f5 government tech talk - · pdf filef5 government tech talk ... access policy manager : ......
TRANSCRIPT
![Page 1: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/1.jpg)
F5 Government Tech Talk Secure Your Critical Applications Jay De Leo, Federal Field Systems Engineer April 28, 2014
![Page 2: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/2.jpg)
F5 Company Snapshot
2Q12 Gartner Advanced Platform DC Market Share
Gartner, Inc. Market Share: Application Acceleration Equipment, Worldwide, CYQ212, Joe Skorupa, Nhat Pham, Sept 2012
• Leading provider of Application Delivery Networking products that optimize the security, performance & availability of network applications, servers and storage systems
• FY12 Revenue: $1.38B (+31% y/y)
![Page 3: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/3.jpg)
15 of the 15 executive branch agencies, plus many other DoD, civilian and commercial organizations rely on F5.
Government Agencies Trust F5
![Page 4: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/4.jpg)
• Certifications • FIPS 140-2 Level 2 • Common Criteria EAL2 (EAL4 In Process) • DISA STIG • 3 Year ATO at DISA • DIACAP/DITSCAP MAC II Level Certification • JITC PKE • In Process: TIC Lab/JITC APL (UCCO TN 1312201)
Government Certifications
![Page 5: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/5.jpg)
BIG-IP Virtual Edition
F5 BIG-IP Product Suite
• Fast, secure, available
• Best-in-class hardware platform and software virtual instance
Application Delivery Services
BIG-IP Hardware Platform
Clients
Application
![Page 6: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/6.jpg)
F5: An Intelligent Services Platform F5 makes the connected world run better
iRules iControl iApps
Hardware Software
TMOS
Secure
Available
Fast
DevCentral User Community
Programmable/Extensible
Enterprise
Foundation
Customizable Traffic Management
Intelligent Integrated
Context aware
Scale
Delivers applications to high-performance mobile and remote users while providing dynamic, flexible and powerful security.
Improves performance, increases employee productivity, boosts business operations and drives e-commerce revenue.
Fast
Secure
Intelligent Ecosystem
Efficiently delivers highly reliable application services while maintaining maximum availability regardless of location or state.
Available
![Page 7: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/7.jpg)
F5: An Intelligent Services Platform Product Modules
APM ASM AFM
WBA WOM AAM
Fast
Secure
LTM GTM
Available
: Local Traffic Manager
: WebAccelerator
: Access Policy Manager
: Global Traffic Manager
: WAN Optimization Manager : Application Acceleration Manager
: Application Security Manager : Advanced Firewall Manager
• Local Server Load Balancing • Application Layer Health Monitoring • ACLs, Packet Filters, SYN Flood Protection
• Automated Global Site Redirection • Network and Application Health Monitoring • DNSSEC, IP Geolocation
• HTTP Protocol Optimization • Intelligent Browser Referencing • Image Optimization
• Symmetric Adaptive Compression • Symmetric Data Deduplication • L7 QoS
• WebAccelerator Features • WAN Optimization Features • Combined Module with 11.4
• User Access Control • CAC/PIV/Smartcard Enablement • Portal, WebTop
• Layer 7 Targeted Attack Prevention / DDoS / DDDoS • Data Leakage Protection • OWASP Top Ten
• Full-Proxy Firewall • Layer 4 DoS Protection • Protocol Anomaly Detection
![Page 8: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/8.jpg)
F5 Security Architecture
![Page 9: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/9.jpg)
Network Defense in Depth
Lack of performance and scale
Inability respond to changing threats
Failure to extend new services
Complexity and cost of multiple vendors
Internet
Load Balancer
DNS Security
Network DDoS
Web Application Firewall
Web Access Management
Load Balancer
& SSL
Application DDoS Firewall
![Page 10: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/10.jpg)
Question
• What is a Proxy?
• What is a Full Proxy?
• What is the difference between a forward proxy and a reverse proxy?
