F5 Access Policy Manager Overview

© F5 Networks, Inc 2

Enable Simplified Application Access with BIG-IP Access Policy Manager (APM)

© F5 Networks, Inc 3

One Access Solution – BIG-IP APM

All Access

Use Cases

BIG-IP

Access Policy Manager

Web Access Management: • Proxy to HTTP apps

– Outlook Web Access

– SharePoint

– Custom

– Single Sign On

– Internal Applications

– SaaS Applications (SAML)

Remote Access: • SSL VPN

– Network Access

– App Tunnels

– Portal Access

– Edge Client

– Windows, Mac, Linux

– SmartPhones

– Tablets

Application Access Control: • Proxy to Non-HTTP apps

– VDI

– Citrix (ICA Proxy)

– VMware View (PCoIP)

– MS Terminal Services/RDS

– Exchange

– ActiveSync

– Outlook Anywhere

Security: – Endpoint Scanning

– Endpoint Cleanup

– Multi-factor authentication with several

directories and methods

© F5 Networks, Inc 4

Outbound Security Services

Identity bridging across

corporate and SaaS resources

• SAML 2.0 services

• SSO

AAA

Server

SSL Forward Proxy SAML IdP

SSO and Federation

SAML SP

© F5 Networks, Inc 5

Dramatically reduce infrastructure costs; increase productivity

Authentication All in One and Fast SSO F5 BIG-IP Access Policy Manager

© F5 Networks, Inc 6

• Customizable and localizable list of resources

• Adjusts to mobile devices

• Java-based resources for client flexibility

• Combine multiple access resources

Dynamic Webtop for End-User

© F5 Networks, Inc 7

Control Access of Endpoints Ensure strong endpoint security

• Antivirus software version and updates - SUBSCRIPTION INCLUDED

• Software firewall status

• Access to specific applications

• Restrict USB access

• Cache cleaner leaves no trace

• Ensure no malware enters corporate network

Allow, deny, or remediate users based on

endpoint attributes such as:

Invoke protected workspace for unmanaged

devices:

BIG-IP APM

© F5 Networks, Inc 8

• Industry-leading advanced Visual Policy Editor (VPE)

• Flexible

• Easy to understand, visual representation of policy

• VPE Rules (TCL-based) for advanced functions

• Trigger TMM iRules events

• Usability features

• Macros

• Visual cues to aid configuration

Access Policy Design

© F5 Networks, Inc 9

Access Policy Design

BIG-IP Access Policy Manager Microsoft Exchange

ActiveSync, Microsoft Solution

• Microsoft Solution

• Authenticate user before client accessing Exchange server

• Exchange 2007/2010 can verify deviceid

• AD group check and basic url filter can be implemented on TMG

Data Center

AD

DMZ

MS TMG or ISA

MS Exchange

© F5 Networks, Inc 12

Microsoft Discontinues TMG

© F5 Networks, Inc 13

Reaction Ranged From Disappointment to Anger…

• TMG was a good product, and was well liked by it’s administrators. • Familiar Windows Interface

• Point and Click

• Cost Effective

“Really? Do you think that everyone is going to the cloud? Seriously, this is a total mess.”

“It breaks my heart.”

“Pity MSFT. ISA & TMG were very strong product sets and truly best in class.”

“Bad news about TMG, how are we expected to publish applications, load balance web sites, Sharepoint, etc?”

Source: http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx?PageIndex=5#comments

ActiveSync, F5 BIG-IP APM Solution

• SSL Offload

• Verify and enable access based on

• User /password, AD group membership

• IP location, Deviceid , Devicestype , Useragent

• Brute force detection

• ActiveSync commands used

• URI (allow acces request to /Microsoft-Server-Activesync)

• User home server

Data Center

AD

DMZ

MS Exchange

BIG-IP Access Policy Manager VDI Solutions

© F5 Networks, Inc 16

Enable Hosted Virtual Desktops

• Simple virtual deployment

• Managed local and remote access

• Power to scale and grow

• Vendor agnostic

VMware View Availability & Scalability Intelligent Traffic Management

• Between VMware View security servers or connection servers

• Aggregate multiple VMware View pods to appear as a single pod

• Between VMware View pods

• Between data centers

Max 10,000 users per pod

Centralized

Virtual

Desktops

Centralized

Virtual

Desktops

BIG-IP

Global Traffic Manager

BIG-IP

Local Traffic Manager

DMZ

BIG-IP

Local Traffic Manager

Access Policy Manager

BIG-IP

Local Traffic Manager

Access Policy Manager

BIG-IP

Local Traffic Manager

DMZ

© F5 Networks, Inc 18

Secure Access Replace VMware View Security Server

• Highly scalable

• Host Endpoint checks

• Simplify topology

• Powerful AAA capabilities

© F5 Networks, Inc 19

Ease and Speed of Deployment iApp for VMware View

• Configure network for VMware View automatically

• Admin answers simple, goal-based questions

• iApp for VMware View configures network

based on Admin’s input

• Benefits

• Faster (minutes instead of days)

• Reduces errors

• Replicates to groups of servers easily

BIG-IP