Archive for saas

Lightboard Lessons: BIG-IP in Hybrid Environments

Posted in security, f5, big-ip, ssl vpn, cloud, silva, application delivery, lightboard, devcentral, remote access, saml, aws, azure, saas by psilva on October 12th, 2016

A hybrid infrastructure allows organizations to distribute their applications when it makes sense and provide global fault tolerance to the system overall. Depending on how an organization’s disaster recovery infrastructure is designed, this can be an active site, a hot-standby, some leased hosting space, a cloud provider or some other contained compute location. As soon as that server, application, or even location starts to have trouble, organizations can seamlessly maneuver around the issue and continue to deliver their applications.

Driven by applications and workloads, a hybrid environment is a technology strategy to integrate the mix of on premise and off-premise data compute resources. In this Lightboard Lesson, I explain how BIG-IP can help facilitate hybrid infrastructures.

ps

Related:

 

Watch Now:



Your Applications Deserve iApps

Posted in f5, big-ip, cloud, saml, federation, saas, office 365 by psilva on June 21st, 2016

enterprise-cloud-secureappsanywhere.png

F5iApps are user-customizable frameworks for deploying applications that enablesyou to ‘templatize’ sets of functionality on your F5 gear. You can automate theprocess of adding virtual servers or build a custom iApp to manage your iRulesinventory.

Applicationready templates were introduced in BIG-IP v10 and the goal was to provide awizard for the often deployed applications like Exchange, SharePoint, Citrix,Oracle, VMware and so forth. This allowed the abstraction some of theconfiguration details and reduced the human error when following the pages ofthe thick deployment guides for those applications. Application templates weregreat but there was no way to customize the template either during thedeployment or adjust it after.

Then came iApps®.

Introducedin TMOS v11, iApps is the current BIG-IP system framework for deployingservices-based, template-driven configurations on BIG-IP systems. iApps bundlesall of the configuration options for a particular application together.

Roughly athird of F5 customers use iApps and they are especially popular for morecomplex configurations, like Microsoft Exchange, for example, which requires upto 1200 mouse clicks to configure manually and only 50 mouse clicks toconfigure with the iApp. iApps are also often used to roll out similarconfigurations to multiple BIG-IP's. Some customers run hundreds of iApps, somerun none--the choice is yours.

Hereis one example of iApp customization and its evolution. When we released SAMLsupport in v11.3, many customers wanted to use BIG-IP APM as a SAML IdentityProvider (IdP) for Office365 but there are a few steps to configure that inBIG-IP. Configure Active Directory, then SAML, then the access policy and soforth. One of our very smart Security Architects, Michael Koyfman, wanted tomake that task simple, repeatable and accurate.

o365-logo.jpg

He decidedto write an O365 iApp and posted it to DevCentral where there was immediateinterest from the community. From that, Product Development engineers rewroteit to follow their libraries and best practices and then moved to the supportedstatus.  You can now use this F5supported iApp template to configure the BIG-IP system as a SAML IdP toMicrosoft Office 365 applications, such as Exchange and SharePoint. Thistemplate configures the BIG-IP APM system as an IdP for Office 365 to performsingle sign-on (SSO) between the local Active Directory user accounts andOffice 365-based resources such as Microsoft Outlook Web App and MicrosoftSharePoint.

But we didn’tstop there.

Since it isthe same framework and easily extensible to add more services to an iApp, theytook it a step further. With the O365 iApp as the basis, the team then built a SaaS FederationiApp which allows you to configure BIG-IP APM as SAML IdP to 11 commonlyused SaaS applications including Salesforce, Concur, WebEx, O365 and others.Now, with a single iApp, you can federate your employees to many SaaSapplications easily, efficiently and securely. This iApp also went through abeta period on DevCentral and was recently released as a F5 supported iApp.

ui_saas_iapp.png 

UI configurations for the SaaS iApp

 

saas_iapp_after.png 

Summary of configurations for the SaaSiApp

So if youneed quick and easy way to deploy your applications, look no further than F5iApps. You can use the F5 built iApps, you can customize F5 built iApps or youcan build your own iApps. Your applications, infrastructure and business willthank you.

ps




Would You Put Corporate Applications in the Cloud?