![Page 11: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/11.jpg)
Service Defense in Depth: Full Proxy Security
Network
Session
Application
Web application
Physical
Client / Server
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
SSL inspection and SSL DDoS mitigation
HTTP proxy, HTTP DDoS and application security
Application health monitoring and performance anomaly detection
Network
Session
Application
Web application
Physical
Client / Server
![Page 12: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/12.jpg)
Network
Session
Application
Web application
Physical
Client / Server
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
SSL inspection and SSL DDoS mitigation
HTTP proxy, HTTP DDoS and application security
Application health monitoring and performance anomaly detection
Network
Session
Application
Web application
Physical
Client / Server
Service Defense in Depth: Full Proxy Security
High-performance HW
iRules
iControl API
F5’s Approach
• TMOS traffic plug-ins • High-performance networking microkernel • Powerful application protocol support
• iControl—External monitoring and control • iRules—Network programming language
IPv4
/IPv
6
SSL
TCP
HTT
P Optional modules plug in for all F5 products and solutions
APM
Fire
wal
l
…
Traffic management microkernel
Proxy
Client side
Server side SS
L
TCP
OneC
onne
ct
HTT
P
![Page 13: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/13.jpg)
Full Proxy Security Enables Service Defense Bring deep application fluency to security
One platform
SSL inspection
Traffic management
DNS security
Access control
Application security
Network firewall
DDoS mitigation
![Page 14: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/14.jpg)
F5 Solutions for Access Management and Authentication
![Page 15: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/15.jpg)
Proxy Web Servers
App 1
App 2
App 3
1
1 Code in the Application • Costly, difficult to change • Not repeatable, less secure
Agents on servers • Difficult to manage • Not interoperable or secure • Decentralized and costly
2
2
3 Specialized Access Proxies • Doesn’t scale and basic reliability • More boxes and expensive
App n
3
Policy Manager
Directory
Authentication Alternatives Today
![Page 16: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/16.jpg)
BIG-IP benefits:
• Reduce costs and complexity
• Gain superior scalability and high availability
• Better security with Dynamic L4 – L7 ACL control at LTM speeds
• Repeatable, across multiple applications
Proxy Web Servers
App 1
App 2
App 3
App n
LTM + APM
Policy Manager
Directory
A Better Alternative
![Page 17: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/17.jpg)
© F5 Networks, Inc 17
BIG-IP Local Traffic Manager + Access Policy Manager
Directory
SharePoint OWA
Cloud
Web servers
App 1 App n
APP OS
APP OS
APP OS
APP OS
Hosted virtual desktop
Users
with BIG-IP Access Policy Manager (APM) Enable Simplified Application Access
![Page 18: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/18.jpg)
BIG-IP® APM features: • CAC/PIV/Smartcard Enablement • Centralizes single sign-on and access control services • Full proxy L4 – L7 access control at BIG-IP speeds • Adds endpoint inspection to the access policy • Visual Policy Editor (VPE) provides policy-based access control • VPE Rules—programmatic interface for custom access policies • Supports IPv6
BIG-IP® APM ROI benefits: • Scales to 100K users on a single device • Consolidates auth. infrastructure • Simplifies remote, web and application access control
*AAA = Authentication, authorization and accounting
Unified Access and Control with BIG-IP Access Policy Manager (APM)
![Page 19: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/19.jpg)
Control Access of Endpoints Ensure strong endpoint security
Users
BIG-IP APM
• Antivirus software version and updates
• Software firewall status
• Machine certificate validation
Allow, deny or remediate users based on endpoint attributes such as:
Invoke protected workspace for unmanaged devices:
• Restrict USB access
• Cache cleaner leaves no trace
• Ensure no malware enters corporate network
Web
![Page 20: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/20.jpg)
Seamless Experience with a Universal Portal
• Webtop unites internal and external application resources across your Enterprise
• Provides seamless presentation and access to Windows, Web, SaaS, Mobile Applications and data
• WebTop helps organizations with RDP, VMware and Citrix consolidate on a single platform
![Page 21: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/21.jpg)
F5 Solutions for Application Security
![Page 22: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/22.jpg)
Question
• Who needs to worry about application security?
• What the difference between network security and application security?
![Page 23: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/23.jpg)
“ © F5 Networks, Inc 23
Most detected activity has targeted unclassified networks connected to the Internet, but foreign
cyberactors are also targeting classified networks. Importantly, much of the nation's critical proprietary
data are on sensitive but unclassified networks.
James Clapper Director of National Intelligence
http://news.cnet.com/8301-1009_3-57573902-83/intelligence-chief-offers-dire-warning-on-cyberattacks/
![Page 24: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/24.jpg)
Cyber-attacks in the News for 2011
IBM X-Force 2011 Trend and Risk Report March 2012
![Page 25: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/25.jpg)
Web Application Security
Proactively secure all web applications from current and future threats.
