SAS and F5 integration at F5 Networks - Askon · PDF fileF5 BIG-IP Access Policy Manager...
Transcript of SAS and F5 integration at F5 Networks - Askon · PDF fileF5 BIG-IP Access Policy Manager...
© F5 Networks, Inc 3© F5 Networks, Inc 3
Managing access based on Identity
IT challenges:
• Control access based on user-type and role
• Unify access to all applications (mobile, VDI, Web, client-server, SaaS)
• Provide fast authentication and SSO
• Audit and report access and application metrics
• IP Address does not equal identity
Employees Partner Customer Administrator
© F5 Networks, Inc 4© F5 Networks, Inc 4
Our Goal: Provide Visibility & Control
Intelligent
Services
Platform
Users
Securing access to
applications from
anywhere
Resources
Protecting your
applications regardless of
where they liveTotal Application Delivery Networking Services
Remote
access
SSL
VPN
APP
firewall
Strategic Point of Control
In Your Network!
© F5 Networks, Inc 6© F5 Networks, Inc 6
Network
Session
Application
Web application
Physical
Client / Server
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
SSL inspection and SSL DDoS mitigation
HTTP proxy, HTTP DDoS and application security
Application health monitoring and performance anomaly detection
Network
Session
Application
Web application
Physical
Client / Server
Full Proxy Security
© F5 Networks, Inc 8© F5 Networks, Inc 8
Identity and Access Management (IAM) solutionAuthentication, authorization, and SSO to all apps
Remote Access and
Application Access
Federation
Secure Web Gateway
Web Access
Management
Mobile Apps
Internet Apps
Enterprise Apps
Cloud, SaaS,
and Partner
Apps
Internet AppsInternet
Virtual Edition Chassis Appliance
Enterprise Mobility
Management
© F5 Networks, Inc 9© F5 Networks, Inc 9
Security TAP Partners
Multi-factor
authenticationDAST
Certificates
encryptionEndpoint inspect / AV
Web access
management
Anti-fraud /
secure browserDB firewall
DNS security
and SBS
FIPS/HSM
security
Mobile device
managementMobile OS
Web and
SaaS security
Security change
managementSIEM
© F5 Networks, Inc 11© F5 Networks, Inc 11
Controlling Endpoint AccessEnsure strong endpoint security
Users
BIG-IP APM
• Antivirus software versionand updates
• Software firewall status
• Machine certificate validation
• Geolocation
Allow, deny or remediate users based
on endpoint attributes such as:
Invoke protected workspace for unmanaged
devices:
• Restrict USB access
• Cache cleaner leaves no trace
• Ensure no malware enters corporate network
• Corporate data is protected
Web
© F5 Networks, Inc 12© F5 Networks, Inc 12
• Fast and secure connections
maximize productivity for global
users
• Seamless integration minimizes
cost and simplifies end user
experience
Secure and Accelerated Remote Access
www.f5.com
© F5 Networks, Inc 13© F5 Networks, Inc 13
Create policy
Corporate domain
Latest AV software
Current O/S
Administrator
User = HR
HR
AAA
server
• Proxy the web applications to
provide authentication,
authorization, endpoint inspection,
and more – all Layer 4-7 ACLS
through F5’s Visual Policy Editor
Enhanced Web Access Management
8 3 2 8 4 9
© F5 Networks, Inc 14© F5 Networks, Inc 14
Multifactor Authentication
www.f5.com
User = HR
HR
AAA
server
© F5 Networks, Inc 15© F5 Networks, Inc 15
AAA
server
Outlook
2007
Outlook
2010
Finance
Sales
HR
• Migrate over time
• Distribute a single URL & let
BIG-IP APM direct user
• Manage email access for all
devices from all locations and any
network
Exchange
ActiveSync
Outlook
Web
Access
Outlook
Anywhere
Streamlined Exchange Migrations
© F5 Networks, Inc 18© F5 Networks, Inc 18
Dramatically reduce infrastructure costs; increase productivity
Authentication All in One and Fast SSO F5 BIG-IP Access Policy Manager
© F5 Networks, Inc 20© F5 Networks, Inc 20
Enforcing Access RestrictionsSimple, accurate, centralized enforcement
UK Data Center
App Servers
Solution
Centralized Location Control
