F5 Networks -Access Policy Manager
F5 Access Policy Manager (APM)
SECURE IDENTITY AND ACCESS MANAGEMENT
What Is F5 BIG-IP Access Policy Manager or APM?
F5 BIG-IP Access Policy Manager (APM) is a flexible, high-performance access and security solution that provides unified global access to your applications and network. By converging and consolidating remote access, LAN access, and wireless connections within a single management interface, and providing easy-to-manage access policies, BIG-IP APM helps you free up valuable IT resources and scale cost-effectively.
Simple Example of F5 BIG-IP Access Policy Manager or APM:
Today, business resources, such as applications and data, are accessed inside and outside the traditional business perimeter. Local and remote employees, partners, and customers often access applications without context or security. A central policy control point delivers access based on context and is critical to managing a scalable, secure, and dynamic environment. As the mobile workforce grows, users require access to corporate resources from different types of networks and an increasing variety of devices. Ensuring secure and fast application performance for remote users is a key challenge.BIG-IP APM is positioned between the applications and the users, creating a strategic control point in the network.BIG-IP APM protects your public-facing applications by providing policy-based, context-aware access to external users while consolidating your access infrastructure.
It also provides secure remote access to corporate resources from all networks and devices. By converging and consolidating remote access, LAN access, and wireless connections within a single management interface and providing easy-to-manage access policies, BIG-IP APM puts IT back in control of application access.
Where We Can Use F5 BIG-IP Access Policy Manager or APM?
Any enterprise organization requires unified global access, centralized access control, and secure web access to their application and Single sign-on must have this solution in place to make sure of their business continuity.
Advance Benefits
"Always Connected" Remote Access
BIG-IP APM works with an optional client to provide secure remote access. This state-of- the-art, integrated client, BIG-IP Edge Client, provides location awareness and zone determination to deliver a secure, persistent, policy-based access unlike any other.
BIG-IP Edge Client helps ensure continued user productivity whether the user is at home on a wireless network, using an air card in transit, giving a presentation over corporate wireless, in a café on guest wireless, or docked on a LAN connection. BIG-IP Edge Client can automatically detect domains and connect even after losing a VPN connection or it can disconnect when a LAN connection is detected
BIG-IP Edge Client helps ensure continued user productivity whether the user is at home on a wireless network, using an air card in transit, giving a presentation over corporate wireless, in a café on guest wireless, or docked on a LAN connection. BIG-IP Edge Client can automatically detect domains and connect even after losing a VPN connection or it can disconnect when a LAN connection is detected
Consolidated AAA infrastructure
Other authentication solutions use application coding, separate web server agents, or specialized proxies, which can present significant management, cost, and scalability issues.
With AAA control directly on the BIG-IP system, BIG-IP APM enables you to apply customized access policies across many applications and gain centralized visibility of your authorization environment. You can consolidate your AAA infrastructure, eliminate redundant tiers, and simplify management to reduce capital and operating expenses.
With AAA control directly on the BIG-IP system, BIG-IP APM enables you to apply customized access policies across many applications and gain centralized visibility of your authorization environment. You can consolidate your AAA infrastructure, eliminate redundant tiers, and simplify management to reduce capital and operating expenses.
Hosted Virtual Desktop
Virtual desktop deployments have to scale to meet the needs of thousands of users and hundreds of connections per second. BIG-IP APM includes native support for Microsoft Remote Desktop Protocol (RDP) and native secure web proxy support for Citrix XenApp, XenDesktop, and PCoIP for VMware Horizon View.
In addition, BIG-IP APM will pass down a Java-based applet that acts as a Java RDP client and executes in the client’s browser. This Java RDP client is a quick virtual desktop infrastructure (VDI) option as requirements dictate and is a secure remote access solution for Mac and Linux users.
The highly scalable, high performance application delivery capabilities of BIG-IP APM provide simplified access and control to users in hosted virtual desktop environments
In addition, BIG-IP APM will pass down a Java-based applet that acts as a Java RDP client and executes in the client’s browser. This Java RDP client is a quick virtual desktop infrastructure (VDI) option as requirements dictate and is a secure remote access solution for Mac and Linux users.
The highly scalable, high performance application delivery capabilities of BIG-IP APM provide simplified access and control to users in hosted virtual desktop environments
Dynamic Access Control
BIG-IP APM provides access authentication using access control lists (ACLs) and authorizes users with dynamically applied layer 4 and layer 7 ACLs on a session. Both L4 and L7 ACLs are supported based on endpoint posture as a policy enforcement point.
BIG-IP APM allows individual and group access to approved applications and networks using dynamic, per-session L7 (HTTP) ACLs. You can use the Visual Policy Editor to quickly and easily create ACLs.
BIG-IP APM allows individual and group access to approved applications and networks using dynamic, per-session L7 (HTTP) ACLs. You can use the Visual Policy Editor to quickly and easily create ACLs.
Single sign-on
BIG-IP APM supports single sign-on (SSO) across multiple domains and Kerberos ticketing, enabling additional types of authentication, such as Federal Common Access Cards and the use of Active Directory authentication for all applications.
Security Assertion Markup Language (SAML) 2.0 support extends BIG-IP SSO options further by supporting both identity provider (IdP) initiated connections and service provider (SP) initiated connections. This functionality minimizes time spent logging into multiple applications with SSO and enables a unified user portal for cloud, web, virtual desktop infrastructure (VDI), and client/server applications
Security Assertion Markup Language (SAML) 2.0 support extends BIG-IP SSO options further by supporting both identity provider (IdP) initiated connections and service provider (SP) initiated connections. This functionality minimizes time spent logging into multiple applications with SSO and enables a unified user portal for cloud, web, virtual desktop infrastructure (VDI), and client/server applications
Advanced Reporting
An in-depth view of logs and events provides access policy session details. With reports from technology alliance partner Splunk—a large-scale, high-speed indexing and search solution—BIG-IP APM helps you gain visibility into application access and traffic trends, aggregate data for long-term forensics, accelerate incident responses, and identify unanticipated problems before users experience them.
Strong Endpoint Security
BIG-IP APM can deliver an inspection engine through the browser to examine the security posture of a device and determine whether the device is part of the corporate domain. Then, based on the results, it can assign dynamic access control lists to deliver context-based security.
More than a dozen integrated endpoint inspection checks are preconfigured, including OS, antivirus software, firewall, file, process, registry, as well as the device’s MAC address, CPU ID, and HDD ID.
For mobile devices running Apple iOS or Google Android, endpoint inspection checks the mobile device UDID and if the mobile device has been jailbroken or rooted. Administrators can map hardware attributes to user role to allow more decision points for access control. A browser cache cleaner will automatically remove any sensitive data at the end of a user’s session
More than a dozen integrated endpoint inspection checks are preconfigured, including OS, antivirus software, firewall, file, process, registry, as well as the device’s MAC address, CPU ID, and HDD ID.
For mobile devices running Apple iOS or Google Android, endpoint inspection checks the mobile device UDID and if the mobile device has been jailbroken or rooted. Administrators can map hardware attributes to user role to allow more decision points for access control. A browser cache cleaner will automatically remove any sensitive data at the end of a user’s session
Unprecedented Performance and Scale
BIG-IP APM access offers SSL offload at network speeds and supports up to 3,000 logins per second. For organizations with an ever-growing base of web application users, BIG-IP APM scales quickly and cost-effectively to support up to 200,000 concurrent users on a VIPRION chassis platform or 60,000 concurrent users on a single high-end appliance