OWASP Top 10
Get protection from the top threats without impacting app performance or scale.
Dynamic App Security Testing
Key partnerships give you full vulnerability checking and website protection.
SDLC
Use built-in security capabilities to accelerate and improve app development.
IP Intelligence
Defend against malicious activity and web attacks.
![Page 26: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/26.jpg)
Targeted Attack Protection Use case
BIG-IP Application Security Manager
Web 2.0 Apps
Datacenter
Load Balancer
HACKER
Private cloud apps
Security?
INTERNET
Users
Request made Vulnerable application No security policy
Unsecure response delivered / Hacker given access
![Page 27: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/27.jpg)
Targeted Attack Protection Use case
BIG-IP Application Security Manager
Web 2.0 Apps
Datacenter
BIG-IP Application Security Manager
HACKER
Private cloud apps
BIG-IP Application Security Manager
Request made
BIG-IP ASM applies security policy
Vulnerable application
Secure response delivered
BIG-IP ASM security policy checked
INTERNET
Users
![Page 28: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/28.jpg)
DDoS Protection Use case
Syn Flood
ICMP flood
TCP Flood
Slowloris
Attacks
The infamous Wikileaks firewall failures
![Page 29: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/29.jpg)
BIG-IP Application Security Manager Powerful Adaptable Security
• Web Application Firewall • Provides comprehensive protection for all web application vulnerabilities, including DDoS • Logs and reports all application traffic and attacks • Educates admins on attack type definitions and examples • Enables L2->L7 protection • Unifies security, access control and application delivery • Sees application level performance • Provides On-Demand scaling
![Page 30: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/30.jpg)
F5 Solutions for Application Acceleration
![Page 31: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/31.jpg)
Acceleration in the Data Center
Load balance • Distribute application load
across multiple servers to increase availability
Offload • Increase server capacity • Accelerate SSL processing • Manage TCP connections
more efficiently
SPDY gateway • Leverage SPDY and other
protocols without recoding applications
Fast cache • Offload repetitive traffic from
web and application servers to increase server capacity
![Page 32: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/32.jpg)
Accelerating the Network
Compression and deduplication • Reduce amount of data transmitted • Improve network throughput and response • Increase bandwidth efficiency
Protocol optimization • Tune TCP and HTTP parameters to
adapt to changing network conditions
Loss correction • Correct for high-loss networks to
decrease transmission time and improve user experience
![Page 33: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/33.jpg)
Accelerating the Client
Content control • Deliver content to clients with
minimal network overhead
Data reduction • Optimize images and files for
mobile browsers to improve page load times
![Page 34: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/34.jpg)
Improving the Mobile Experience
Web performance • Optimize content for mobile
devices and reduce round trips to improve page load times
Global load balance • Connect users to the closest
application resources to minimize latency
![Page 35: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/35.jpg)
Application Delivery Optimization
Holistic approach to improving performance throughout the application delivery chain
Network • Connect applications and
users in a global enterprise • Provide the fastest network at
the lowest cost • Increase network efficiency to
best utilize resources
Client • Improve the user experience
for traditional and mobile users
• Deliver the right content to the right user in the fastest time
Data center • Improve availability of
enterprise applications • Increase application server
capacity • Integrate new technologies
without recoding applications
![Page 36: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/36.jpg)
F5 Solutions for VDI
![Page 37: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/37.jpg)
• Authentication must be managed in multiple locations • Authentication integration requires manual scripting • Requires separate ticketing server
and special configuration
Point Solutions Are Complex Citrix VDI Infrastructure
Ticketing Servers
Citrix XML Brokers
Authentication Management
Citrix Web Interface
Sites
Authentication Management
Citrix Receiver
Mobile Users
STA
XML
Internal Users
ICA/HDX
Directory
![Page 38: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/38.jpg)
Authentication Management
• Eliminate Web Interface sites and STA for all clients • Gain single policy and configuration setup,
SSO for all clients • Remove troubleshooting complexity • Reduce CapEx and OpEx
