Secure iphone Access to Corporate Web Applications



Similar documents
Deploying F5 Application Ready Solutions with VMware View 4.5

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

Deliver Secure and Accelerated Remote Access to Applications

Integrating F5 Application Delivery Solutions with VMware View 4.5

Deploying F5 to Replace Microsoft TMG or ISA Server

Optimizing VMware View VDI Deployments with F5

Filling the Threat Management Gateway Void with F5

Achieve Unified Access Control and Scale Cost-Effectively

Deliver Secure and Fast Remote Access to Anyone from Any Device

Achieve Unified Access Control and Scale Cost-Effectively

Post-TMG: Securely Delivering Microsoft Applications

BIG-IP Access Policy Manager Tech Note for BIG-IP Edge Client App for ios

VMware DRS: Why You Still Need Assured Application Delivery and Application Delivery Networking

Configuring a single-tenant BIG-IP Virtual Edition in the Cloud

Accelerating Mobile Access

High-Performance DNS Services in BIG-IP Version 11

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

Intelligent Layer 7 DoS and Brute Force Protection for Web Applications

Deploying the BIG-IP System v11 with LDAP Servers

Presented by Philippe Bogaerts Senior Field Systems Engineer Securing application delivery in the cloud

F5 provides a secure, agile, and optimized platform for Microsoft Exchange Server 2007 deployments

Deploying F5 with IBM Tivoli Maximo Asset Management

SA Series SSL VPN Virtual Appliances

Optimize Application Delivery Across Your Globally Distributed Data Centers

F5 PARTNERSHIP SOLUTION GUIDE. F5 and VMware. Virtualization solutions to tighten security, optimize performance and availability, and unify access

Mobile Access Software Blade

The F5 Intelligent DNS Scale Reference Architecture.

Connecting to the Cloud with F5 BIG-IP Solutions and VMware VMotion

Cloud Services MDM. ios User Guide

Deploying the BIG-IP System with Microsoft Lync Server 2010 and 2013 for Site Resiliency

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

Fight Malware, Malfeasance, and Malingering with F5

Deploying the BIG-IP LTM with. Citrix XenApp. Deployment Guide Version 1.2. What s inside: 2 Prerequisites and configuration notes

F5 and the 8 Ways to Virtualization

Deploying the BIG-IP System for Microsoft Application Virtualization

Security F5 SECURITY SOLUTION GUIDE

F5 and Secure Windows Azure Access

Ensuring the security of your mobile business intelligence

F5 White Paper. The F5 Powered Cloud

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

What s New in Juniper s SSL VPN Version 6.0

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

ios Enterprise Deployment Overview

How To Integrate An Ipm With Airwatch With Big Ip On A Server With A Network (F5) On A Network With A Pb (Fiv) On An Ip Server On A Cloud (Fv) On Your Computer Or Ip

BYOD 2.0: Moving Beyond MDM

Hardware Load Balancing for Optimal Microsoft Exchange Server 2010 Performance

F5 and VMware. Realize the Virtual Possibilities.

The VDC Maturity Model Moving Up the Virtual Data Center Stack

F5 and Microsoft Exchange Security Solutions

Load Balancing 101: Firewall Sandwiches

A Guide to New Features in Propalms OneGate 4.0

Protect Your Business and Customers from Online Fraud

Oracle Database Firewall

EasyConnect. Any application - Any device - Anywhere. Faster, Simpler & Safer Networks

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Deploying the BIG-IP System v11 with SAP NetWeaver and Enterprise SOA: ECC

When enterprise mobility strategies are discussed, security is usually one of the first topics

Deploying the BIG-IP LTM with IBM QRadar Logging

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Achieve Unified Access Control and Scale Cost-Effectively

Trends in Enterprise Virtualization Technologies. A Research Study by F5 Networks

Top Three Reasons to Deliver Web Apps with App Virtualization

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

Introducing the FirePass and Microsoft Exchange Server configuration

SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

Deployment Guide Sept-2014 rev. a. Array Networks Deployment Guide: AG Series and DesktopDirect with VMware Horizon View 5.2

