F5 NETWORKS, INC. Secure Your Applications, Simplify Authentication, and Optimize Critical System

F5 NETWORKS, INC

Secure Your Applications, Simplify Authentication,

and Optimize Critical System

Jaye Garza; Federal MAM, Army

Jereme De Leo; Federal FSE, Army

March 13, 2013

•

 

Introductions

•

 

Company Snapshot

•

 

Strategic Point of Control

•

 

Optimizing, Securing, and Scaling Microsoft SharePoint

•

 

Simplifying VDI Deployment

•

 

Mobility and BYOD

•

 

Cloud Services Enablement

F5 Company Snapshot

4Q11 Gartner Advanced Platform DC Market Share

Gartner, Inc. Market Share: Application Acceleration Equipment, Worldwide, 4Q11 & CY11, Joe Skorupa, Nhat Pham, March 2012

A10 6.7% F5 NETWORKS 54.9% Others 8.1% Radware 9.6% Citrix 20.7%

•

 

Leading provider of Application Delivery

Networking products that optimize the

security, performance & availability of

network applications, servers and storage

systems

Organizations Worldwide Trust F5

F5 Customer Highlights

• 

15 of the top 15 executive branch

departments of the US federal government

2

• 

41 of the Fortune 50 companies

1

• 

15 of the top 15 US banks

1

• 

6 of the top 6 US airlines

1

• 

10 of the top 10 US insurance companies

1

• 

9 of the top 10 US online video brands

4

• 

4 of the top 5 US Internet search providers

5

• 

17 of 20 cloud and Web hosting companies

7

Sources:

1.  Fortune 2010

2.  USA.gov Web site listing

3.  Q310 Ovum Market share, by revenue, global 4.  Nielson NetRatings September 2010

5.  Comscore November 2010

5 © F5 Networks, Inc.

15 of the 15 executive branch agencies, plus

many other DoD, civilian and commercial

organizations rely on F5.

Interoperability

•

 

Deployments

•

 

Certifications

•

 

FIPS 140-2

•

 

Common Criteria EAL2/EAL4

•

 

DISA STIG

•

 

3 Year ATO at DISA

•

 

DIACAP/DITSCAP MAC II level certification

•

 

In Process: TIC Lab/JITC APL/JITC PKE

DoD Deployments and

And then there were

Load Balancers

Application proliferation,

complexity, mobility,

security

A long time ago…

and then…

and now with F5!

F5 brings the highest

security, matched by a

scale and

high-performance architecture

Scale

Intelligent

Integrated

Context aware

Customizable

Ecosystem

Community driven

Availability

•  Scale

•  HA / DR

•  Bursting

•  Load-Balancing

Optimization

•  Network

•  Application

•  Storage

•  Offload

Security

•  Network

•  Application

•  Data

•  Access

Management

•  Integration

•  Visibility

•  Orchestration

Strategic Point of Control

Ap

pl

ica

tio

n

an

d

D

at

a

D

el

ive

ry

N

et

w

ork

Resources

OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP Private Public

Users

F5 Application Delivery Network

Enterprise Manager™ TMOS® iRules® _iControl® Applications & Storage Users Data Center BIG-IP® Local Traffic Manager ARX® File Virtualization BIG-IP® Advanced Firewall Manager BIG-IP® Global Traffic Manager BIG-IP® Link Controller BIG-IP® WAN Optimization Module BIG-IP® Web-Accelerator BIG-IP® Application Security Manager BIG-IP® Access Policy Manager BIG-IP® Virtual Edition

