F5-BigIP Edge gateway introduction


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • One solution to manage all access policies regardless of access networkCapacity and performance to secure all user trafficOptimizes application delivery to remote and mobile usersImproves quality of real-time applications; soft phones and streaming media
  • BIG-IP Edge Gateway is a next generation access solution Converges “edge services”; SSL VPN, web application acceleration, and WAN optimization services into a unified platform.Think Edge Application Delivery Controller (Edge ADC)TMOS as foundation for future edge servicesProvides LAN-like application performance to remote and mobile usersMarket leading endpoint inspection, authentication, and L3 – L7 access controlsBIG-IP Edge Client enhances the end-user experience Multiple BIG-IP Edge Gateway solutions1600, 3600, 3900, 6900, and 8900Concurrent user licensing modelIndustry best performance and capacity and disruptive pricingUp to 8 Gbps of SSL VPN tunnel throughputUp to 600 log-ins per second, 36,000 per minuteUp to 40,000 concurrent users per applianceLess than half the cost of nearest competitorJust the beginning of F5’s broader Edge ADC vision
  • Access from Any network, any time, anywhere – Edge client is also smart enough to “turn off” when it isn’t needed – so when users are on the corporate LAN, Edge client automatically disconnects, letting users connect locally, and reconnects when you move to wifi or public access, SEAMLESSLY and in real time, with no prompt to the users Increases mobile productivity automatically enteringlogon credentials when using Edge Client Easier access to applications with seamless VPN access ICSA Labs certified SSL-VPN solution
  • Endpoint SecurityMore than a dozen different endpoint security checks available (Large number of agents available, e.g. Virtual Keyboard, AV and firewall checks, process, file, and registry checks, extended Windows info, client and machine certificates, etc.)Manage endpoints via Group Policy enforcement and Protected Workspace (Endpoint remediation capabilities like Protected Workspace and Full Armor-based AD Policy enforcement, in addition to Cache Cleaner, redirects to remediation pages, and message and decision boxes).
  • Endpoint inspection and remediationLocal and remote access controlScale and high performance
  • Endpoint inspection and remediationLocal and remote access controlScale and high performance
  • App Tunnels: new and improved Easily configurable Dynamic Webtop
  • Challenges: Slow connection times meant slow transfersCouldn’t connect to VPN with 64-bit OSVoIP issues caused dropped callsLack of support required costly upgrades Benefits:WAN optimization = fast connection for mobile users on 64-bit OSImproved VoIP, with fewer dropped callsActive Directory integration eliminates multiple loginsFast, easy installation
  • Forbes.com = Edge Gateway one of the best
  • QuovaGeolocation database in BIG-IPBasic flow (for this example):User hits custom GeolocationCheck agentIf a user is coming from the US, goes to login page, authenticates, and then is allowed access to OWA.If a user is coming from China, goes through an extra antivirus endpoint security check, and then is allowed access.If a user is coming from any other country, a messages box is shown and user is denied access.Unknown path indicates the user’s IP address cannot be looked up in the geolocation db (usually because coming from private address space).
  • F5-BigIP Edge gateway introduction

    1. 1. Advanced Dynamic Services for Unified Access and ControlPresenter
    2. 2. 2How the Static Data Center Falls Short• It started simple• More user types, services• Application issues• Security woes …• What’s the answer?
