Upload
duongngoc
View
261
Download
14
Embed Size (px)
Citation preview
BIG-IP Access Policy Manager (APM) Sales Presentation Wireframe
F5 BIG-IP Access Policy Manager (APM)
© F5 Networks, Inc 3 © F5 Networks, Inc 3
Authentication, authorization, and SSO to all apps with F5 Application Policy Manager (APM)
Access control over third-party SaaS
Context-aware policy enforcement
Scalability and performance
Simplified policy management
© F5 Networks, Inc 4 © F5 Networks, Inc 4
Security at the critical point in the network
Virtual
Physical
Cloud
Storage
Total Application Delivery Networking Services
Clients Remote access
SSL VPN
APP firewall
© F5 Networks, Inc 5 © F5 Networks, Inc 5
Network
Session
Application
Web application
Physical
Client / Server
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
SSL inspection and SSL DDoS mitigation
HTTP proxy, HTTP DDoS and application security
Application health monitoring and performance anomaly detection
Network
Session
Application
Web application
Physical
Client / Server
Full proxy security
High-performance HW
iRules
iControl API
F5’s Approach
• TMOS traffic plug-ins • High-performance networking microkernel • Powerful application protocol support
• iControl—External monitoring and control • iRules—Network programming language
IPv4
/IPv
6
SSL
TCP
HTTP
Optional modules plug in for all F5 products and solutions
APM
Fire
wal
l
…
Traffic management microkernel
Proxy
Client side
Server side SS
L
TCP
OneC
onne
ct
HTTP
© F5 Networks, Inc 6 © F5 Networks, Inc 6
• Industry’s most scalable access gateway • Consolidates remote access, Web access management, enterprise mobility management, identity
federation and secure web gateway in a single platform • Protects against data loss, virus infection, and rogue device access • Replaces web access proxy tiers for common applications reducing infrastructure and management
costs
BIG-IP Access Policy Manager (APM)
Benefits • Consolidates authentication infrastructure • Simplifies remote, web, and application access control
Features • Scales up to 2M users on a single device • Centralizes single sign-on (SSO) and access control
services • Full proxy L4-L7 access control at BIG-IP speeds • Adds endpoint inspection to the access policy • Visual Policy Editor (VPE) provides policy-based access
control • VPE Rules ‒ programmatic interface for custom
access policies • Supports IPv6
BIG-IP APM Unified access and control for BIG-IP
© F5 Networks, Inc 8 © F5 Networks, Inc 8
Visual Policy Editor (VPE)
Endpoint Inspection
Context Aware
© F5 Networks, Inc 9 © F5 Networks, Inc 9
Identity and Access Management (IAM) solution Authentication, authorization, and SSO to all apps
Remote Access and Application Access
Federation
Secure Web Gateway
Web Access Management
Mobile Apps
Internet Apps
Enterprise Apps
Cloud, SaaS, and Partner
Apps
Internet Apps Internet
Virtual Edition Chassis Appliance
Enterprise Mobility Management
Identity Federation and Single Sign-On (SSO)
© F5 Networks, Inc 11 © F5 Networks, Inc 11
• Too many agents or proxies Single Sign-On (SSO) challenges
Users
Users
Agentside Decision
Web Applications
Adaptive Authentication? External Resource?
Users
Decision? Fake AuthN?
Delegate?
Servers
Decision? Step-Up?
Change AuthZ?
SSO Server
MIDDLEWARE AGENTS
Mobile Device? Supported Platform?
BYOD? Public Cloud
?