Optimizing, Securing, and

Scaling Microsoft SharePoint

Typical SharePoint Deployment

SQL Database Intranet SharePoint Server Fast Search Server Active Directory

Primary Data Center

SharePoint Server

Active Directory

Fast Search Server

SQL Database

Typical SharePoint Deployment

SQL Database Intranet SharePoint Server Fast Search Server Active Directory

Primary Data Center

User interacts with SP

Dynamic page

SP to SQL

Typical SharePoint Deployment

SQL Database Intranet SharePoint Server Fast Search Server Active Directory

Primary Data Center

Scalability concerns

-  Internal / external users -  1000 user limit

High availability

-  Even if less than 1000 -  SP and FSS not HA

Performance issues

-  Multiple calls per request -  CPU cycles for SSL/Auth

F5 SharePoint Deployment

SQL Database Intranet SharePoint Server Fast Search Server _Active Directory

Primary Data Center

BIG-IP

Local Traffic Manager

6900

Highly Available

-  Load balancing -  SP and FSS -  Scalable

Optimized

-  WAN/LAN TCP profiles -  Content spooling -  OneConnect -  Compress/Cache

Secure

-  SSL offload -  ICSA Firewall -  FIPS 140-2

Ease of Deployment

-  iApps

F5 SharePoint Deployment

SQL Database Intranet SharePoint Server Fast Search Server _Active Directory

Primary Data Center

BIG-IP

Local Traffic Manager

6900

BIG-IP WebAccelerator

Dynamic Cache/Compress

Image / PDF Optimization

HTTP Optimization

Intelligent Browser Ref

F5 SharePoint Deployment

SQL Database Intranet SharePoint Server Fast Search Server _Active Directory

Primary Data Center

BIG-IP

Local Traffic Manager

6900

BIG-IP WebAccelerator

OWASP Top 10

SQL Injection Attacks

DDoS Protection

BIG-IP Application Security Manager Attacker User

Data Leakage Protection

Layer 4-7 Protection

Web applications are at risk:

64 percent of developers are not confident in their ability

to write secure applications.

Most websites were

exposed to at least one

serious vulnerability every

day of 2010.

Only 16% of websites were

vulnerable less than 30 days

of the year overall.

During 2010, the average

website had 230 serious*

vulnerabilities.

On the average, 50% of

organizations require 116

days or less to remediate

their serious vulnerabilities.

- WhiteHat Website Security Stats Report

“

Most detected activity has targeted unclassified

networks connected to the Internet, but foreign

cyberactors are also targeting classified networks.

Importantly, much of the nation's critical proprietary

data are on sensitive but unclassified networks.

James Clapper

Director of National Intelligence

F5 SharePoint Deployment

SQL Database Intranet SharePoint Server Fast Search Server _Active Directory

Primary Data Center

BIG-IP

Local Traffic Manager

6900

BIG-IP WebAccelerator

CAC enablement

Endpoint inspection

Authentication at edge

Granular access control

BIG-IP Application Security Manager

BIG-IP

Access Policy Manager

OCSP / CRL

F5 SharePoint Deployment

SQL Database Intranet SharePoint Server Fast Search Server _Active Directory

Primary Data Center

BIG-IP

Local Traffic Manager

6900

BIG-IP WebAccelerator

Global user redirection

COOP / DR

DNNSEC

BIG-IP Application Security Manager

BIG-IP

Access Policy Manager

OCSP / CRL

BIG-IP

Global Traffic Manager

Secondary Data Center

BIG-IP

• 

Authentication must be managed in multiple locations

• 

Authentication integration requires manual scripting

• 

Requires separate ticketing server

and special configuration

Point Solutions Are Complex

Citrix VDI Infrastructure

Ticketing

Citrix XML Authentication Management

Citrix Web Interface Sites Authentication Management Citrix Receiver

Mobile Users STA XML

Internal Users ICA/HDX

Authentication Management

•

 

Eliminate Web Interface sites and STA for all clients

•

 

Gain single policy and configuration setup,

SSO for all clients

•

 

Remove troubleshooting complexity

•

 

Reduce CapEx and OpEx

Consolidate and Simplify

Simplified Access for Citrix VDI

Directory

BIG-IP Local Traffic Manager

+ Application Policy Manager

XML – ICA/HDX Citrix Receiver

Mobile Users

Internal Users Citrix XML Brokers

CapEx

and OpEx

vSphere

DMZ

View Security

Servers VMware View Server

View Connection

Servers

Clients

Consolidate and Simplify

Simplified Access for VMware View

•

 

Eliminate View Security Server for all but zero clients. Offload of security server functions.