    3. 3. 3Dynamic Data Center• Reconfigure dynamically• Manage applications, not objects• Context-aware policies• ADC manages application services
    4. 4. 4 Mobile and Remote Users Growing DramaticallyIDC Research 2010
    5. 5. 5 One Access Solution BIG-IP Access Policy ManagerRemote Access: Web Access Management:• SSL VPN • Proxy to HTTP apps – Network Access All Access – Custom – Portal Access Use Cases – 3rd party – App Tunnels BIG-IP Access Policy Manager Application Access Control: • Proxy to Non-HTTP apps – Citrix ICA – ActiveSync – Outlook Anywhere
    6. 6. 6Dynamic Services for Unified Access ControlBIG-IP Access Policy Manager in BIG-IP Edge Gateway• Unify Remote, Web and Application Access• Fast Access, Authentication and SSO to Apps• Ensure Strong Endpoint Security• Scale to Support All Mobile and Remote Users• Powerful Custom and Built-in Reporting Manage Access Based on Identity
    7. 7. 7Secure, Accelerated Remote Accesswith BIG-IP APM in Edge Gateway Edge Gateway includes: • BIG-IP APM, WA and WOM
    8. 8. 8BIG-IP Edge Gateway Secures and Accelerates Access to Applications• Next generation remote access solution – Converges SSL VPN access security, application acceleration and availability – Optimize access for mobile users and remote offices• BIG-IP Solution for the Network Edge – Multiple Platforms: 1600, 3600, 3900, 6900, 8900, 11000 – (Licensed concurrently) – Includes BIG-IP Edge Client solution• Exponential Performance, Capacity, and Scalability – Up to 10 Gbps, 600 log-ins per second, 60,000 users
    9. 9. 9Secure and Accelerate Application Accesswith BIG-IP Edge Gateway (APM+WA+WOM) Data Center
    10. 10. 10 Secure and Accelerate Application Access with BIG-IP Edge Gateway (APM+WA+WOM)SECURE APPLICATIONS & DATA • Centralize access policy enforcement Data Center • Single Sign-On • L4 – L7 full proxy access control • Advanced endpoint security • Secured optimized tunnels • Content encryptionOPTIMIZED APPLICATIONS & DATA• Caching repetitive content in browser• Intelligent Compressing• TCP optimization • Prioritize critical traffic • Dedicated bandwidth per application • No tunneling conflicts of traditional SSL VPN
    11. 11. 11Accelerate Application Performancewith faster portal file downloads F5 tested a first-time user’s attempt: • SharePoint: 4 MB document download • SAP: 27 MB Microsoft Office file Competitor BIG-IP Edge SharePoint SSL VPN Gateway ▲ First Access 211 seconds 114 seconds 1.9× Repeat 47 seconds 16 seconds 2.9× Competitor BIG-IP Edge SAP SSL VPN Gateway ▲ Access 111 seconds 14 seconds 7.9×
    12. 12. 12Scale to Support the Most Mobile Userswith BIG-IP Edge Gateway (APM+WA+WOM)Scenario:Extreme weather results in 150% more employees than usualworking and accessing the network from homeSolution:Employees experience no delay or bottlenecks becauseBIG-IP Edge Gateway:• Provides secure remote access with up to 10 Gbps of SSL VPN throughput• Supports up to 60,000 concurrent users and 600 logins per second
    13. 13. 13Disparate connections and application restarts At Home (wireless) ? On the way to work (Aircard) ? Ongoing Logins! Constantly Re-connecting ? ? ? In the office Presenting (docked LAN connection) (corporate wireless) In the Cafe (wireless)
    14. 14. 14Increase User Productivity with Anywhere AccessAuto-Connect to VPN with Flexible Client Technology At home On the way to work (wireless) (Aircard) Auto-Connect! Always Connected Application Access In the office Presenting (docked LAN connection) (corporate wireless) In the cafe (wireless)