Best Practices for Secure Remote Access. Aventail Technical White Paper

Secure remote access to your applications and data. Secure Application Access

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Citrix Access Gateway

304 - APM TECHNOLOGY SPECIALIST

Deploying the BIG-IP System with VMware vcenter Site Recovery Manager

Deploying the BIG-IP LTM with IBM WebSphere MQ

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

BIG-IP LTM VE The Virtual ADC Your Physical ADC Has Been Missing

Achieve Unified Access Control and Scale Cost-Effectively

DEPLOYMENT GUIDE Version 1.2. Deploying F5 with Oracle E-Business Suite 12

Connecting an Android to a FortiGate with SSL VPN

The Secure Web Access Solution Includes:

ForeScout MDM Enterprise

Cortado Corporate Server

Achieving PCI Compliance Using F5 Products

Kaspersky Security for Mobile

The ForeScout Difference

Building an Enterprise Cloud with F5 and IBM

Mobile Access R Administration Guide. 13 August Classification: [Protected]

iphone in Business How-To Setup Guide for Users

Athena Mobile Device Management from Symantec

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.3 R6)

PRODUCT CATEGORY BROCHURE

Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence

Transcription:

F5 Technical Brief Secure iphone Access to Corporate Web Applications The way corporations operate around mobile devices is currently shifting employees are starting to use their own devices for business purposes, rather than companyowned devices. With no direct control of the endpoints, IT departments have generally had to prohibit this or risk insecure access inside the firewall. But as more mobile devices appear on the corporate network, mobile device management has become a key IT initiative. by Peter Silva Technical Marketing Manager, Security

Contents Introduction 3 Getting Down to Business 3 iphone and BIG-IP 4 The F5 BIG-IP Edge Apps 4 Conclusion 9 References 10 2

Introduction Mobile devices have become computers in their own right, with a huge array of applications, significant processing capacity, and the ability to handle high bandwidth connections. They are the primary communications device for many, for both personal and business purposes. Many IT executives are planning to make internal business applications available to employees from their smartphones or mobile devices. This goes beyond email and includes CRM applications, ERP systems, and even proprietary in-house applications. Because personal mobile devices are so prevalent, many organizations are moving from corporate ownership of devices to allowing employees to use their own devices for business purposes. Some companies view this as a cost-saving measure, but identifying these personal devices as legitimate endpoints is still a challenge, especially when it comes to security and compliance. In addition to smartphones, tablet devices like the Apple ipad and a whole new array of computing devices are requesting access to corporate resources. The 2007 launch of the iphone changed the way people perceive and use mobile devices. The iphone isn t just for the tech-savvy parents, celebrities, retailers, and everyone in between love to use the iphone for personal purposes and for work. The first iphone was missing a few important features that would have made it a business-capable device. But as new generations hit the market and ios matured, the iphone became a viable business device. ios 4 is compatible with Microsoft Exchange ActiveSync accounts and Exchange Server, so users can configure multiple email accounts for secure access on their iphones. Business apps like Documents To Go enable iphone users to not only view Microsoft Word and Excel documents, but to create and edit them as well. Companies like Salesforce, SAP, and Oracle have released general business apps and business intelligence and HR apps. Mobile Worforce Increasing According to IDC, the worldwide mobile worker population is set to increase from 919.4 million in 2008, accounting for 29% of the worldwide workforce, to 1.19 billion in 2013, accounting for 34.9% of the workforce 1. Getting Down to Business IT infrastructure and helpdesk staff have been inundated with requests to support both managed and unmanaged Apple ipads and iphones in the corporate environment. With no direct control of the endpoints, IT has had to turn these requests away to avoid risking insecure access inside the firewall. Mobile devices, personal or not, have always presented a challenge to IT. Provisioning a mobile device and determining which applications and services are allowed/enabled can be daunting. Despite impressive computing power, a mobile device is not a traditional 1 http://www.idc.com/research/viewdocsynopsis.jsp?containerid=221309&sectionid=null&elementid=null&pagetype=synopsis 3

