F5 BIG-IP APM – secure access to all types of applications, from legacy to cloud

F5 BIG-IP Access Policy Manager is flexible security solution with high performance which enables unique global approach to business applications and network. It consolidates remote VPN access, VDI, web access management and lots of other functions in a single point of control and provides secure user access to the network and applications based on context. F5 APM also consolidates and simplifies authentication, authorization and accounting (AAA) services.

F5 BIG-IP Access Policy Manager is flexible security solution with high performance which enables unique global approach to business applications and network. It consolidates remote VPN access, VDI, web access management and lots of other functions in a single point of control and provides secure user access to the network and applications based on context. F5 APM also consolidates and simplifies authentication, authorization and accounting (AAA) services.

F5 APM is available on all F5 platforms, whether we are talking of hardware platforms like VIPRION or BIG-IP or virtual platforms. Some of the APM functionalities are following:

• Identity federation and single sign-on
• Fast, secure remote and mobile access
• Secure and manage web access
• Support for desktop application and virtualization
• Integrated forward proxy support
• Centralized access policy deployment and management
• Best-in-class performance and scalability
• Flexibility to customize
• …

Unique access to applications

Users expect easy access to the applications and data they need regardless of their location or device they use, and no matter where applications are located – in data center, cloud or hybrid environment. The challenge for system administrators is how to protect applications and data, and they need to know where users are connection from, which devices they are using and what applications they are trying to access.

APM can be integrated with existing Enterprise Mobility Management (EEM) solutions to simplifies access to system and to raise security level of the system. Also, APM has native VDI support for Citrix, Microsoft and VMware on desktop and mobile devices which decreases complexity of the system while consolidating network and application infrastructure.

Simple access is not only thing users are demanding today. They want to use same set of credentials for multiple applications. APM enables identity federation and Single Sign-On functionality. At the same time, APM improves access and raises security, no matter where applications are located. Using SAML, APM can be set up as SAMP SP or SAML IdP, allowing organizations to make sure user accounts are securely stored in one place, while verified tokens are sent to the applications users are trying to access.

APM supports numerous authentication methods, also it has support for multi factor authentication. It allows client type differentiation and endpoint checks, and it is possible to use those parameters to create access rules.

Create access policies in a simple way

Another thing that APM makes a very interesting product is certainly the way of creating security policy that is very intuitive and works through a special graphical interface called Visual Policy Editor, where a flow chart is built that defines all checkpoints that a user must pass before he is allowed access to the requested resource:

• Authentication mechanisms (Form-based, NTLM, Client Certification Authentication, Kerberos …)
• Authentication servers (LDAP, Kerberos, SSL CAs, OTPs, AD …)
• Resources (web pages, applications, VPN access ..)
• Access methods (Networks Access, VPN Access, Web Portal)

Authentication methods and checks on client and server side

APM has support for various authentication methods on client side such as:

• Kerberos
• SAML
• Client certificate
• RSA SecurID
• One-time passcode
• HTTP Basic
• HTTP Form

Once that user credentials are entered, APM checks entered information using one of the industrial standards:

• Active Directory authentication and query
• LDAP and LDAPS authentication and query
• RADIUS
• TACACS
• OCSP and CRLDP (for client certificates)

APM is not forwarding client certificates, RSA SecureID or OTP to backend servers so number of authentication methods that can be used on server side is little bit less:

• File system checks
• System service checks
• Registry checks
• Browser plug-in checks
• Antivirus software checks
• Firewall software checks
• Hard-disk encryption software checks
• Patch management software checks
• Peer-to-peer software checks
• Hardware certificate checks
• OS and client device ID checks

F5 APM has solutions for numerous challenges organizations are facing today. With positioning APM between applications and users, organizations are securing access to their applications and achieving consolidation of infrastructure used for application access. APM is simplifying identity and access management (Identity Management – IAM), and also AAA services.

In our next post we will cover some of the most common APM use case scenarios! Visit us again soon!