    15. 15. 15BIG-IP Edge Client• Flexible Deployment – Web-Delivered and Standalone Client – Mac, Windows, Linux – iPhone, iPad, iTouch• Drive Security – Endpoint inspection – Full SSL VPN – Per-user flexible Policy• Enable Mobility – Smart connection roaming – Uninterrupted application sessions• Accelerate Access – Adaptive compression – Client-side cache – Client-side QoS
    16. 16. 16Easily Design Access for iPhoneBIG-IP Edge Client Connection, Statistics and Settings
    17. 17. 17Easily Design Access for iPadBIG-IP Edge Client Connection, Statistics and Settings
    18. 18. 18Configure iOS Access to Applicationswith BIG-IP Edge Portal
    19. 19. 19Mobile Clients for Fast App. Access• Provide access based on device and identity• Make dynamic policy decisions• Authenticate users• Provide remediation for non-compliant devices
    20. 20. 20BIG-IP Edge Portal for Android App SolutionsFast App. Access for Android Devices https://market.android.com/details?id=com.f5.edge.portal
    21. 21. 21Ensure Strong Endpoint Security BIG-IP Edge Gateway Allow, deny, or remediate Invoke protected workspace users based on endpoint for unmanaged devices: attributes such as:• Antivirus software version • Restrict USB access and updates • Cache cleaner leaves no trace• Software firewall status • Ensure no malware enters• Access to specific applications corporate network
    22. 22. 22Internet Facing Applications Data Center Remote Users Directories
    23. 23. 23Enterprise and Service Provider IT Network Users Cloud Data Center Private Public Data Center Applications Directories App 1 App n
    24. 24. 24F5 Unified Access and ControlFlexible and Dynamic ADC Services • Supports users worldwide • Secure IPsec site to site tunnels • Fast apps to Edge Client users • Virtual and standalone deployments Data Center Headquarters and Remote Offices
    25. 25. 25Flexible and Dynamic Access ServicesDynamic Webtop, App. Tunnels and Remote Desktop Support
    26. 26. 26Authentication All in One and Fast SSOF5 BIG-IP Access Policy ManagerDramatically reduce infrastructure costs; increase productivity = BIG-IP v11
    27. 27. 27New Detailed ReportingQuickly Run Built-in or Design Custom Reportse.g. Who accessed app. ornetwork and when?e.g How many XP users are stillon my network?e.g. Where are users accessing from(geolocation)?Custom, Built-in andSaved reportsExported and usedon other devices
    28. 28. 28Access and ApplicationAnalytics• Stats grouped by application and user• Provides – Business Intelligence – ROI Reporting – Capacity Planning – Troubleshooting Stats Collected Views – Performance • Client IPs • Virtual Server • Client Geographic • Pool Member • User Agent • Response Codes • User Sessions • URL • Client-Side Latency • HTTP Methods • Server Latency • Throughput • Response Codes • Methods • URLs
    29. 29. 29Access Policy Design• Industry-leading advanced Visual Policy Editor (VPE) – Flexible – Easy to understand, visual representation of policy – VPE Rules (TCL-based) for advanced functions – Trigger TMM iRules events• Usability features – Macros – Visual cues to aid configuration
    30. 30. 30 Improve Manageability and Reduce CostsUsers • No context • Difficult change controlLack of simplicity, flexibility, context, and • Error-pronecontrol for the enterprise • Costly • Licensing/vendor management VPN Web Accelerator WAN Optimizer DNS Bind Server issues • Compliance problems Vendor A Vendor B Vendor C Open Source • Limited controlResources ? AAA x 5 AAA x 2 AAA AAA AAA AAA x 10 AAA AAA AD AAA AAA AAA AAA Private Public CA TAM AD AD OAM LDAP Cloud Physical Virtual Multisite data centers
