Sie sind auf Seite 1von 23

Bringing Applications Everywhere

Gert Jan Wolfis


g.wolfis@f5.com
Field Service Engineer
2

Users are moving away from the application

Data Center

Users

Distance

© F5 Networks, Inc.
3

What is happing?

• Increase of Mobile and Remote users

• Service Providers are reconsidering their


value adds:
• Develop Cloud Services
• Becoming a MVNO
• IT from the wall

• Mobile from 3G to LTE

IDC Research 2010 © F5 Networks, Inc.


4

Users Opinion

• No need to be in the office to be efficient

• More demands for mobile work

• Ranks high on employee wish-list!

• I don’t need corporate devices to get the job done

© F5 Networks, Inc.
5

Organizational Constraints

• We have rules here!

• BYOD variables will increase my budget

• What will my users access and when?

• How about Security and Availability of my applications?

I want to be in control!
© F5 Networks, Inc.
6

© F5 Networks, Inc.
7

F5’s Dynamic Control Plane Architecture

Users
Application and Data
Delivery Network

Availability Optimization Security Management


• Scale • Network • Network • Integration
• HA / DR • Application • Application • Visibility
• Bursting • Storage • Data • Orchestration
• Load-Balancing • Offload • Access

Resources

Private Public

Cloud
Physical Virtual Multi-Site DCs © F5 Networks, Inc.
8

TMOS Architecture
The foundation of BIG-IP LTM and a unified system
for application delivery

© F5 Networks, Inc.
9

BIG-IP Local Traffic Manager


Direct traffic to the best available server
Guarantee application availability
Available
• Load balancing
• Health Monitor Router
• Server Persistence

Fast
• Compression BIG-IP LTM

• RAM Caching
• TCP Multiplexing

Secure
• DDoS protection Application Servers
• TCP proxy
• Application proxy
• SSL offload

More
© F5 Networks, Inc.
11

BIG-IP Global Traffic Manager


Direct traffic to the best available data center
Client
BIG-IP Global Traffic Manager provides dynamic data
center load balancing, ensuring users are sent to the
best available location, and the closest location to
provide the fastest experience.
Data Center 1 L-DNS Data Center 2
Router Router

BIG-IP GTM BIG-IP GTM

BIG-IP
BIG-IP LTM
Global Traffic Manager is an integral part of
BIG-IP LTM
any DNS core infrastructure by providing scale,
security, and simplification.
App Servers App Servers

More
© F5 Networks, Inc.
13

Context leverages information about the


end user to improve the interaction

Who • Who is the user?

What • What devices are requesting access?

When • When are they allowed to access?

Where • Where are they coming from?

How • How did they navigate to the page/site?

© F5 Networks, Inc.
14

One Access Solution – BIG-IP APM

Remote Access: Web Access Management:


• SSL VPN • Proxy to HTTP apps
– Network Access All Access
– Custom
– Portal Access Use Cases
– 3rd party
– App Tunnels

BIG-IP
Access Policy Manager

Application Access Control:


• Proxy to Non-HTTP apps
– Citrix ICA
– ActiveSync
– Outlook Anywhere
© F5 Networks, Inc.
15

Enable Simplified Application Access


with BIG-IP Access Policy Manager (APM)

Users Data Center

Directories

© F5 Networks, Inc.
17

BIG-IP Access Policy Manager (APM)


Unified Access and Control for BIG-IP

BIG-IP® APM ROI Benefits:


• Consolidates auth. infrastructure
• Reduces AAA management costs
• Simplifies remote, web and
application access control

BIG-IP® APM Features:


• Centralizes single sign on and access control services
• Full proxy L4 – L7 access control at BIG-IP speeds
• Adds endpoint inspection to the access policy
• Visual Policy Editor (VPE) provides policy based access control
• VPE Rules – programmatic interface for custom access policies
• Personalize by customization of web pages and Edge client appearance
• Full proxy access control at BIG-IP scale and speed
• iPad, Droid, tablet & smartphone support

*AAA = Authentication, Authorization and Accounting ©(or


F5 Auditing)
Networks, Inc.
19

Dynamic Webtop for End-User

• Customizable and localizable list of resources

• Adjusts to mobile devices

• Toolbar, help, and disconnect buttons

© F5 Networks, Inc.
21

Control Access of Endpoints


Ensure strong endpoint security

BIG-IP APM

Allow, deny, or remediate Invoke protected workspace


users based on endpoint for unmanaged devices:
attributes such as:

• Antivirus software version • Restrict USB access


and updates
• Cache cleaner leaves no trace
• Software firewall status
• Ensure no malware enters
• Access to specific applications corporate network

© F5 Networks, Inc.
23

Next Generation Protocol: SPDY

For more information about SPDY, visit www.chromium.org/spdy/spdy-whitepaper.

Amazon Silk Android 3.0+ Chrome Firefox v11+


© F5 Networks, Inc.
24

BYOD Trust Model

• The trust level of a mobile device is dynamic

• Identify and assess the risk of personal devices

• Assess the value of apps and data

• Define remediation options


• Notifications
• Access control
• Quarantine
• Selective wipe

• Set a tiered policy

© F5 Networks, Inc.
26

Combining the Power of and MDM


ACLs

Un-managed
Load Balancing, SSL
devices get limited
Offload, High Speed
Auth Proxy and SSO access
Acceleration LTM Services
App 1 App 2 App n

HA Configuration

Offload SSL, Caching,


Compression, IPV6…
Managed devices
Auth Proxy Offload
get full access

APM Queries MDM


and/or Directories

MDM
System
© F5 Networks, Inc.
27

Benefits of F5 & MDM

F5 checks device posture and compliance with MDM

F5 does periodic compliance checks

Corporate information and VPN settings can be wiped

IT can trust and control all devices accessing VPN/WiFi

© F5 Networks, Inc.
28

F5 Unified Access and Control


Flexible and Dynamic ADC Services – BIG-IP

Data Center

App 1 App n

© F5 Networks, Inc.
29

Next Steps:

• Create your own BYOD trustmodel

• Rethink your application security and availability

• Understand your users context

• Centralize policy management

• Leverage F5 solutions!

BE IN CONTROL!
© F5 Networks, Inc.
© 2011 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, ARX, FirePass, iControl, iRules, TMOS,
and VIPRION are registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries