Upload
jasonenriquez
View
2.701
Download
2
Embed Size (px)
DESCRIPTION
Citation preview
Securing the Cloud:F5 Enterprise Cloud Architecture
1
2
• New Virtual Application Delivery Controller– BIG-IP Local Traffic Manager Virtual Edition (VE)
• Enterprise to Cloud - AAA services, Access Control and Acceleration Services– BIG-IP Edge Gateway for Access and Acceleration for the Cloud
• Enterprise to Cloud - Web Application Attack protection– Application Security Manager (ASM) with Simplified CSRF
protection
Securing the Cloud – BIG-IP v10.2
3
Self-Managing Datacenters
Server Consolidation
Test and Development CapacityOn Demand
Enterprise Computing Clouds On and Off Premise
Separate Consolidate Aggregate Automate Liberate
Virtualization to Cloud Maturity Model
Private Public
Enterprise Objective: An IT Services On-Demand Platform
You Are
Here
OrHere
OrHere
OrHere
4
F5’s Dynamic Control Plane Architecture
Users
Resources
Physical Virtual Multi-Site DCs
Private Public
Cloud
Availability•Scale•HA / DR•Bursting•Load-Balancing
Optimization•Network•Application•Storage•Offload
Security•Network•Application•Data•Access
Management• Integration• Visibility• Orchestration
Appl
icati
on a
nd D
ata
Del
iver
y N
etw
ork
5
Problem: Secured Load-Balancing and Traffic Management in the Cloud
Users
Flexibility, Context, and Control in the Enterprise
Resources
Physical Virtual Multi-Site DCs
Private Public
Cloud
Limited:• Different models per cloud service• No commonality with enterprise • LB scale can vary dramatically*• Very limited security• Limited control content / app switching• No transaction integrity / persistence• Limited network / application acceleration• No user context to apply policy• and on and on…..
…but not in the Cloud
*Rightscale White Paper: Load-Balancing in the Cloud
6
F5 Solution: Extend Enterprise-Class ADC to Internal / External Cloud
Users
Flexibility, Context, and Control in the Enterprise
Resources
Physical Virtual Multi-Site DCs
Private Public
Cloud
Enterprise Ready Cloud:• Common / shared architectural model• Predictable, High Performance LB Scale• Rich content switching• Full transaction integrity / persistence• Superior security• User and application context • Network and application acceleration
….and the CloudBIG-IP LTM Virtual Edition
BIG-IP LTM Virtual Edition
7
Users
Lack of Simplicity, Flexibility, Context, and Control for the Enterprise
Resources
Physical Virtual Multi-Site DCs
Private Public
Cloud
Problem: Access Control & Acceleration Across The Maturity Cycle
VPN
Vendor A
Web Accelerator
Vendor B
WAN Optimizer
Vendor C
LDAP
OAM
TAM
CAAAA
AAA AAAAAA AAA AAA
AAA AAA AAA
AAA x 10AAA x 5AAA x 2
AD AD
No contextDifficult change controlError proneCostlyLicensing / vendor management issuesCompliance problemsLimited control
AD
DNS Bind Server
Open Source
?
8
Users
Simplicity, Flexibility, Context, and Control for the Enterprise
Resources
Physical Virtual Multi-Site DCs
Private Public
Cloud
F5 Solution: Extend Next Gen Access & Acceleration to the Cloud
LDAP
OAM
TAM
CAAAA
AAAAAA AAA AAA
AAA AAA AAA
AAA x 10AAA x 5AAA x 2
AD AD
AD
BIG-IP Edge GatewayBIG-IP Global Traffic Manager
VPN
Vendor A
Web Accelerator
Vendor B
WAN Optimizer
Vendor C
DNS Bind Server
Open Source
AAA
Use
r Req
uest
s
Optim
al Gatew
ay
• Unified access & acceleration model
• Simplified change control and auditing
• Flexible access policies• Context-aware: user, device,
location, and application• Control remains within enterprise
AAA
Secu
re O
ptim
ized
Sess
ion
Secure Optimized Session
9
New in 10.2 • Edge Client Integration with Windows logon provides seamless VPN access• Access Control for the Cloud
ApplicationsClients
BIG-IPEdge Gateway
F5 Solution: Seamless Access to Applications
10
F5 Solution: Application Security Manager
Users
Resources
Physical Virtual Multi-Site DCs
Private Public
Cloud
w/Security Policy
Application Firewall
User Requests
Policy Enforcement
Content Scrubbing and Application Cloaking
Security Enforcement inbound (Request) as well as outbound (Response) traffic protecting the application from attacks including OWASP top 10
11
F5 Solution: BIG-IP Application Security Manager (ASM) with CSRF Attack Protection
With v10.2 protection is easy to configure from the UI