F5 NETWORKS, INC Secure Your Applications, Simplify Authentication, and Optimize Critical System Jaye Garza; Federal MAM, Army Jereme De Leo; Federal FSE, Army March 13, 2013
Agenda Introductions Company Snapshot Strategic Point of Control Optimizing, Securing, and Scaling Microsoft SharePoint Simplifying VDI Deployment Mobility and BYOD Cloud Services Enablement 2
F5 Company Snapshot Leading provider of Application Delivery Networking products that optimize the security, performance & availability of network applications, servers and storage systems 4Q11 Gartner Advanced Platform DC Market Share Citrix 20.7% Radware 9.6% A10 6.7% FY11 Revenue: $1.3B (+31% y/y) Others 8.1% F5 NETWORKS 54.9% Gartner, Inc. Market Share: Application Acceleration Equipment, Worldwide, 4Q11 & CY11, Joe Skorupa, Nhat Pham, March 2012 3
Organizations Worldwide Trust F5 F5 Customer Highlights 15 of the top 15 executive branch departments of the US federal government 2 41 of the Fortune 50 companies 1 15 of the top 15 US banks 1 6 of the top 6 US airlines 1 10 of the top 10 US insurance companies 1 9 of the top 10 US online video brands 4 4 of the top 5 US Internet search providers 5 17 of 20 cloud and Web hosting companies 7 Sources: 1. Fortune 2010 2. USA.gov Web site listing 3. Q310 Ovum Market share, by revenue, global 4. Nielson NetRatings September 2010 5. Comscore November 2010 6. Big Ten Conference Web site listing 7. Gartner Magic Quadrant Cloud Infrastructure as a Service and Web Hosting (On Demand, December 2010) 4
Government Agencies Trust F5 15 of the 15 executive branch agencies, plus many other DoD, civilian and commercial organizations rely on F5. 5
Interoperability F5 s Enterprise Partner Ecosystem 6
DoD Deployments and Government Certifications Deployments Certifications FIPS 140-2 Common Criteria EAL2/EAL4 DISA STIG 3 Year ATO at DISA DIACAP/DITSCAP MAC II level certification In Process: TIC Lab/JITC APL/JITC PKE 7
Strategic Point of Control 8
The Advent of the ADC A long time ago and then and now with F5! And then there were Load Balancers Application proliferation, complexity, mobility, security F5 brings the highest security, matched by a high-scale and highperformance architecture 9
An Intelligent Services Platform Community driven Customizable Ecosystem Intelligent Integrated Context aware Scale 10 10
Strategic Point of Control Users Application and Data Delivery Network Availability Scale HA / DR Bursting Load-Balancing Optimization Network Application Storage Offload Security Network Application Data Access Management Integration Visibility Orchestration Resources APP APP APP APP OS OS OS OS APP APP APP APP Private OS OS OS OS Public Physical Virtual Multi-Site DCs Cloud 11
F5 Application Delivery Network Data Center Users Enterprise Manager Applications & Storage BIG-IP Local Traffic Manager BIG-IP Global Traffic Manager BIG-IP Link Controller BIG-IP Web- Accelerator BIG-IP WAN Optimization Module BIG-IP Application Security Manager BIG-IP Access Policy Manager BIG-IP Advanced Firewall Manager BIG-IP Virtual Edition ARX File Virtualization irules icontrol TMOS 12
Optimizing, Securing, and Scaling Microsoft SharePoint And other mission critical applications 13
Typical SharePoint Deployment Primary Data Center SharePoint Server Fast Search Server SQL Database Active Directory SharePoint Server Fast Search Server SQL Database Active Directory Intranet 14
Typical SharePoint Deployment Primary Data Center User interacts with SP SP to SQL SP to Fast Search Dynamic page SharePoint Server Fast Search Server SQL Database Active Directory Intranet 15
Typical SharePoint Deployment Scalability concerns - Internal / external users - 1000 user limit Primary Data Center High availability - Even if less than 1000 - SP and FSS not HA Performance issues - Multiple calls per request - CPU cycles for SSL/Auth SharePoint Server Intranet Fast Search Server SQL Database Active Directory 16