• Difficult to visualize single sign-on topology and deployment
• Single sign-on require flexibility
© F5 Networks, Inc 12 © F5 Networks, Inc 12
Identity Federation (SSO) benefits
AAA Server
Corporate managed device
Latest antivirus software
Expense Report App
Finance
Salesforce.com
User = Finance
• Dramatically reduces infrastructure costs while increasing user productivity • Provides seamless access to all web resources • Enhances user experience • Instantly provisions and de-provisions access to cloud apps
© F5 Networks, Inc 13 © F5 Networks, Inc 13
Identity Federation architecture
Strategic Point of Control
On-Premises Infrastructure
Corporate Applications
Users
Attackers
Access Management
(APM)
SaaS Providers
Office 365
Google Apps
Salesforce
Directory Services
Corporate Users
Identity federation
SAML Real-time access control
Access policy enforcement
SAML Identity management
Multi-factor authentication
© F5 Networks, Inc 14 © F5 Networks, Inc 14
Latest Identity Federation and SSO features
SAML Artifact Binding Support
RSA SecurID Software Integration SAML ECP Profile Support
• Extends and secures SSO • Secures transport of SAML
messages and reduces flow of SAML messages through browsers
• Extends SSO support for automatically submitted forms
• Simplifies secure authentication • Dynamically detects installed RSA
SecurID software tokens and automatically retrieves randomly generated passcodes
• Enhances user experience, decreases human error, and eases authentication and support headaches
• Streamlines user workflow via cutting-edge SSO
• F5 is the only vendor to extend SSO (via SAML) to include client-based apps and other browser-less environments
• Enhances user experience, simplifies user workflow, and increases user productivity and usability
Remote Access and Application Access
© F5 Networks, Inc 16 © F5 Networks, Inc 16
Remote access and application access challenges
Intelligent Services Platform
Users Resources
• Enabling secure remote access to corporate resources from any network, from any device
• Ensuring secure and fast application performance for remote users
• Protecting network resources, applications and data from malware, theft or hack, and/or rogue and unauthorized access
© F5 Networks, Inc 17 © F5 Networks, Inc 17
Fast, secure remote access
www.f5.com
• Fast and secure connections maximize productivity for global users • Seamless integration minimizes cost and simplifies end user experience
Web Access Management
© F5 Networks, Inc 19 © F5 Networks, Inc 19
Create policy
Corporate domain
Latest AV software
Current O/S
Administrator
User = HR
HR
AAA server
Enhanced Web Access Management
832849
• Proxy web applications to provide authentication, authorization, endpoint inspection, and more
• All Layer 4-7 ACLS through F5’s Visual Policy Editor
APM Support for Oracle Access Manager (OAM)
Before
Load balancer
Load balancer
Web apps
App 1
App 200
OAM OAM directory
After
BIG-IP LTM + APM Web apps
App 1
App 200
OAM OAM directory
Data center Data center
BIG-IP LTM + APM
OAM Proxy
Enterprise Mobility Gateway (EMG)
© F5 Networks, Inc 22 © F5 Networks, Inc 22
• Ensure devices connect securely and adhere to a security posture baseline, regardless of ownership
• Reduce the risk of malware infecting the corporate network from corporate or personal mobile device
User = Finance
App Store
HR
CRM
Finance
Corporate managed device?
Corporate managed device?
AAA Server
Enterprise Mobility Management (EMM)
© F5 Networks, Inc 23 © F5 Networks, Inc 23
F5 and AirWatch
GOOD BETTER BEST
Mobile Users
BIG-IP Platform
App Wrapping + App Management
+ Reporting
Endpoint Inspection + App Tunnel Termination
+ Authentication + Access Policy Management
+ Identity Federation + Mobile App Security + Managed App Policy
Data Center
BIG-IP Advanced Firewall Manager
BIG-IP Local Traffic Manager
BIG-IP Access Policy Manager
BIG-IP Application Security Manager
Simplified Business Models
App Tunnel + App Policy
Managed Apps
Unmanaged Apps
No data transfer
Data transfer
AFM LTM APM ASM
Salesforce.com
EMM
Remote Access Mobile
Application
Authentication Store
Application Access Management
© F5 Networks, Inc 24 © F5 Networks, Inc 24
• Mobile device management (MDM)
• F5 mobile client provisioning and configuration
• Certificate and app provisioning
• Remote lock and wipe
Secure, managed mobile access, apps and devices
• Per app VPN • Secure remote (SSL VPN)
access • Supports ActiveSync and
other proxy services • Granular access policy
management • Application access
management • Federated identity/SSO
F5 delivers
• Mobile application management (MAM)
• Workspace application • File readers and editors • File systems and portal
access • Hardened endpoint client,
webapp • App wrapping
AirWatch delivers
Simplified VDI
© F5 Networks, Inc 26 © F5 Networks, Inc 26
AAA server
RDP
View
XenDesktop Virtual desktops
VDI VDI VDI VDI
Hypervisor
Virtual desktops
VDI VDI VDI VDI
Hypervisor
Virtual desktops
VDI VDI VDI VDI
Hypervisor
• Improved scale and reliability • Better user experience + SSO • Simplified deployment • Improved quality of real-time applications • Unified access control and security
Simplified VDI
VDI VDI VDI
© F5 Networks, Inc 27 © F5 Networks, Inc 27
Operational complexities of Citrix Cloud Gateway
User devices
Citrix Cloud Gateway
NetScaler Access
Gateway
StoreFront AppController
Fragmented application access and policy management
Firewall Firewall
Mobile apps
SaaS apps
Web apps
Citrix ShareFile
data Virtual
Applications
Hypervisor
© F5 Networks, Inc 28 © F5 Networks, Inc 28
Application delivery for Citrix VDI Single Platform
User devices
Mobile apps
SaaS apps
Web apps
Citrix ShareFile
data
Application Delivery for Citrix VDI
BIG-IP APM
Virtual Applications
Hypervisor
© F5 Networks, Inc 29 © F5 Networks, Inc 29
VMware Horizon View architecture
Strategic Point of Control
Authentication
HTTPS
PCoIP
VDI Infrastructure
External Users
On-Premises Infrastructure
HTTPS
PCoIP
HTTP/S
PCoIP
Internal Users
Access Management
(APM)
SSL Decryption Authentication High Availability
PCoIP Proxy
PCoIP Proxy – Simplify your architecture