Consolidate and Simplify Simplified Access for Citrix VDI
Directory
BIG-IP Local Traffic Manager + Application Policy Manager
XML – ICA/HDX
Citrix Receiver
Mobile Users
Internal Users
Citrix XML Brokers
CapEx and OpEx
![Page 39: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/39.jpg)
© F5 Networks, Inc 39
vSphere
DMZ
View Security Servers VMware View Server
View Connection Servers
Clients
Consolidate and Simplify Simplified Access for VMware View
• Eliminate View Security Server for all but zero clients. Offload of security server functions. • Gain single policy and configuration setup, SSO for all clients • Remove troubleshooting complexity • Native proxy for PCoIP & RDP connections • Reduce CapEx and OpEx
• ICSA Network Firewall & SSL/TLS Certified
BIG-IP
Replace Firewall, Security Servers and Traffic Management Device with
a single BIG-IP device
![Page 40: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/40.jpg)
F5 Unified Solution Reduces Complexity
• Application access management • SSL VPN – remote access • Present OWA, VMware View
next to Citrix Apps in Portal Mode
• Vendor-agnostic solution provides the flexibility to adapt to changing demands
![Page 41: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/41.jpg)
VDI Challenge:
• Connecting users to preferred data center
• By geographical location (lowest latency)
• By business unit or customer
Alternatives:
• Manual configuration and maintenance of multiple namespaces
F5 Approach:
• Single namespace solution
Single Namespace
Client
BIG-IP Global Traffic Manager
VDI Desktop.example.com
Client connects to closest DC
Request is forwarded to preferred DC
Client is redirected
Storage
vSphere
Virtual Desktops
Data Center 1
BIG-IP Local Traffic Manager
+ Application Policy Manager
Storage
vSphere
Virtual Desktops
Data Center 2
BIG-IP Local Traffic Manager
+ Application Policy Manager
![Page 42: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/42.jpg)
• Sends VDI users to the closest data center
• Continuously monitors the entire infrastructure, including network and application health
• Enables automatic failover during outages
• Ensures persistence to prevent broken sessions
Global Failover and Cross-Site Resiliency
Geolocation services
Clients
BIG-IP Global Traffic Manager
Data Center 1
BIG-IP Local Traffic Manager + Application Policy Manager
Hypervisor
Virtual Desktops
Data Center 2
BIG-IP Local Traffic Manager + Application Policy Manager
Hypervisor
Virtual Desktops
Data Center 3
BIG-IP Local Traffic Manager + Application Policy Manager
Hypervisor
Virtual Desktops
Monitoring via iQuery
![Page 43: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/43.jpg)
Improve VM Density
Typical virtualized server ! SSL ! Caching ! Compression ! One Connect ! TCP Optimization
Offload
Same server with BIG-IP
![Page 44: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/44.jpg)
Automation
Automation
iControl
iControl
Monitoring and Management
Front End Virtualization BIG-IP
Local Traffic Manager
App Server Virtualization BIG-IP
Local Traffic Manager
Storage Virtualization
F5 Provision
Detection
VM Provision
Detection
F5 Deprovision
Clients
Web Clients
Web Clients
vCenter
Dynamic Services Automation
![Page 45: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/45.jpg)
The F5 Difference
![Page 46: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/46.jpg)
Question
• How can F5 secure and optimize your application deployments?
![Page 47: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/47.jpg)
© F5 Networks, Inc 47
Applications F5 can help deploy, optimize, and protect
• Microsoft
• VMware
• Oracle
• SAP
• Citrix
• Even home-grown, custom-built applications • F5 is application agnostic
• Technology Alliances: • http://www.f5.com/products/technology/
![Page 48: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/48.jpg)
© F5 Networks, Inc 48
Key F5 Differentiators • Application Fluency
• L7 Intelligence and application partnerships
• Massive Performance and Scale without sacrificing L7 intelligence
• Advanced Functionality • Application security, access policy management, application and WAN
optimization, caching, compression, and SSL termination on one platform
• Ease of Use and Deployment • GUI, Templates, iApps
• Extensibility, Flexibility and Control • iRules and iControl
• DevCentral • Active User Community
![Page 49: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/49.jpg)
• AskF5 Knowledge Base : askf5.com
• iHealth Diagnostics : ihealth.f5.com
• DevCentral : devcentral.f5.com
• Web Support : websupport.f5.com
• Free Web-based Training : LTM Essentials • http://university.f5.com
• Account Team
Additional Resources
![Page 50: F5 Government Tech Talk - · PDF fileF5 Government Tech Talk ... Access Policy Manager : ... Optional modules plug in for all F5 products and solutions ll](https://reader035.vdocuments.mx/reader035/viewer/2022070606/5a7238937f8b9abb538d5bfc/html5/thumbnails/50.jpg)