    31. 31. 31 Improve Manageability and Reduce CostsUsers • Unified access and acceleration Secure Optimized SessionSimplicity, flexibility, context, Optimal Gateway User Requestsand control for the enterprise model • Simplified change control and AAA VPN Web Accelerator WAN Optimizer DNS Bind Server auditing Vendor A Vendor B • Flexible access policies Vendor C Open Source • Context-aware: user, device, BIG-IP Global Traffic Manager BIG-IP Edge Gateway location, and application • Control remains within enterprise Resources AAA x 5 AAA x 2 AAA AAA AAA AAA x 10 AAA AAA AD AAA AAA AAA AAA Private Public CA TAM AD AD OAM LDAP Cloud Physical Virtual Multisite data centers
    32. 32. 32Optimal gateways and secure optimizedsessionsChallenges:Benefits: Slow connection times meant slow transfers users on 64-bit OS• WAN optimization = fast connection for mobile Couldn’t connect to VPN with 64-bitcalls• Improved VoIP, with fewer dropped OS VoIP issues caused dropped calls• Active Directory integration eliminates multiple logins Lack of support required costly upgrades• Fast, easy installation• Implemented: Edge Gateway, LTM, GTM.“With the Edge Gateway, the connection speed was immediately noticeable.”Steve Diggory, Technology Manager, PersonalizationMall.comCase Study: http://www.f5.com/pdf/case-studies/personalization-mall-cs.pdfIndustry: Online Specialty Retail
    33. 33. 33 The Most Scalable Access Solution 8 7X JNPR SA6500 3X Juniper SA4500 7 3X Cisco 5585Number of Devices Req’d 3X Citrix MPX10500 6 6X Citrix MPX21500 6X Cisco ASA 5580 5 4 F5 Juniper SA4500 Cisco 3 2X Cisco 5520 Citrix MPX5500 Juniper 2 Citrix 1 0 F5 BIG-IP 1600 F5 BIG-IP 6900 F5 BIG-IP 8900 F5 BIG-IP 11050 Number of Concurrent Users Supported
    34. 34. 34Multiple Platform SolutionsPlatform Base Conc. Max Conc. Platform Base Conc. Max Conc.(APM on Users Users (Edge Users UsersLTM) Gateway) Virtual 250 500 - - - Edition 1600 500 1,000 1600 300 1,000 3600 500 5,000 3600 500 5,000 3900 500 10,000 3900 1,000 10,000 6900 500 25,000 6900 2,500 25,000 8900 500 40,000 8900 5,000 40,000 8950 500 40,000 - - - 11000 500 60,000 11000 10,000 60,000 11050 500 60,000 - - -
    35. 35. 35Dynamic Services for Unified Access ControlBIG-IP Access Policy Manager in BIG-IP Edge Gateway• Unify Remote, Web and Application Access• Fast Access, Authentication and SSO to Apps• Ensure Strong Endpoint Security• Scale to Support All Mobile and Remote Users• Powerful Custom and Built-in Reporting Manage Access Based on Identity
    36. 36. 37Multiple-Domain Single Sign-On• Single Sign-On to multiple LTM/APM or Edge Gateway virtual servers front ending multiple separate domains or multiple hosts within same domains• Configure different cookie settings and SSO methods for different domains or different hosts in the same domain Ex. Multiple domains with different SSO methods
    37. 37. 38Dynamic Webtop for End-User• Customizable and localizable list of resources• Adjusts to mobile devices• Toolbar, help, and disconnect buttons
    38. 38. 39Endpoint Inspection – Machine Information• CPU Info {ID, Name, Clock} • BIOS {Dell, Serial #,• HDD {Model, Serial#} Manufacturer}• Motherboard {Model, Serial#} • NICs {Name, MAC}
    39. 39. 40Application Tunnels• Layered with Symmetric Adaptive Compression services
    40. 40. 41Microsoft RDP Remote Desktop Microsoft RDP Remote Desktop
    41. 41. 42Symmetric Adaptive Compression to EdgeClient• iSession-style optimization of Network Access tunnels• Layer with DTLS – DTLS for fast response of real-time applications – Optimization reduces bandwidth
    42. 42. 43Edge Client v1.0.1• Secure web gateway proxy support• Pre-logon checks• Auto application launch
    43. 43. 44Secure Web Gateway Integration• Allows admin to force all web access through a secure gateway• Bypasses secure gateway for internal resources• All traffic is forced through the tunnel• Why? Enforce web browsing policies on corporate iPads e.g.