F5 SharePoint Deployment Primary Data Center Highly Available - Load balancing - SP and FSS - Scalable BIG-IP Local Traffic Manager Optimized - WAN/LAN TCP profiles - Content spooling - OneConnect - Compress/Cache 6900 Secure - SSL offload - ICSA Firewall - FIPS 140-2 Ease of Deployment - iapps SharePoint Server Intranet Fast Search Server SQL Database Active Directory 17
F5 SharePoint Deployment Dynamic Cache/Compress Primary Data Center HTTP Optimization Intelligent Browser Ref Image / PDF Optimization BIG-IP BIG-IP Local Traffic WebAccelerator Manager 6900 Content Reordering SharePoint Server Intranet Fast Search Server SQL Database Active Directory 18
F5 SharePoint Deployment User Attacker Primary Data Center OWASP Top 10 SQL Injection Attacks DDoS Protection Layer 4-7 Protection BIG-IP BIG-IP Application Local Traffic WebAccelerator Manager Security Manager 6900 Data Leakage Protection SharePoint Server Intranet Fast Search Server SQL Database Active Directory 19
Web applications are at risk: Most websites were exposed to at least one serious vulnerability every day of 2010. Only 16% of websites were vulnerable less than 30 days of the year overall. On the average, 50% of organizations require 116 days or less to remediate their serious vulnerabilities. - WhiteHat Website Security Stats Report During 2010, the average website had 230 serious* vulnerabilities. 64 percent of developers are not confident in their ability to write secure applications. - Microsoft Developer Research 20
Most detected activity has targeted unclassified networks connected to the Internet, but foreign cyberactors are also targeting classified networks. Importantly, much of the nation's critical proprietary data are on sensitive but unclassified networks. James Clapper Director of National Intelligence http://news.cnet.com/8301-1009_3-57573902-83/intelligence-chief-offers-dire-warning-on-cyberattacks/ 21
Cyber-attacks in the News for 2011 IBM X-Force 2011 Trend and Risk Report March 2012 22
F5 SharePoint Deployment CAC enablement Primary Data Center Authentication at edge Granular access control Endpoint inspection Cross-domain auth BIG-IP BIG-IP Application BIG-IP Local Traffic WebAccelerator Manager Security Access Manager Policy Manager 6900 OCSP / CRL SharePoint Server Intranet Fast Search Server SQL Database Active Directory 23
F5 SharePoint Deployment Secondary Data Center BIG-IP Global Traffic Manager Primary Data Center Global user redirection COOP / DR DNNSEC BIG-IP BIG-IP BIG-IP Application BIG-IP Global Traffic Manager Local Traffic WebAccelerator Manager Security Access Manager Policy Manager 6900 OCSP / CRL SharePoint Server Intranet Fast Search Server SQL Database Active Directory 24
Simplifying VDI Deployment 25
Point Solutions Are Complex Citrix VDI Infrastructure Authentication must be managed in multiple locations Authentication integration requires manual scripting Requires separate ticketing server and special configuration Authentication Management Citrix Receiver ICA/HDX Internal Users Citrix Web Interface Sites XML Authentication Management Mobile Users STA Directory Ticketing Servers Citrix XML Brokers 26
Consolidate and Simplify Simplified Access for Citrix VDI Eliminate Web Interface sites and STA for all clients Gain single policy and configuration setup, SSO for all clients Remove troubleshooting complexity Reduce CapEx and OpEx Citrix Receiver Internal Users Authentication Management Citrix XML Brokers CapEx and OpEx BIG-IP Local Traffic Manager + Application Policy Manager XML ICA/HDX Mobile Users Directory 27
Consolidate and Simplify Simplified Access for VMware View Eliminate View Security Server for all but zero clients. Offload of security server functions. Gain single policy and configuration setup, SSO for all clients Remove troubleshooting complexity Native proxy for PCoIP & RDP connections Reduce CapEx and OpEx ICSA Network Firewall & SSL/TLS Certified vsphere DMZ Clients View Security Servers View Connection Servers VMware View Server Replace Firewall, Security Servers and Traffic Management Device with a single BIG-IP device BIG-IP 28