laptop or desktop and functionality can differ greatly. Even capabilities among the various mobile devices differ based on make, model, and OS. Many IT organizations have solved some of their security and compliance issues and now allow personal home computers to access business resources; providing access to personal mobile devices is the next piece of the puzzle. Technologies like SSL VPN have made it easier for organizations to inspect the host, know its security posture, and allow a certain level of access based on those checks. With mobile platforms, it can be hard to determine if the latest patches are up to date, if it is free of malware, if it is free of otherwise unauthorized programs, and if it abides by the corporate access policy. Different security policies may apply to mobile computing devices than to traditional devices. Can the corporation disable the personal device if it is compromised and contains sensitive information? If VPN access is allowed, IT must ensure the authentication and authorization mechanisms are configured properly. There may also be issues with usage tracking, license compliance, and session persistence as users roam among various mobile networks. Many companies also use portals, proxies, and IDS/IPS to control access. Even GPS data could pose a risk to an organization, especially for government and military deployments. Increased network traffic also needs to be monitored. As more employee-owned mobile devices appear on the corporate network, IT departments must make mobile device management a key initiative. iphone and BIG-IP Business users are increasingly looking to take advantage of Apple ios devices in the corporate environment, and accordingly, IT organizations are looking for ways to allow access without compromising security or losing endpoint control. Many IT departments that have been slow to accept the iphone are now looking for a remote access solution to balance the need for mobile access and user productivity with the ability to keep corporate resources secure. The F5 BIG-IP Edge Apps F5 has created two apps for the iphone and ipad: F5 BIG-IP Edge Portal and BIG-IP Edge Client. 4

The BIG-IP Edge Portal The BIG-IP Edge Portal app for ios devices streamlines secure mobile access to corporate web applications that reside behind BIG-IP Access Policy Manager (APM), BIG-IP Edge Gateway, and FirePass SSL VPN solution. With the BIG-IP Edge Portal app, users can access internal web pages and web applications securely. BIG-IP Edge Portal, in combination with customers existing BIG-IP Edge Gateway and BIG-IP APM or FirePass SSL VPN solutions, provides portal access to internal web applications such as intranet sites, wikis, and Microsoft SharePoint. This portal access provides a launchpad that IT administrators can use to allow mobile access to specific web resources, but without risking full network access connections from unmanaged, unknown devices. iphone users can sync their email, calendar, and contacts directly to the corporate Microsoft Exchange Server via FirePass and the ActiveSync protocol. This solution also enables corporate IT to grant secure iphone and ipad access to web-based resources. IT administrators can also create and manage layer 7 access control lists (ACLs) to limit access to certain resources. For instance, administrators can specifically create white lists or blacklists of sites that users can access. Administrators can even specify a particular path within a web application like /contractors or /partners. Based on the device check and the authenticated user group, that device would only be able to navigate to those assigned resource paths. Even if a contractor happens to guess the partner path, if he or she tries to navigate to it, access is denied. Administrators can also configure BIG-IP Edge Gateway to provide and push policies to the client, such as allowing a user to save credentials on the device. If the system is configured to require a client certificate, users can add it from a web location or through itunes. Users can add bookmarks to save sites they want to connect to again and specify a keyword to open a page. For example, users can specify the keyword intra to go to the company s intranet page. If users specify a keyword when they bookmark a site, they can later launch that bookmark by typing the keyword in the BIG-IP Edge Portal address bar. The BIG-IP Edge Portal app allows users to access internal web applications securely and offers the following features: User name/password authentication Client certificate support Saving credentials and sessions 5

SSO capability with BIG-IP APM for various corporate web applications Saving local bookmarks and favorites Accessing bookmarks with keywords Embedded web viewer Display of all file types supported by native Mobile Safari The F5 BIG-IP Edge Client Assuming an iphone is a trusted device and/or network access from an iphone/ipad is allowed, then the BIG-IP Edge Client app offers all the BIG-IP Edge Portal features listed above, plus the ability to create an encrypted, optimized SSL VPN tunnel to the corporate network. BIG-IP Edge Client offers a complete network access connection to corporate resources from an ios device a comprehensive VPN solution for both the iphone and ipad. With full VPN access, iphone/ipad users can run applications such as RDP, SSH, Citrix, VMware View, VoIP/SIP, and other enterprise applications. BIG-IP Edge Client and Edge Portal work in tandem with BIG-IP Edge Gateway and FirePass SSL VPN solutions to drive managed access to corporate resources and applications, and to centralize application access control for mobile users. Enabling access to corporate resources is key to user productivity, which is central to F5 s dynamic services model that delivers on-demand IT. Figure 1: BIG-IP Edge Portal on Apple iphone 6