• Decreased risk – access is controlled at perimeter
• Reduced capital and operational expenses through
centralized control
• Reduced application development time
• Simplified network configuration
BIG-IP APM/LTM
APM/LTM with
IP Geolocation Database
Only ADC with Geolocation Access Rules
• VPE – Geolocation Rules
• iRules not required
• Custom session variables
• Custom notification messages
• Logging Client locations
• Reporting
• Updated End-User Interface with Full Customization
• Stylesheet (CSS) based customization eliminates the need to customize each page individually
• Form location (left, center, right)
• Font style/sizes
• Header and footer
F5 branded SAS logon screen
© F5 Networks, Inc 26© F5 Networks, Inc 26
Seamless Experience with a Universal Portal
• Webtop unites internal and
external application resources
across your Enterprise
• Provides seamless presentation
and access to Windows, Web,
SaaS, Mobile Applications and
data
• WebTop helps organizations
with RDP, VMware and Citrix
consolidate on a single
platform
© F5 Networks, Inc 27© F5 Networks, Inc 27
Dynamic WebTops for End-User
• Customizable and localizable list of resources
• Adjusts to mobile devices
• Java-based resources for client flexibility
• Combine multiple access resources
© F5 Networks, Inc 30© F5 Networks, Inc 30
BIG-IP Edge Client
Web-delivered and standalone client
• Mac, Windows, Linux
• iPhone, iPad, iTouch
• Android
• Endpoint inspection
• Full SSL VPN
• Per-user flexible policy
Enable mobility
• Smart connection roaming
• Uninterrupted application sessions
Accelerate access
• Adaptive compression
• Client-side cache
• Client-side QoS
© F5 Networks, Inc 31© F5 Networks, Inc 31
INTERNET
INTERNAL LAN
VLAN2
INTERNAL LAN
VLAN1
Mobile users
Branch office users
Wireless users
LAN users
BIG-IP LTM +APM
BIG-IP LTM VE +APM
-OR-
Virtual desktops
VDI VDI VDI VDI
Hypervisor
Auto-Connect to the VPNEdge Client ensures “always connected” seamless application access.
© F5 Networks, Inc 32© F5 Networks, Inc 32
Configure iOS Access to Applicationswith BIG-IP Edge Portal
© F5 Networks, Inc 33© F5 Networks, Inc 33
BIG-IP Edge Portal for Android App Solutions
Fast App. Access for Android Devices
https://market.android.com/details?id=com.f5.edge.portal
• Select resource to pass down a Java based applet
• Acts as an RDP client that executes in the client browser
Secure Access for Mac and LinuxJava RDP client
© F5 Networks, Inc 35© F5 Networks, Inc 35
Easy Access Policy Deployment Wizards
• Deployment-specific wizards for Web Access Management for LTM virtuals, Network Access, and Web Applications Access
• Step-by-step configuration, context sensitive help, review and summary
• Creates base set of objects and access policy for common deployments
• Automatically branches to necessary configuration (e.g., DNS)
© F5 Networks, Inc 36© F5 Networks, Inc 36
Access Policy Design
• Industry-leading advanced Visual Policy Editor (VPE)
• Flexible
• Easy to understand, visual representation of policy
• VPE Rules (TCL-based) for advanced functions
• Trigger TMM iRules events
• Usability features
• Macros
• Visual cues to aid configuration
© F5 Networks, Inc 38© F5 Networks, Inc 38
Sample Detailed Report
Gain a deeper understanding:
• All sessions with geo-location
• Local time
• Virtual IP
• Assigned IP
• ACLs
• Applications and OSs
• Browsers
• All sessions
• Customize reports
• Export for distribution
© F5 Networks, Inc 39© F5 Networks, Inc 39
Dashboard Executive Summary
• Administrators quickly view the BIG-IP APM Dashboard
• Real-time understanding of access health
• View the default template of Active Sessions, Network Access Throughput, New Sessions, and Network Access Connections
• Optionally, administrators create customized views using the Dashboard Windows Chooser
• Drag and drop selections onto the window pane with the type of statistics desired for fast comprehension of session health