•

 

Gain single policy and configuration setup, SSO for all clients

•

 

Remove troubleshooting complexity

•

 

Native proxy for PCoIP & RDP connections

•

 

Reduce CapEx and OpEx

•

 

ICSA Network Firewall & SSL/TLS Certified

Replace Firewall, Security Servers and Traffic

F5 Unified Access Solution

Reduces Complexity

• 

Application access management

• 

SSL VPN – remote access

• 

Present OWA, VMware View

next to Citrix Apps in Portal Mode

•

 

Vendor-agnostic solution provides

the flexibility to adapt to changing

demands

Improve VM Density

Typical virtualized

server

 

SSL

 

Caching

 

Compression

 

One Connect

 

TCP Optimization

Of

fload

Same server

with BIG-IP

Automation Automation iControl iControl

Monitoring and

Management

Front End Virtualization

BIG-IP Local Traffic

Manager

App Server Virtualization

BIG-IP Local Traffic Manager Storage Virtualization F5 Provision Detection VM Provision Detection F5 Deprovision

Clients Web Clients Web Clients

vCenter

Automate

A Problem of Context

ENTERPRISE DATA CENTER DATA CENTER/ PRIVATE CLOUD HACKER PARTNERS, SUPPLIERS INTERNET DATA CENTER CLOUD ENTERPRISE HEADQUARTERS ENTERPRISE REMOTE OFFICE MOBILE USER

BYOD: Multiple devices

Partner | Vendor access

Application diversity

The cloud

Global access

A Problem of Context

ENTERPRISE DATA CENTER DATA CENTER/ PRIVATE CLOUD PARTNERS, SUPPLIERS INTERNET DATA CENTER CLOUD ENTERPRISE HEADQUARTERS ENTERPRISE MOBILE USER

Where?

When?

Who?

What?

How?

Big access trends

How do you provide device freedom and access to applications while maintaining

corporate security and data integrity?

BYOD:

95% of information

workers report that

they use at least one

self-purchased

device for work.

MOBILE BUSINESS:

50% of business devices

are expected to be

smartphones by 2014.

vs.

BYE-BYE PCs

“

The Defense Department says it has a solid plan to

use the current generation of commercially-available

mobile devices on military networks.

Secure,

accelerated

remote access

Employees get

secure,

fast access to

resources regardless

of where

they are.

Strong

authentication

Two-Factor

Authentication

ensures managed

devices get full

access to corp.

resources.

Endpoint

security

Employee’s iPad is

actively scanned to

ensure compliance

with policies and

remediates if

necessary.

Edge Client

Mobile device

support

Employees want to

use personal devices

– make it easy and

secure do so.

•

 

Securely extends the enterprise to personal mobile devices

•

 

Create a virtual enterprise workspace on mobile devices

•

 

Add your own applications to the secure workspace

•

 

Jailbreak detection

•

 

Remote lock and wipe of secure workspace or device

•

 

Secure browser

•

 

Enterprise App Store

Mobile App Manager

The F5 Powered Cloud

•

 

Users (local or remote) access web resources.

•

 

Local or cloud determination based on capacity,

performance, location (and other user-specified

parameters).

•

 

Administrative domains isolate configuration.

The F5 Secured Cloud

•

 

Contextual, secure access to cloud-based applications.

•

 

Centralize application security.

•

 

Network-side scripting offers immediate method of

addressing security vulnerabilities.

•

 

Administrative domains isolate configuration.

•

 

Provide fast, optimized and secure applications that are

highly available, globally

•

 

Control access to enterprise applications for internal and

remote users

•

 

CAC enable applications

•

 

Enable mobile device access securely

•

 

Simplify deployment of applications and enterprise services

Learn More

•

 

Free F5 BIG-IP LTM Essentials Training

•

 

http://university.f5.com

•

 

F5 Strategic Solutions

•

 

http://www.f5.com/it-management/solutions/

•

 

DevCentral

Contact

•

 

Jereme De Leo

•

 

Federal FSE, Army

•

 

[email protected]

•

 

Jaye Garza

•

 

Federal MAM, Army

devcentral.f5.com

facebook.com/f5networksinc

linkedin.com/companies/f5-networks

twitter.com/f5networks