VMworld 2013: Secure Mobility - FIPS, CAC and Beyond
-
Upload
vmworld -
Category
Technology
-
view
65 -
download
0
Transcript of VMworld 2013: Secure Mobility - FIPS, CAC and Beyond
![Page 1: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/1.jpg)
Secure Mobility - FIPS, CAC and Beyond
Paul Arnpriester, CDW Nonprofit
Glenn Exline, VMware
Paul Pindell, F5 Networks
Deepak Puri, VMware
EUC5196
#EUC5196
![Page 2: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/2.jpg)
Today’s Agenda
• VMware Horizon Suite Overview
• Federal / Nonprofit and other highly security conscious customers concerns
• FIPS, CAC, and Smart Card requirements
• How F5 Access Policy Manager can secure Horizon Workspace and provide a FIPS and CAC Compliant solution
![Page 3: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/3.jpg)
Centralized layered image management
for local deployment
Multi-device workspace for IT services
HORIZON SUITE The platform for workforce mobility
Horizon
View
Horizon
Mirage
Horizon
Workspace Complete desktop and application
virtualization
NEW
v5.2 NEW
v4.0
NEW
v1.0
F5 + HORIZON SUITE
Support for VMware validated solutions
Mobile Secure Desktop
Business Process Desktop
AlwaysOn Desktop
Branch Office Desktop
Unique F5 solutions
PCoIP Proxy
Single Namespace
Username Persistence
Intelligent traffic management and security
Local and global traffic management
Multi-site and multi-pod deployments
Access management and data center firewall
Horizon View
Intelligent Services
Framework
Secure • Fast • Available
Anywhere, any
service, any device
Intelligent Dynamic, agile,
adaptive
Horizon Mirage
Horizon Workspace
VM
VDI
![Page 4: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/4.jpg)
VMware Horizon Workspace
Broker: Manage & secure
centrally and broker services to
your
workforce by policy
Transform: Transform
desktops, diverse apps and
data into centralized services
Deliver: Empower your
workforce
with flexible access across
devices, locations and
connectivity
![Page 5: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/5.jpg)
Control & Governance Is More Challenging
People you employ
Using a network you
own to connect to…
Using software you own
on a Windows desktop
you own
An application you own,
running on a server you
own
Apps live in many
clouds and are easily
procured without IT
Always connected, via
3G, 4G and public or
personal wifi
Non-owned devices and
multiple non-Windows
OSs
Employees, contractors
outsourcers, partners
citizens, students
![Page 6: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/6.jpg)
Encryption & Authentication
The [FIPS 140-2] standard specifies the security requirements that
must be satisfied by a cryptographic module utilized within a
security system that protects unclassified information within
computer and telecommunication systems including voice
systems. The standard provides four increasing, qualitative levels
of security: Level 1, Level 2, Level 3, and Level 4.
![Page 7: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/7.jpg)
Source : Google
![Page 8: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/8.jpg)
How F5 Access Policy Manager can secure Horizon Workspace and provide a FIPS and CAC Compliant solution
• Introduction to F5 Networks
• Introduction to F5 Access Policy Manager (APM)
![Page 9: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/9.jpg)
F5 and VMware
A long-standing strategic partnership
VMware named F5
‘Global Technology Innovator Partner
of the Year’ (2011)
F5 was key launch partner for
VMware Ready for
Networking
and Security
Program
Across all
major VMware
solutions
and F5 products
Coordinated
back-end
customer
support
76% Market Share
60% Market Still
Untouched
$40 BILLION Market
Capitalization $4.2
BILLION Annual Sales
![Page 10: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/10.jpg)
Traffic Management Operating System
01010101010101010101010101
Sw
itch
Fa
bric
Hig
h S
pee
d B
ridg
e
01010101010101010101010101
Dis
ag
gre
ga
tor
Sw
itch
Fa
bric
Hig
h S
pee
d B
ridg
e
TM Microkernel
TM Microkernel
TM Microkernel
TM Microkernel
Dis
ag
gre
ga
tor
L2 - L4 Hardware L5 - L7 Software L2 - L4 Hardware
TCP
Proxy Server side connection Client side connection
TMM
SS
L O
fflo
ad
Rate
Shap
ing
Web
Cachin
g
HT
TP
Pro
xy
TC
P E
xpre
ss
Clie
nt A
uth
OneC
onn
ect
Serv
er
Mon
ito
r
Lo
ad
Bala
nce
TC
P E
xpre
ss
Com
pre
ssio
n
iRule
s
ASIC FPGA FPGA CPUs
![Page 11: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/11.jpg)
BIG-IP Access Policy Manager Identify, authenticate, and control user access to your applications
• Secure and accelerate application
access from any device and location
• Consolidate AAA and SSO services for
enterprise applications
• RDP, View, Citrix Xen Support
• Federate via SAML
Single Sign On
• Scalable SSL VPN w DTLS
• Advanced Endpoint checks
• BYOD: IOS, Win8, Android Support
Mobile User Access
![Page 12: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/12.jpg)
Application Delivery Networking for Horizon Workspace 1.5
• F5 Networks LTM (Local Traffic Manager)
• Layer 4-7 Services
• Highly available Horizon Workspace environments
![Page 13: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/13.jpg)
Application Delivery Networking for Horizon Workspace 1.5
• https://communities.vmware.com/docs/DOC-24577
• Document Written by Rasmus Jensen
• #EUC5238
• Shows how to use F5 to provide L4-7 traffic management in front of both the Workspace Gateway VAs, and the Connector VAs.
![Page 14: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/14.jpg)
![Page 15: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/15.jpg)
CAC in the Front, SAML in the back.
• Workflow of a connection
• F5 APM CAC Implementation
• F5 APM SAML Implementation
• F5 APM and Horizon Connector configurations
![Page 16: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/16.jpg)
![Page 17: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/17.jpg)
![Page 18: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/18.jpg)
Demo Time
![Page 19: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/19.jpg)
![Page 20: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/20.jpg)
Questions, Answers, and Key Takeaways
![Page 21: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/21.jpg)
![Page 22: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/22.jpg)
THANK YOU
![Page 23: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/23.jpg)
![Page 24: VMworld 2013: Secure Mobility - FIPS, CAC and Beyond](https://reader034.fdocuments.net/reader034/viewer/2022042716/55c08955bb61ebed5a8b45d4/html5/thumbnails/24.jpg)
Secure Mobility - FIPS, CAC and Beyond
Paul Arnpriester, CDW Nonprofit
Glenn Exline, VMware
Paul Pindell, F5 Networks
Deepak Puri, VMware
EUC5196
#EUC5196