A VPN connection can be user-initiated, either explicitly through BIG-IP Edge Client or implicitly through ios s VPN On Demand functionality. For example, administrators can configure a connection to be automatically triggered whenever a certain domain or host name pattern is matched. VPN On Demand configuration is allowed if the client certificate authentication type is used. A user name and password can be used along with the client certificate, but they are optional. No user intervention is necessary for connections initiated by VPN On Demand (for example, a connection will fail if a password is not supplied in the configuration but is needed for authentication). The BIG-IP Edge Gateway controller optimizes and accelerates client traffic between gateways and data centers. With the addition of the BIG-IP Edge Client app, that optimization is extended to the ios device, improving mobile user performance with accelerated client access. BIG-IP Edge Client, when used in tandem with BIG-IP Edge Gateway, provides secure and optimized application access to ios devices. If a user is on a high-latency mobile network and needs to download a file from the corporate infrastructure, the unique, adaptable compression algorithms ensure the file arrives quickly. Now users experience secure LAN-like performance, even when they are mobile. Like the BIG-IP Edge Portal app, BIG-IP Edge Client also adheres to the ACLs limiting access to certain resources, as well as access polices defined by the administrator like credential caching. For BIG-IP Edge Client, administrators can create both layer 7 and layer 3/4 ACLs. Even if the iphone is a trusted device and IT has allowed network access from that device, IT might still want to restrict those users to certain subnets within the infrastructure based on organization, role, or other criteria. If there are compliance requirements for corporate access and when user access and application logging is required, BIG-IP APM and BIG-IP Edge Gateway provide detailed logging and accounting, so IT can meet regulatory requirements even when applications are accessed from unmanaged devices not owned by IT. Policy and access management are created and controlled by F5 s unique Visual Policy Editor (VPE). Using the advanced VPE, administrators can easily create secure, granular access control policies on an individual or group basis. The flowchart-like GUI gives administrators point-and-click control to seamlessly add iphone and ipad devices to an existing system or to create a new macro policy exclusively for ios devices. 7

Figure 2: BIG-IP Edge Portal configuration page on Apple iphone The BIG-IP Edge Client app offers additional features such as Smart Reconnect, which enhances mobility when there are network outages, when users roaming from one network to another (like going from a mobile to Wi-Fi connection), or when a device comes out of hibernate/standby mode. Split tunneling mode is also supported, allowing users to access the Internet and internal resources simultaneously. Figure 3: BIG-IP Edge Client on Apple ipad 8

Users can easily add any of their corporate BIG-IP access controllers (BIG-IP APM, Edge Gateway) or FirePass SSL VPN as a secure gateway on their ios device. A user simply starts BIG-IP Edge Client and in the Server field, types the IP address or fully qualified domain name of a FirePass SSL VPN controller, a BIG-IP APM, or BIG-IP Edge Gateway. They can also type a name for this server in the Description field to make it easier to locate. To minimize helpdesk calls, adding user credentials is as easy as typing the user name and password, and then clicking Save and Done. Conclusion The BIG-IP Edge Portal app for ios devices provides simple, streamlined access to web applications that reside behind BIG-IP APM, without requiring full VPN access, to simplify login for users and provide a new layer of control for administrators. Using BIG-IP Edge Portal, users can access internal web pages and web applications securely, and administrators can seamlessly add iphone and ipad mobile device management to their already existing BIG-IP infrastructure. The BIG-IP Edge Client app provides not only full SSL VPN access from iphones and ipads, but also accelerated application performance when it s used with BIG-IP Edge Gateway. Administrators can maintain granular control with F5 s Visual Policy Editor, and users experience fast downloads and quick web access with the integrated optimization and acceleration technologies built into BIG-IP Edge Gateway. IT no longer has to provision and manage multiple units to ensure their corporate applications are available, fast, and secure to iphone and ipad users. 9

References iphone in Business F5 BIG-IP Edge Client Users Guide F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com F5 Networks, Inc. Corporate Headquarters info@f5.com F5 Networks Asia-Pacific apacinfo@f5.com F5 Networks Ltd. Europe/Middle-East/Africa emeainfo@f5.com F5 Networks Japan K.K. f5j-info@f5.com 2010 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG IP, FirePass, icontrol, TMOS, and VIPRION are trademarks or registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. PME10002-JORJ

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information