Posted in security, f5, big-ip, cloud, cloud computing, silva, application delivery, AAA, federation, access, saas by psilva on February 23rd, 2016

apmicon.png

There once was a time when organizations wouldn’t consider deploying critical applications in the cloud. It was too much of a business risk from both an access and an attack perspective—and for good reason, since 28 percent of enterprises have experienced more security breaches in the public cloud than with on-premises applications. This is changing, however. Over the last few years, cloud computing has emerged as a serious option for delivering enterprise applications quickly, efficiently, and securely. Today almost 70 percent of organizations are using some cloud technology. And that approach continues to grow. According to the latest Cisco Global Cloud Index report, global data center IP traffic will nearly triple over the next five years. Overall, data center IP traffic will grow at a compound annual growth rate of 25 percent from 2012 to 2017.

This growth is to support our on-demand, always connected lifestyle, where content and information must be accessible/available anytime, anywhere, and on any screen. Mobility is the new normal, and the cloud is the platform to deliver this content. No wonder enterprises are scrambling to add cloud components to their existing infrastructure to provide agility, flexibility, and secure access to support the overall business strategy. Applications that used to take months to launch now take minutes, and organizations can take advantage of innovations quickly. But most IT organizations want the cloud benefits without the risks. They want the economics and speed of the cloud without worrying about the security and integration challenges.

Use of the corporate network itself has become insecure, even with firewalls in place. Gone are the days of “trusted” and “untrusted,” as the internal network is now dangerous. It'll only get worse once all those IoT wearables hit the office. Even connecting to the corporate network via VPN can be risky due to the network challenges. Today, almost anything can pose a potential security risk, and unauthorized access is a top data security concern.

Going against the current trend, some organizations are now placing critical applications in the cloud and facing the challenge of providing secure user access. This authentication is typically handled by the application itself, so user credentials are often stored and managed in the cloud by the provider. Organizations, however, need to keep close control over user credentials, and for global organizations, the number of identity systems can be in the thousands, scattered across geographies, markets, brands, or acquisitions. It becomes a significant challenge for IT to properly authenticate the person (whether located inside or outside the corporate network) to a highly available identity provider (such as Active Directory) and then direct them to the proper resources. The goal is to allow access to corporate data from anywhere with the right device and credentials. Speed and productivity are key.

Authentication, authorization, and encryption help provide the fine-grained access, regardless of the user’s location and network. Employee access is treated the same whether the user is at a corporate office, at home, or connected to an open, unsecured Wi-Fi network at a bookstore. This eliminates the traditional VPN connection to the corporate network and also encrypts all connections to corporate information, even from the internal network.

In this scenario, an organization can deploy the BIG-IP platform, especially virtual editions, in both the primary and cloud data centers. BIG-IP intelligently manages all traffic across the servers. One pair of BIG-IP devices sits in front of the servers in the core network; another pair sits in front of the directory servers in the perimeter network. By managing traffic to and from both the primary and directory servers, the F5 devices ensure the availability and security of cloud resources—for both internal and external (federated) employees. In addition, directory services can stay put as the BIG-IP will simply query those to determine appropriate access.

While there are some skeptics, organizations like GE and Google are already transitioning their corporate applications to cloud deployments and more are following. As Jamie Miller, President & CEO at GE Transportation, says, 'Start Small, Start Now.'

ps

Related:

Technorati Tags: cloud,big-ip,authentication,saas,f5
Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



Oracle OpenWorld 2014: Identity & Access Management in the Cloud (feat Deang)

Posted in f5, cloud, silva, video, lightboard, saml, saas, obsolete by psilva on October 1st, 2014

Rubyanne Deang, F5 Global Field Systems Engineer, shares some insight on many identity and access challenges organizations face when deploying applications in the cloud. Multiple directories, orphaned accounts and business risk all make the list. Not to leave you hanging however, she also guides on how organizations can solve this dilemma with BIG-IP.

Watch Now:



RSA 2014: Layering Federated Identity with SWG (feat Koyfman)

Posted in security, f5, big-ip, cloud computing, silva, video, application delivery, authentication, AAA, saml, access, saas by psilva on February 27th, 2014

While protecting employees from rogue sites and productivity hogs is critical, the employee’s ability to access SaaS applications is also critical for productivity. Sr. Global Security Solutions Architect Michael Koyfman shows how to layer SAML federated identity to Secure Web Gateway.

ps

Related

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]