F5 Unified Access Solution Reduces Complexity Application access management SSL VPN remote access Present OWA, VMware View next to Citrix Apps in Portal Mode Vendor-agnostic solution provides the flexibility to adapt to changing demands 29
Improve VM Density Offload Typical virtualized server Same server with BIG-IP SSL Caching Compression One Connect TCP Optimization 30
Automate Detection Automation vcenter icontrol BIG-IP Local Traffic Manager Web Clients Web Clients Front End Virtualization VM Provision F5 Provision Monitoring and Management icontrol BIG-IP Local Traffic Manager App Server Virtualization Detection Storage Virtualization Automation F5 Deprovision Clients 31
Mobility and BYOD 32
A Problem of Context ENTERPRISE HEADQUARTERS MOBILE USER Global access ENTERPRISE DATA CENTER Partner Vendor access BYOD: Multiple devices PARTNERS, SUPPLIERS INTERNET DATA CENTER Application diversity The cloud CLOUD Remote access DATA CENTER/ PRIVATE CLOUD HACKER CUSTOMER 33 ENTERPRISE REMOTE OFFICE Customer access 33
A Problem of Context ENTERPRISE HEADQUARTERS MOBILE Who? USER ENTERPRISE DATA CENTER What? PARTNERS, SUPPLIERS Where? When? CLOUD INTERNET DATA CENTER How? Lack of context results in limited visibility DATA CENTER/ PRIVATE CLOUD HACKER ENTERPRISE REMOTE OFFICE CUSTOMER 34 34
Big access trends How do you provide device freedom and access to applications while maintaining corporate security and data integrity? BYOD: 95% of information workers report that they use at least one self-purchased device for work. MOBILE BUSINESS: 50% of business devices are expected to be smartphones by 2014. vs. BYE-BYE PCs For the first time, smartphones and tablets out-shipped PCs in the 4th quarter of 2010. 35
The Defense Department says it has a solid plan to use the current generation of commercially-available mobile devices on military networks. http://www.federalnewsradio.com/index.php?nid=851&sid=3235070 36
Mobile device support Endpoint security Strong authentication Secure, accelerated remote access Edge Client Employees want to use personal devices make it easy and secure do so. Employee s ipad is actively scanned to ensure compliance with policies and remediates if necessary. Two-Factor Authentication ensures managed devices get full access to corp. resources. Employees get secure, fast access to resources regardless of where they are. 37
Mobile App Manager BYOD 2.0 Securely extends the enterprise to personal mobile devices Create a virtual enterprise workspace on mobile devices Add your own applications to the secure workspace Jailbreak detection Remote lock and wipe of secure workspace or device Secure browser Enterprise App Store 38
Cloud Services Enablement 39
The F5 Powered Cloud 40
The F5 Powered Cloud Users (local or remote) access web resources. Local or cloud determination based on capacity, performance, location (and other user-specified parameters). Administrative domains isolate configuration. Selected data center/cloud answers the request 41
The F5 Secured Cloud 42
The F5 Secured Cloud Contextual, secure access to cloud-based applications. Centralize application security. Network-side scripting offers immediate method of addressing security vulnerabilities. Administrative domains isolate configuration. Fine-grained control over access to cloud. 43
Summary Provide fast, optimized and secure applications that are highly available, globally Control access to enterprise applications for internal and remote users CAC enable applications Enable mobile device access securely Simplify deployment of applications and enterprise services 44
Resources 45
Learn More Free F5 BIG-IP LTM Essentials Training http://university.f5.com F5 Strategic Solutions http://www.f5.com/it-management/solutions/ DevCentral http://devcentral.f5.com 46
Contact Jereme De Leo Federal FSE, Army jereme@f5.com Jaye Garza Federal MAM, Army j.garza@f5.com 47
devcentral.f5.com facebook.com/f5networksinc linkedin.com/companies/f5-networks twitter.com/f5networks youtube.com/f5networksinc 48