    44. 44. 45Secure iPad Web Surfing with Edge Client Internet Gateway BIG-IP Edge Full SSL- Gateway VPN with APM Tunnel Internal Resource
    45. 45. 46Pre-logon checks for iOS Devices• Four new session variables: – session.client.mac_address – session.client.model – session.client.platform_version – session.client.unique_id• These session variables are gathered automatically and are available with Solstice and Edge Client 1.0.1• They can easily be combined with an LDAP/AD Query to implement white-listing in a custom action.• Why? Discriminate IT approved issued devices. Improved access context.
    46. 46. 47Checking the iOS Unique ID• Custom action “Device ID Check” in this access policy checks a UUID…
    47. 47. 48App auto-launch• After Edge Client connects, initiate and auto-launch a 2nd application on the device.• Uses a URL form for the App Path – http://handleopenurl.com/ – http://wiki.akosma.com/IPhone_URL_Schemes• Issues pre-launch warning
    48. 48. 49App Auto-launch Skype configured to auto-launch…
    49. 49. 50BIG-IP Edge Client for BIG-IP v10.2.1 iMac Edge Client (Leopard/Snow Leopard)
    50. 50. 51 Authentication Proxy Integration – VPN Customer Architecture with Oracle Access Manager (OAM) and BIG-IP Edge ® Gateway Mobile DMZ Data Center Employees and Contractors OAM Web Web App Proxies + OAM (opt) BIG-IP® Edge Gateway / OAM BIG-IP® LTM App 1 … +ASM (opt) App n + WA (opt)• Mobile employees accessing corporate applications using VPN• OAM auth. services are performed by Edge Gateway in the DMZ OAM Policy Server, Reporting,• OAM auth. services may be performed by BIG-IP® Edge Gateway and Auditing in the DMZ or at the web server with “last mile” security• Eliminate a directory service for remote access users
    51. 51. 52Security Risk: Mobile User Authentication Sync DMZ Data Center Auth. Gateway ADC MS Exchange• Access to Exchange without VPN to sync MS email, calendar, contacts• Security risk• Extra infrastructure tier in DMZ
    52. 52. 53Secure Environment: AuthenticatingActiveSync Devices DMZ Data Center Auth. Gateway BIG-IP® LTM + APM MS Exchange• Reduce authentication infrastructure and sync with Exchange• One location for name space URL• Scale and support growing mobile user base• Secure environment
    53. 53. 54 Traditional Remote Access UnifiedVPN with SSL Access on F5 BIG-IPs Cloud Dynamic Control with BIG-IP Access Policy Manager Private Public Local and Internet Mobile Users BIG-IP LTM SaaS Partners with APM Consumer Apps• Accelerated BIG-IP Edge Gateway Hosted Virtual with APM, WA, and WOM Desktops remote access Applications• Application access SSL VPN App 1 App n management Directories• Most powerful, scalable and simplified access solutions
    54. 54. 55BIG-IP Edge Gateway willPower New Managed ServicesAccess Requirements• Easy / cost effective access scaling• Advanced, secure VPN with fast deployment• Custom look and feel per customer• Virtualized solution to maximize investment• Enable secure collaboration between 3rd partiesBIG-IP Edge Gateway Delivered• Superior scalability @ Lowest cost• Acceleration technology with LAN speed performance• Improved manageability and security with unified access• Customized domains for personalized experience• Virtual routing services with lower opex
    55. 55. 56 CSC - Why They Chose BIG-IP Edge Gateway• Acceleration – “First of all, the acceleration capabilities that came with it. It’s not just remote access that it’s providing but also will provide a better user experience in the process leveraging the BIG-IP acceleration technology that’s already been there, so it’s a proven and well-known capability.”• Secure and Granular Access Control – “Another factor that was key was the highly granular access control capabilities, so that allows us to provide the differing levels of access for different types of user and different types of devices that I was talking about, with third parties, with personal devices, which makes it flexible for future needs as well.”• Virtualization of Access Services – “One of the key things we were looking at in the evaluation as a managed service provider was the ability to provide full virtualization for multiple customer environments (via BIG-IP Virtual Servers concept), and obviously high scalability, so that’s all a direction we’re heading in with the cloud computing model.”• Converged Services Platform – “We can deliver multiple services on it, not just remote access, so it provides a point of leverage for us as well.”
