © F5 Networks, Inc 9

Identity and Access Management (IAM) solution Authentication, authorization, and SSO to all apps

Remote Access and Application Access

Federation

Secure Web Gateway

Web Access Management

Mobile Apps

Internet Apps

Enterprise Apps

Cloud, SaaS, and Partner

Apps

Internet Apps Internet

Virtual Edition Chassis Appliance

Enterprise Mobility Management

Identity Federation and Single Sign-On (SSO)

© F5 Networks, Inc 11 © F5 Networks, Inc 11

•  Too many agents or proxies Single Sign-On (SSO) challenges

Users

Users

Agentside Decision

Web Applications

Adaptive Authentication? External Resource?

Users

Decision? Fake AuthN?

Delegate?

Servers

Decision? Step-Up?

Change AuthZ?

SSO Server

MIDDLEWARE AGENTS

Mobile Device? Supported Platform?

BYOD? Public Cloud

?

•  Difficult to visualize single sign-on topology and deployment

•  Single sign-on require flexibility

© F5 Networks, Inc 12 © F5 Networks, Inc 12

Identity Federation (SSO) benefits

AAA Server

Corporate managed device

Latest antivirus software

Expense Report App

Finance

Salesforce.com

User = Finance

•  Dramatically reduces infrastructure costs while increasing user productivity •  Provides seamless access to all web resources •  Enhances user experience •  Instantly provisions and de-provisions access to cloud apps

© F5 Networks, Inc 13 © F5 Networks, Inc 13

Identity Federation architecture

Strategic Point of Control

On-Premises Infrastructure

Corporate Applications

Users

Attackers

Access Management

(APM)

SaaS Providers

Office 365

Google Apps

Salesforce

Directory Services

Corporate Users

Identity federation

SAML Real-time access control

Access policy enforcement

SAML Identity management

Multi-factor authentication

© F5 Networks, Inc 14 © F5 Networks, Inc 14

Latest Identity Federation and SSO features

SAML Artifact Binding Support

RSA SecurID Software Integration SAML ECP Profile Support

•  Extends and secures SSO •  Secures transport of SAML

messages and reduces flow of SAML messages through browsers

•  Extends SSO support for automatically submitted forms

•  Simplifies secure authentication •  Dynamically detects installed RSA

SecurID software tokens and automatically retrieves randomly generated passcodes

•  Enhances user experience, decreases human error, and eases authentication and support headaches

•  Streamlines user workflow via cutting-edge SSO

•  F5 is the only vendor to extend SSO (via SAML) to include client-based apps and other browser-less environments

•  Enhances user experience, simplifies user workflow, and increases user productivity and usability

Remote Access and Application Access

© F5 Networks, Inc 16 © F5 Networks, Inc 16

Remote access and application access challenges

Intelligent Services Platform

Users Resources

•  Enabling secure remote access to corporate resources from any network, from any device

•  Ensuring secure and fast application performance for remote users

•  Protecting network resources, applications and data from malware, theft or hack, and/or rogue and unauthorized access

© F5 Networks, Inc 17 © F5 Networks, Inc 17

Fast, secure remote access

www.f5.com

•  Fast and secure connections maximize productivity for global users •  Seamless integration minimizes cost and simplifies end user experience

Web Access Management

© F5 Networks, Inc 19 © F5 Networks, Inc 19

Create policy

Corporate domain

Latest AV software

Current O/S

Administrator

User = HR

HR

AAA server

Enhanced Web Access Management

832849

•  Proxy web applications to provide authentication, authorization, endpoint inspection, and more

•  All Layer 4-7 ACLS through F5’s Visual Policy Editor

APM Support for Oracle Access Manager (OAM)

Before

Load balancer

Load balancer

Web apps

App 1

App 200

OAM OAM directory

After

BIG-IP LTM + APM Web apps

App 1

App 200

OAM OAM directory

Data center Data center

BIG-IP LTM + APM

OAM Proxy

Enterprise Mobility Gateway (EMG)

© F5 Networks, Inc 22 © F5 Networks, Inc 22

•  Ensure devices connect securely and adhere to a security posture baseline, regardless of ownership

•  Reduce the risk of malware infecting the corporate network from corporate or personal mobile device

User = Finance

App Store

HR

CRM

Finance

Corporate managed device?

Corporate managed device?

AAA Server

Enterprise Mobility Management (EMM)

© F5 Networks, Inc 23 © F5 Networks, Inc 23

F5 and AirWatch

GOOD BETTER BEST

Mobile Users

BIG-IP Platform

App Wrapping + App Management

+ Reporting

Endpoint Inspection + App Tunnel Termination

+ Authentication + Access Policy Management

+ Identity Federation + Mobile App Security + Managed App Policy

Data Center

BIG-IP Advanced Firewall Manager

BIG-IP Local Traffic Manager

BIG-IP Access Policy Manager

BIG-IP Application Security Manager

Simplified Business Models

App Tunnel + App Policy

Managed Apps

Unmanaged Apps

No data transfer

Data transfer

AFM LTM APM ASM

Salesforce.com

EMM

Remote Access Mobile

Application

Email

Authentication Store

Application Access Management

© F5 Networks, Inc 24 © F5 Networks, Inc 24

•  Mobile device management (MDM)

•  F5 mobile client provisioning and configuration

•  Certificate and app provisioning

•  Remote lock and wipe

Secure, managed mobile access, apps and devices

•  Per app VPN •  Secure remote (SSL VPN)

access •  Supports ActiveSync and

other proxy services •  Granular access policy

management •  Application access

management •  Federated identity/SSO

F5 delivers

•  Mobile application management (MAM)

•  Workspace application •  File readers and editors •  File systems and portal

access •  Hardened endpoint client,

webapp •  App wrapping

AirWatch delivers

Simplified VDI

© F5 Networks, Inc 26 © F5 Networks, Inc 26

AAA server

RDP

View

XenDesktop Virtual desktops

VDI VDI VDI VDI

Hypervisor

Virtual desktops

VDI VDI VDI VDI

Hypervisor

Virtual desktops

VDI VDI VDI VDI

Hypervisor

•  Improved scale and reliability •  Better user experience + SSO •  Simplified deployment •  Improved quality of real-time applications •  Unified access control and security

Simplified VDI

VDI VDI VDI

© F5 Networks, Inc 27 © F5 Networks, Inc 27

Operational complexities of Citrix Cloud Gateway

User devices

Citrix Cloud Gateway

NetScaler Access

Gateway

StoreFront AppController

Fragmented application access and policy management

Firewall Firewall

Mobile apps

SaaS apps

Web apps

Citrix ShareFile

data Virtual

Applications

Hypervisor

© F5 Networks, Inc 28 © F5 Networks, Inc 28

Application delivery for Citrix VDI Single Platform

User devices

Mobile apps

SaaS apps

Web apps

Citrix ShareFile

data

Application Delivery for Citrix VDI

BIG-IP APM

Virtual Applications

Hypervisor

© F5 Networks, Inc 29 © F5 Networks, Inc 29

VMware Horizon View architecture

Strategic Point of Control

Authentication

HTTPS

PCoIP

VDI Infrastructure

External Users

On-Premises Infrastructure

HTTPS

PCoIP

HTTP/S

PCoIP

Internal Users

Access Management

(APM)

SSL Decryption Authentication High Availability

PCoIP Proxy

PCoIP Proxy – Simplify your architecture