Securing the Cloud: F5 Enterprise Cloud Architecture


Published on

Published in: Technology
  • Be the first to comment

Securing the Cloud: F5 Enterprise Cloud Architecture

  1. 1. 1<br />Securing the Cloud:F5 Enterprise Cloud Architecture<br />
  2. 2. <ul><li>New Virtual Application Delivery Controller
  3. 3. BIG-IP Local Traffic Manager Virtual Edition (VE)
  4. 4. Enterprise to Cloud - AAA services, Access Control and Acceleration Services
  5. 5. BIG-IP Edge Gateway for Access and Acceleration for the Cloud
  6. 6. Enterprise to Cloud - Web Application Attack protection
  7. 7. Application Security Manager (ASM) with Simplified CSRF protection</li></ul>Securing the Cloud – BIG-IP v10.2<br />
  8. 8. Virtualization to Cloud Maturity Model<br />Separate<br />Consolidate<br />Aggregate<br />Automate<br />Liberate<br />Self-Managing Datacenters<br />Server Consolidation<br />Test and Development<br />CapacityOn Demand<br />Enterprise Computing Clouds On and Off Premise<br />Public<br />Private<br />Or<br />Here<br />Or<br />Here<br />Or<br />Here<br />You Are Here<br />Enterprise Objective: An IT Services On-Demand Platform<br />
  9. 9. F5’s Dynamic Control Plane Architecture<br />Users<br />Dynamic<br />Control<br />Availability<br /><ul><li>Scale
  10. 10. HA / DR
  11. 11. Bursting
  12. 12. Load-Balancing</li></ul>Optimization<br /><ul><li>Network
  13. 13. Application
  14. 14. Storage
  15. 15. Offload</li></ul>Security<br /><ul><li>Network
  16. 16. Application
  17. 17. Data
  18. 18. Access</li></ul>Management<br /><ul><li> Integration
  19. 19. Visibility
  20. 20. Orchestration</li></ul>Application and Data Delivery Network<br />Resources<br />Private<br />Public<br />Physical<br />Virtual<br />Multi-Site DCs<br />Cloud<br />
  21. 21. Problem: Secured Load-Balancing and Traffic Management in the Cloud <br />Users<br />Limited:<br /><ul><li> Different models per cloud service
  22. 22. No commonality with enterprise
  23. 23. LB scale can vary dramatically*
  24. 24. Very limited security
  25. 25. Limited control content / app switching
  26. 26. No transaction integrity / persistence
  27. 27. Limited network / application acceleration
  28. 28. No user context to apply policy
  29. 29. and on and on…..</li></ul>Flexibility, Context,and Control in the Enterprise<br />…but not in the Cloud<br />Resources<br />Private<br />Public<br />Physical<br />Virtual<br />Cloud<br />Multi-Site DCs<br />*Rightscale White Paper: Load-Balancing in the Cloud<br />
  30. 30. F5 Solution: Extend Enterprise-Class ADC to Internal / External Cloud<br />Users<br />Enterprise Ready Cloud:<br /><ul><li> Common / shared architectural model
  31. 31. Predictable, High Performance LB Scale
  32. 32. Rich content switching
  33. 33. Full transaction integrity / persistence
  34. 34. Superior security
  35. 35. User and application context
  36. 36. Network and application acceleration</li></ul>Flexibility, Context,and Control in the Enterprise<br />….and the Cloud<br />BIG-IP LTM <br />Virtual Edition<br />BIG-IP LTM <br />Virtual Edition<br />Resources<br />Private<br />Public<br />Physical<br />Virtual<br />Cloud<br />Multi-Site DCs<br />
  37. 37. Problem: Access Control & Acceleration Across The Maturity Cycle<br />Users<br />No context<br />Difficult change control<br />Error prone<br />Costly<br />Licensing / vendor management issues<br />Compliance problems<br />Limited control<br />Lack of Simplicity, Flexibility, Context,and Control for the Enterprise<br />AAA x 10<br />AAA x 5<br />AAA x 2<br />VPN<br />Web Accelerator<br />WAN Optimizer<br />DNS Bind Server<br />Vendor A<br />Vendor B<br />Vendor C<br />Open Source<br />?<br />Resources<br />AAA<br />AAA<br />AAA<br />AAA<br />AD<br />AAA<br />AAA<br />AAA<br />AAA<br />CA<br />AAA<br />Private<br />Public<br />TAM<br />AD<br />AD<br />OAM<br />LDAP<br />Physical<br />Virtual<br />Cloud<br />Multi-Site DCs<br />
  38. 38. F5 Solution: Extend Next GenAccess & Acceleration to the Cloud<br />Users<br />Simplicity, Flexibility, Context,and Control for the Enterprise<br /><ul><li>Unified access & acceleration model
  39. 39. Simplified change control and auditing
  40. 40. Flexible access policies
  41. 41. Context-aware: user, device, location, and application
  42. 42. Control remains within enterprise</li></ul>Secure Optimized Session<br />AAA<br />BIG-IP Edge Gateway<br />BIG-IP Global Traffic Manager<br />User Requests<br />Optimal Gateway<br />VPN<br />Web Accelerator<br />WAN Optimizer<br />DNS Bind Server<br />Vendor A<br />Vendor B<br />Vendor C<br />Open Source<br />Resources<br />Secure Optimized Session<br />AAA x 5<br />AAA x 2<br />AAA x 10<br />AAA<br />AAA<br />AAA<br />AAA<br />AD<br />AAA<br />AAA<br />AAA<br />AAA<br />CA<br />AAA<br />Private<br />Public<br />TAM<br />AD<br />AD<br />OAM<br />LDAP<br />Physical<br />Virtual<br />Cloud<br />Multi-Site DCs<br />
  43. 43. Applications<br />Clients<br />F5 Solution: Seamless Access to Applications<br />BIG-IP<br />Edge Gateway<br />New in 10.2 <br /><ul><li> Edge Client Integration with Windows logon provides seamless VPN access
  44. 44. Access Control for the Cloud</li></li></ul><li>F5 Solution: Application Security Manager<br />Users<br />w/Security Policy<br />Application Firewall<br />Content Scrubbing and Application Cloaking<br />Policy Enforcement<br />User Requests<br />Resources<br />Private<br />Public<br />Physical<br />Virtual<br />Multi-Site DCs<br />Security Enforcement inbound (Request) as well as outbound (Response) <br />traffic protecting the application from attacks including OWASP top 10<br />Cloud<br />
  45. 45. F5 Solution: BIG-IP Application Security Manager (ASM) with CSRF Attack Protection<br />With v10.2 protection is easy to configure from the UI<br />