    56. 56. 57Repeatable Access to Applications Clients Applications BIG-IP Edge Gateway • Increases mobile productivity automatically entering Windows logon credentials when using Edge Client • Easier access to applications with seamless VPN access • ICSA Labs certified SSL-VPN solution
    57. 57. 58 VoIP: Slow Applications Affect Productivity Packet loss with TCP/SSL = high latency. Network squeezes VoIP 100% 80% Max Bandwidth 60% 40% Network Traffic 20% VoIP Traffic 0% Low Traffic App. App. Spike Delivered growth App. User experiencing Traditional SSL VPN:choppy communication Apps./VoIP sent simultaneously What did he say? • Ensuring positive end-user application experience a complex problem • Slow applications can be caused by a number of things: – Packet loss due to chatty or jittery protocols – High latency LANs – Poorly designed apps.
    58. 58. 59 VoIP: Improved User Communications BIG-IP Edge Gateway manages app. performance 100% 80% Max Bandwidth 60% Network Traffic 40% 20% VoIP Traffic 0% Low Traffic App. App. Spike Delivered growth App.User: clear phone call Hear you loud and clear... Edge Gateway improves application and VoIP performance • Tight connection and prioritized traffic with dedicated app. bandwidth – Client-side QoS for Windows machines: VoIP traffic first and apps. traffic second • Applications and upper layer protocols react to lost packet(s) – Secures each packet
    59. 59. 60Security Problem: Geolocation Access Risk• Need to block access from countries or regions• Help with business intelligence of where users are accessing from• Looking for capacity planning and ability to audit the location• Access policy based on location UK Data Center
    60. 60. 61Enforcing Access RestrictionsSimple, accurate, centralized enforcement UK Data Center BIG-IP Edge Gateway App Servers BIG-IP Edge Gateway with IP Geolocation Database Solution Centralized Location Control • Decreased risk – access is controlled at perimeter • Reduced capital and operational expenses through centralized control • Reduced application development time • Simplified network configuration
    61. 61. 62 Only ADC with Geolocation Access Rules• VPE – Geolocation Rules• iRules not required• Custom session variables• Custom notification messages• Logging Client locations• Reporting
    62. 62. 63BIG-IP APM/Edge Gateway V11 FeaturesAdvanced Dynamic Services for Unified Access Control• IPsec optimized site-to-site • EndPoint Inspection: Protected Workspace, Machine Info Inspector tunnels• Dynamic Webtop: with Application Tunnels • Powerful reporting/analytics:• Access: External Dynamic ACLs, Flash Custom & built-in reports, Access and Application Analytics for remote access solution patching, Oracle Access Manager 11g• Hosted VDI: Microsoft Remote • Scale for Global enterprise: Desktops, Expanded Citrix VDI support (Proxy and 11000 Series: ^60k users, w/1.2 TB of storage Portal mode)• SSO enhancements: SSO across multiple domains, Kerberos auth. (CAC cards, etc)
    63. 63. 64Edge Gateway v10.2 Security Features • Edge Gateway – Integration with Oracle Access Manager – ICSA Certified – SSL -VPN – Geolocation Agent in VPE – MS ActiveSync Support • Edge Client – Reuse of Windows logon credentials
    64. 64. 65 Edge Gateway v10.1 Features• Secure accel. remote access • Manageability / Usability – Remote Access, Application Acceleration – QoS on Windows machines (client side) and Network Optimization – D-TLS (Datagram-Based TLS) Network – Global VPN and Unified Access to Access Transport for secure packets Datacenter – Customizeable user interface – Dynamic per-session layer 4 - 7 (HTTP) – Policy import/export ACLs – Reporting and stats – SSO/Credential Caching – Set-up deployment wizards – TCP Optimization – Dashboard executive summary – Symmetric adaptive compression – Asymmetric