SAS and F5 integration at F5 Networks Updates for Version 11.6
Managing access based on Identity Employees Partner Customer Administrator IT challenges: Control access based on user-type and role Unify access to all applications (mobile, VDI, Web, client-server, SaaS) Provide fast authentication and SSO Audit and report access and application metrics IP Address does not equal identity F5 Networks, Inc 3
Our Goal: Provide Visibility & Control Users Strategic Point of Control In Your Network! Resources Intelligent Services Platform Securing access to applications from anywhere Total Application Delivery Networking Services Remote access SSL VPN APP firewall Protecting your applications regardless of where they live F5 Networks, Inc 4
Power of the Platform: It all starts with BIG-IP!
Full Proxy Security Client / Server Client / Server Web application Application health monitoring and performance anomaly detection Web application Application HTTP proxy, HTTP DDoS and application security Application Session SSL inspection and SSL DDoS mitigation Session Network L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation Network Physical Physical F5 Networks, Inc 6
Identity and Access Management (IAM) solution Authentication, authorization, and SSO to all apps Secure Web Gateway Internet Internet Apps Internet Apps Web Access Management Remote Access and Application Access Enterprise Apps Virtual Edition Appliance Chassis Mobile Apps Enterprise Mobility Management Federation Cloud, SaaS, and Partner Apps F5 Networks, Inc 8
Security TAP Partners Endpoint inspect / AV Certificates encryption Anti-fraud / secure browser DAST Multi-factor authentication Web access management DB firewall Mobile OS Mobile device management Security change management FIPS/HSM security DNS security and SBS Web and SaaS security SIEM F5 Networks, Inc 9
APM Solutions
Controlling Endpoint Access Ensure strong endpoint security Users Web BIG-IP APM Allow, deny or remediate users based on endpoint attributes such as: Antivirus software version and updates Software firewall status Machine certificate validation Geolocation Invoke protected workspace for unmanaged devices: Restrict USB access Cache cleaner leaves no trace Ensure no malware enters corporate network Corporate data is protected F5 Networks, Inc 11
Secure and Accelerated Remote Access www.f5.com Fast and secure connections maximize productivity for global users Seamless integration minimizes cost and simplifies end user experience F5 Networks, Inc 12
Enhanced Web Access Management Create policy Administrator 8 3 2 8 4 9 Corporate domain HR Latest AV software Current O/S User = HR AAA server Proxy the web applications to provide authentication, authorization, endpoint inspection, and more all Layer 4-7 ACLS through F5 s Visual Policy Editor F5 Networks, Inc 13
Multifactor Authentication HR User = HR www.f5.com AAA server F5 Networks, Inc 14
Streamlined Exchange Migrations Finance Outlook Web Access HR Outlook Anywhere Outlook 2007 Sales Exchange ActiveSync Outlook 2010 AAA server Migrate over time Distribute a single URL & let Manage email access for all devices from all locations and any network F5 Networks, Inc 15
Authentication All in One and Fast SSO F5 BIG-IP Access Policy Manager Dramatically reduce infrastructure costs; increase productivity F5 Networks, Inc 18
What we are using for OTP F5 Networks, Inc 19
Enforcing Access Restrictions Simple, accurate, centralized enforcement UK Data Center BIG-IP APM/LTM App Servers APM/LTM with IP Geolocation Database Solution Centralized Location Control Decreased risk access is controlled at perimeter Reduced capital and operational expenses through centralized control Reduced application development time Simplified network configuration F5 Networks, Inc 20
Only ADC with Geolocation Access Rules VPE Geolocation Rules irules not required Custom session variables Custom notification messages Logging Client locations Reporting
Secure Network Access with APM
F5 branded SAS logon screen Updated End-User Interface with Full Customization Stylesheet (CSS) based customization eliminates the need to customize each page individually Form location (left, center, right) Font style/sizes Header and footer
Customized User Interface
Seamless Experience with a Universal Portal Webtop unites internal and external application resources across your Enterprise Provides seamless presentation and access to Windows, Web, SaaS, Mobile Applications and data WebTop helps organizations with RDP, VMware and Citrix consolidate on a single platform F5 Networks, Inc 26
Dynamic WebTops for End-User Customizable and localizable list of resources Adjusts to mobile devices Java-based resources for client flexibility Combine multiple access resources F5 Networks, Inc 27
Customized Portal F5 Networks, Inc 28
BIG-IP Edge Client Web-delivered and standalone client Mac, Windows, Linux iphone, ipad, itouch Android Endpoint inspection Full SSL VPN Per-user flexible policy Enable mobility Smart connection roaming Uninterrupted application sessions Accelerate access Adaptive compression Client-side cache Client-side QoS F5 Networks, Inc 30
Auto-Connect to the VPN Edge Client ensures always connected seamless application access. Mobile users BIG-IP LTM +APM INTERNET Branch office users -OR- VDI VDI VDI VDI Hypervisor BIG-IP LTM VE +APM Wireless users INTERNAL LAN VLAN2 Virtual desktops LAN users INTERNAL LAN VLAN1 F5 Networks, Inc 31
Configure ios Access to Applications with BIG-IP Edge Portal F5 Networks, Inc 32
BIG-IP Edge Portal for Android App Solutions Fast App. Access for Android Devices https://market.android.com/details?id=com.f5.edge.portal F5 Networks, Inc 33
Secure Access for Mac and Linux Java RDP client Select resource to pass down a Java based applet Acts as an RDP client that executes in the client browser
Easy Access Policy Deployment Wizards Deployment-specific wizards for Web Access Management for LTM virtuals, Network Access, and Web Applications Access Step-by-step configuration, context sensitive help, review and summary Creates base set of objects and access policy for common deployments Automatically branches to necessary configuration (e.g., DNS) F5 Networks, Inc 35
Access Policy Design Industry-leading advanced Visual Policy Editor (VPE) Flexible Easy to understand, visual representation of policy VPE Rules (TCL-based) for advanced functions Trigger TMM irules events Usability features Macros Visual cues to aid configuration F5 Networks, Inc 36
Logging and Reporting
Sample Detailed Report Gain a deeper understanding: All sessions with geo-location Local time Virtual IP Assigned IP ACLs Applications and OSs Browsers All sessions Customize reports Export for distribution F5 Networks, Inc 38
Dashboard Executive Summary Administrators quickly view the BIG-IP APM Dashboard Real-time understanding of access health View the default template of Active Sessions, Network Access Throughput, New Sessions, and Network Access Connections Optionally, administrators create customized views using the Dashboard Windows Chooser Drag and drop selections onto the window pane with the type of statistics desired for fast comprehension of session health F5 Networks, Inc 39
Solutions for an Application World.