SAS and F5 integration at F5 Networks - Askon · PDF fileF5 BIG-IP Access Policy Manager...

SAS and F5 integration at F5 Networks

Updates for Version 11.6

© F5 Networks, Inc 3© F5 Networks, Inc 3

Managing access based on Identity

IT challenges:

• Control access based on user-type and role

• Unify access to all applications (mobile, VDI, Web, client-server, SaaS)

• Provide fast authentication and SSO

• Audit and report access and application metrics

• IP Address does not equal identity

Employees Partner Customer Administrator


Our Goal: Provide Visibility & Control

Intelligent

Services

Platform

Users

Securing access to

applications from

anywhere

Resources

Protecting your

applications regardless of

where they liveTotal Application Delivery Networking Services

Remote

access

SSL

VPN

APP

firewall

Strategic Point of Control

In Your Network!

Power of the Platform: It all starts with BIG-IP!


Network

Session

Application

Web application

Physical

Client / Server

L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation

SSL inspection and SSL DDoS mitigation

HTTP proxy, HTTP DDoS and application security

Application health monitoring and performance anomaly detection

Network

Session

Application

Web application

Physical

Client / Server

Full Proxy Security


Identity and Access Management (IAM) solutionAuthentication, authorization, and SSO to all apps

Remote Access and

Application Access

Federation

Secure Web Gateway

Web Access

Management

Mobile Apps

Internet Apps

Enterprise Apps

Cloud, SaaS,

and Partner

Apps

Internet AppsInternet

Virtual Edition Chassis Appliance

Enterprise Mobility

Management


Security TAP Partners

Multi-factor

authenticationDAST

Certificates

encryptionEndpoint inspect / AV

Web access

management

Anti-fraud /

secure browserDB firewall

DNS security

and SBS

FIPS/HSM

security

Mobile device

managementMobile OS

Web and

SaaS security

Security change

managementSIEM

../../../../Local Settings/Temporary Internet Files/Local Settings/My Documents/Departments




http://www.digitalenvoy.com/index.html

http://www.digitalenvoy.com/index.html

APM Solutions


Controlling Endpoint AccessEnsure strong endpoint security

Users

BIG-IP APM

• Antivirus software versionand updates

• Software firewall status

• Machine certificate validation

• Geolocation

Allow, deny or remediate users based

on endpoint attributes such as:

Invoke protected workspace for unmanaged

devices:

• Restrict USB access

• Cache cleaner leaves no trace

• Ensure no malware enters corporate network

• Corporate data is protected

Web


• Fast and secure connections

maximize productivity for global

users

• Seamless integration minimizes

cost and simplifies end user

experience

Secure and Accelerated Remote Access

www.f5.com


Create policy

Corporate domain

Latest AV software

Current O/S

Administrator

User = HR

HR

AAA

server

• Proxy the web applications to

provide authentication,

authorization, endpoint inspection,

and more – all Layer 4-7 ACLS

through F5’s Visual Policy Editor

Enhanced Web Access Management

8 3 2 8 4 9


Multifactor Authentication

www.f5.com

User = HR

HR

AAA

server


AAA

server

Outlook

2007

Outlook

2010

Finance

Sales

HR

• Migrate over time

• Distribute a single URL & let

BIG-IP APM direct user

• Manage email access for all

devices from all locations and any

network

Exchange

ActiveSync

Outlook

Web

Access

Outlook

Anywhere

Streamlined Exchange Migrations


Dramatically reduce infrastructure costs; increase productivity

Authentication All in One and Fast SSO F5 BIG-IP Access Policy Manager


What we are using for OTP


Enforcing Access RestrictionsSimple, accurate, centralized enforcement

UK Data Center

App Servers

Solution

Centralized Location Control

• Decreased risk – access is controlled at perimeter

• Reduced capital and operational expenses through

centralized control

• Reduced application development time

• Simplified network configuration

BIG-IP APM/LTM

APM/LTM with

IP Geolocation Database

Only ADC with Geolocation Access Rules

• VPE – Geolocation Rules

• iRules not required

• Custom session variables

• Custom notification messages

• Logging Client locations

• Reporting

Secure Network Access with APM

• Updated End-User Interface with Full Customization

• Stylesheet (CSS) based customization eliminates the need to customize each page individually

• Form location (left, center, right)

• Font style/sizes

• Header and footer

F5 branded SAS logon screen

Customized User Interface


Seamless Experience with a Universal Portal

• Webtop unites internal and

external application resources

across your Enterprise

• Provides seamless presentation

and access to Windows, Web,

SaaS, Mobile Applications and

data

• WebTop helps organizations

with RDP, VMware and Citrix

consolidate on a single

platform


Dynamic WebTops for End-User

• Customizable and localizable list of resources

• Adjusts to mobile devices

• Java-based resources for client flexibility

• Combine multiple access resources


Customized Portal


BIG-IP Edge Client

Web-delivered and standalone client

• Mac, Windows, Linux

• iPhone, iPad, iTouch

• Android

• Endpoint inspection

• Full SSL VPN

• Per-user flexible policy

Enable mobility

• Smart connection roaming

• Uninterrupted application sessions

Accelerate access

• Adaptive compression

• Client-side cache

• Client-side QoS


INTERNET

INTERNAL LAN

VLAN2

INTERNAL LAN

VLAN1

Mobile users

Branch office users

Wireless users

LAN users

BIG-IP LTM +APM

BIG-IP LTM VE +APM

-OR-

Virtual desktops

VDI VDI VDI VDI

Hypervisor

Auto-Connect to the VPNEdge Client ensures “always connected” seamless application access.


Configure iOS Access to Applicationswith BIG-IP Edge Portal


BIG-IP Edge Portal for Android App Solutions

Fast App. Access for Android Devices

https://market.android.com/details?id=com.f5.edge.portal

• Select resource to pass down a Java based applet

• Acts as an RDP client that executes in the client browser

Secure Access for Mac and LinuxJava RDP client


Easy Access Policy Deployment Wizards

• Deployment-specific wizards for Web Access Management for LTM virtuals, Network Access, and Web Applications Access

• Step-by-step configuration, context sensitive help, review and summary

• Creates base set of objects and access policy for common deployments

• Automatically branches to necessary configuration (e.g., DNS)


Access Policy Design

• Industry-leading advanced Visual Policy Editor (VPE)

• Flexible

• Easy to understand, visual representation of policy

• VPE Rules (TCL-based) for advanced functions

• Trigger TMM iRules events

• Usability features

• Macros

• Visual cues to aid configuration

Logging and Reporting


Sample Detailed Report

Gain a deeper understanding:

• All sessions with geo-location

• Local time

• Virtual IP

• Assigned IP

• ACLs

• Applications and OSs

• Browsers

• All sessions

• Customize reports

• Export for distribution


Dashboard Executive Summary

• Administrators quickly view the BIG-IP APM Dashboard

• Real-time understanding of access health

• View the default template of Active Sessions, Network Access Throughput, New Sessions, and Network Access Connections

• Optionally, administrators create customized views using the Dashboard Windows Chooser

• Drag and drop selections onto the window pane with the type of statistics desired for fast comprehension of session health

Solutions for an Application World.

SAS and F5 integration at F5 Networks - Askon · PDF fileF5 BIG-IP Access Policy Manager...

Documents

Transcript of SAS and F5 integration at F5 Networks - Askon · PDF fileF5 BIG-IP Access Policy Manager...