and symmetric application acceleration • Interoperability and Integration – Data de-duplication – Edge Gateway and GTM interoperability – MAPS and CIFS acceleration – Edge Gateway events in iRules – Splunk for F5 logging and reporting• Dynamic User Access – Web-based and standalone BIG-IP Edge • Virtualization Architecture Client – Multiple virtual Edge Gateways – Mobility: Domain detection and smart – Targeted at Service Providers and large connection enterprises – Acceleration: Dynamic data compression – Separate access policy grouping for each virtual Edge Gateway• Thorough Device Inspection – Can have separate security administrators – Master administrator control – Endpoint Inspection checks – Protected Workspace with encryption and Virtual File System – Group policy integration – Virtual Keyboard
    65. 65. 66Edge Gateway – v10.1 Features• Application Acceleration – TCP optimization for client to gateway and gateway to gateway connections – Symmetric Adaptive Compression for client to gateway and gateway to gateway connections – HTTP/HTTPS asymmetric acceleration for client to gateway connections – HTTP/HTTPS symmetric acceleration for gateway to gateway connections – Data de-duplication services for gateway to gateway connections – MAPI and CIFS acceleration for gateway to gateway connections• D-TLS (Datagram-Based TLS) Network Access Transport
    66. 66. 67Edge Gateway – v10.1 Features• Portal Access Security – OWA 2003, OWA 2007, SharePoint 2003, SharePoint 2007, MS Communicator 2007 – Oracle Portal 3.0 (10g Release 2, version 10.1.2) – PeopleSoft Portal 9, PeopleSoft Portal HR 9 – SAP Netweaver, – Notes 7, Notes 8• Authentication and Authorization Services – RADIUS, LDAP, and AD support – SSO/Credential Caching: HTTP Basic, HTTP NTLMv1/v2, Cookie, Form, and HTTP Header – Dynamic per-session layer 4 - 7 (HTTP) ACLs – Native RSA SecurID – RADIUS accounting – Authentication server redundancy
    67. 67. 68Edge Gateway – v10.1 Features• Virtualization Architecture – Multiple virtual Edge Gateways – Targeted at Service Providers (managed service offering) and large enterprises (segmented based on business units/groups) – Separate access policy grouping for each virtual Edge Gateway – Can have separate security administrators – Master administrator control
    68. 68. 69Edge Gateway – v10.1 Features• BIG-IP Edge Client – Web delivered and standalone – New look and feel – Mobility: Roaming and smart connection – QoS on Windows machines (client side) – Acceleration: Adaptive compression – SDK for integration• Endpoint Security – Windows and Macintosh checks – Protected Workspace (Parity with FP 6.1) with encryption and Virtual File System – Group policy integration – Virtual Keyboard
    69. 69. 70 High Cost to Scale Remote Access DMZ Traditional SSL VPN (clustered 3 max) 4,000 Remote Users Internet $751K for Datacenter 26k users Resouces 1,000 Wireless Users Internal LAN VLAN 1 Utilize existing user directory15,000 Corporate Users Internal LAN VLAN 2 • Cost prohibitive scaling for remote access • Three-unit cluster supports 26k users at $29 per user • Asymmetric acceleration not available for remote6,000 Corporate Branch access Users • Limited QoS • User and application disruption when roaming
    70. 70. 71 BIG-IP Edge Gateway: High Performance, Low Cost DMZ BIG-IP Edge Gateway 4,000 Remote Users Internet Datacenter Resouces 1,000 Wireless Users $188K for Internal LAN VLAN 1 26k users 25% of cost Utilize existing user directory15,000 Corporate Users Internal LAN • Consolidation: 3:1 on Access and Acceleration VLAN 2 • High performance – 26,000 users at $7+ per user • Scale up to 40,000 users • Flexible and centralized security policy management6,000 Corporate Branch • Integrated endpoint security checking Users • Integrated application acceleration – up to 10x