BIG-IP Advanced ADC Access Policy Manager
-
Upload
dsorensencpr -
Category
Technology
-
view
2.525 -
download
8
description
Transcript of BIG-IP Advanced ADC Access Policy Manager
![Page 1: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/1.jpg)
BIG-IP V10.1Advanced ADC
New ADC services deliver unmatched controland savings for next generation data centers
![Page 2: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/2.jpg)
2
F5 Vision: Unified Application & Data Delivery
Context-Aware Networking
Corporate EmployeesLAN & WLAN Mobile
EmployeesCustomer, Partners,
or Suppliers
Branch Employees
LAN & WLANRemote
Employees
Cloud Services Hosted Applications CorporateData Center
SAAS Apps and Datain the Branch
Enables the Dynamic Infrastructure
![Page 3: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/3.jpg)
3
Geolocation Based Services in BIG-IP
• All TMOS products include integrated GeolP Database
• Powerful geographic based policy control– GSLB enhanced– Filtering, Redirection, Reporting, and iRules Control (New)
• Provided by Quova™– Continent, country, state/region attributes– 2.7 billion routable IP addresses – Accurate / Updateable
![Page 4: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/4.jpg)
4
BIG-IP Access Policy Manager (APM)
Consolidated and centralized access policy enforcement
L4 – L7 full proxy access control at BIG-IP speeds
Advanced endpoint security
VPE Rules – iRules style interface for custom access policies
TMOS / BIG-IP modules Integrates on the ADC
Bringing Identity, Authentication, and Access Control to BIG-IP
![Page 5: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/5.jpg)
5
Proxy Web Servers
App 1
App 2
App 3
1
1 Code in the Application• Costly, difficult to change• Not repeatable, less secure
Agents on Servers• Difficult to manage• Not interoperable or secure• Decentralized and costly
2
2
3 Specialized Access Proxies• Doesn’t scale and not reliable• More boxes and expensive
App n
3
Policy Manager Directory
Authentication Alternatives Today
![Page 6: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/6.jpg)
6
BIG-IP benefits:
• Reduce costs and complexity
• Gain superior scalability and high availability
• Enforce L4 – L7 ACLs at BIG-IP LTM speeds
Proxy Web Servers
App 1
App 2
App 3
App n
LTM +
APM
Policy Manager Directory
A Better Alternative – BIG-IP LTM + APM
![Page 7: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/7.jpg)
7
Additional benefits:
• Endpoint inspection
• Virtualization for the Application and Directory
• Web application security
• Web application accelerationEndpoint
Security ChecksEndpoint
Security Checks
Web Servers
App 1
App 2
App 3
Policy Manager Directory
App n
Virtualization(HA, Scale, LB)
Virtualization(HA, Scale, LB)
ASM or
WA
LTM +
APM +
Richer Application Delivery
![Page 8: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/8.jpg)
8
• Customer has 200 apps• Requires 2 Oracle Proxy’s per app or 400 servers
• CAPEX: $4K per server includes proxy software (give away), hardware, and OS
• OPEX: $3K per server
• LB required for high availability
Web App
OAM Manager
OAM Directory
OAM ProxyLB
… …
App 200
App 1
Customer Planned Architecture with Oracle Access Manager (OAM)
SSL
Auth Proxy Integration – Before
![Page 9: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/9.jpg)
9
Web AppLTM + APM
App 1
Customer Architecture with Oracle Access Manager (OAM) and BIG-IP
OAM Manager
OAM Directory
…
• Customer CAPEX savings: $1.344M• $1.6M ($4K * 400 servers) - $256K (Cost of APM)
• OPEX savings: $1.2M / year• $3K * 400 servers
Auth Proxy Integration – After
SSL
![Page 10: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/10.jpg)
10
BIG-IP WAN Optimization Module
Step 3
Symmetric Adaptive
Compression
Step 4
SSLEncryption
Step 5
TCPOptimization
Step 2
Data De-duplication
Step 6
BandwidthAllocation
Step 1
ApplicationLayerAcceleration
OptimizedData WAN
Additional WOM (Module) Free WAN Opt Service with LTM
TMOS Optimization Services
• Industry’s fastest and most scalable for data replication– Up to10 Gbps optimized throughput (single connection)
• Most cost-effective WAN Optimization service• Different services for different applications
![Page 11: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/11.jpg)
11
Port Authority - Fast Document Downloads
Internet
DocuShare Servers
Router Firewall
Hosted Service Provider - East CoastPort Authority - West Coast
Contractors, guest & Port Authority users
• 40MB file takes 3+ mins• 2-4Mbps of throughput
Link: 20Mbps
80ms latency0.1% loss
RouterFirewall
• Files are slow to download• Encrypting file transfer increases
download time• Not utilizing bandwidth effectively • Distance between DC’s (Latency)
Problem
SSL
![Page 12: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/12.jpg)
12
Port Authority - Fast Document Downloads
Internet
DocuShare Servers
Router Firewall
Hosted Service Provider - East CoastPort Authority - West Coast
Contractors, guest & Port Authority users
• 9x faster • 40MB file takes
20secs• 12Mbps of
throughput
Link: 20Mbps
80ms latency0.1% loss
RouterFirewall
• Offload SSL• Utilize bandwidth more effectively• Accelerate data transfer over WAN• Mitigate the effect of latency
Solution
SSL Offload
BIG-IP LTM + WOMBIG-IP LTM + WOM
iSessions
![Page 13: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/13.jpg)
13
BIG-IP – Next Generation ADC Services
Expanding Integrated ADC Market.
Access Policy ManagerSimplify and reduce AAA and Web Access costs up to 90%
Geolocation Based ServicesImprove global Application control and performance
Integrated WAN Optimization ServicesDC to DC – Reduce WAN costs and improve performance
![Page 14: BIG-IP Advanced ADC Access Policy Manager](https://reader036.fdocuments.in/reader036/viewer/2022081512/557accf0d8b42add288b4a27/html5/thumbnails/14.jpg)