securing the cloud: f5 enterprise cloud architecture

Download Securing the Cloud: F5 Enterprise Cloud Architecture

Post on 17-Jan-2015

2.692 views

Category:

Technology

1 download

Embed Size (px)

DESCRIPTION

 

TRANSCRIPT

  • 1. 1
    Securing the Cloud:F5 Enterprise Cloud Architecture
  • 2.
    • New Virtual Application Delivery Controller
    • 3. BIG-IP Local Traffic Manager Virtual Edition (VE)
    • 4. Enterprise to Cloud - AAA services, Access Control and Acceleration Services
    • 5. BIG-IP Edge Gateway for Access and Acceleration for the Cloud
    • 6. Enterprise to Cloud - Web Application Attack protection
    • 7. Application Security Manager (ASM) with Simplified CSRF protection
    Securing the Cloud BIG-IP v10.2
  • 8. Virtualization to Cloud Maturity Model
    Separate
    Consolidate
    Aggregate
    Automate
    Liberate
    Self-Managing Datacenters
    Server Consolidation
    Test and Development
    CapacityOn Demand
    Enterprise Computing Clouds On and Off Premise
    Public
    Private
    Or
    Here
    Or
    Here
    Or
    Here
    You Are Here
    Enterprise Objective: An IT Services On-Demand Platform
  • 9. F5s Dynamic Control Plane Architecture
    Users
    Dynamic
    Control
    Availability
    • Scale
    • 10. HA / DR
    • 11. Bursting
    • 12. Load-Balancing
    Optimization
    • Network
    • 13. Application
    • 14. Storage
    • 15. Offload
    Security
    • Network
    • 16. Application
    • 17. Data
    • 18. Access
    Management
    • Integration
    • 19. Visibility
    • 20. Orchestration
    Application and Data Delivery Network
    Resources
    Private
    Public
    Physical
    Virtual
    Multi-Site DCs
    Cloud
  • 21. Problem: Secured Load-Balancing and Traffic Management in the Cloud
    Users
    Limited:
    • Different models per cloud service
    • 22. No commonality with enterprise
    • 23. LB scale can vary dramatically*
    • 24. Very limited security
    • 25. Limited control content / app switching
    • 26. No transaction integrity / persistence
    • 27. Limited network / application acceleration
    • 28. No user context to apply policy
    • 29. and on and on..
    Flexibility, Context,and Control in the Enterprise
    but not in the Cloud
    Resources
    Private
    Public
    Physical
    Virtual
    Cloud
    Multi-Site DCs
    *Rightscale White Paper: Load-Balancing in the Cloud
  • 30. F5 Solution: Extend Enterprise-Class ADC to Internal / External Cloud
    Users
    Enterprise Ready Cloud:
    • Common / shared architectural model
    • 31. Predictable, High Performance LB Scale
    • 32. Rich content switching
    • 33. Full transaction integrity / persistence
    • 34. Superior security
    • 35. User and application context
    • 36. Network and application acceleration
    Flexibility, Context,and Control in the Enterprise
    .and the Cloud
    BIG-IP LTM
    Virtual Edition
    BIG-IP LTM
    Virtual Edition
    Resources
    Private
    Public
    Physical
    Virtual
    Cloud
    Multi-Site DCs
  • 37. Problem: Access Control & Acceleration Across The Maturity Cycle
    Users
    No context
    Difficult change control
    Error prone
    Costly
    Licensing / vendor management issues
    Compliance problems
    Limited control
    Lack of Simplicity, Flexibility, Context,and Control for the Enterprise
    AAA x 10
    AAA x 5
    AAA x 2
    VPN
    Web Accelerator
    WAN Optimizer
    DNS Bind Server
    Vendor A
    Vendor B
    Vendor C
    Open Source
    ?
    Resources
    AAA
    AAA
    AAA
    AAA
    AD
    AAA
    AAA
    AAA
    AAA
    CA
    AAA
    Private
    Public
    TAM
    AD
    AD
    OAM
    LDAP
    Physical
    Virtual
    Cloud
    Multi-Site DCs
  • 38. F5 Solution: Extend Next GenAccess & Acceleration to the Cloud
    Users
    Simplicity, Flexibility, Context,and Control for the Enterprise
    • Unified access & acceleration model
    • 39. Simplified change control and auditing
    • 40. Flexible access policies
    • 41. Context-aware: user, device, location, and application
    • 42. Control remains within enterprise
    Secure Optimized Session
    AAA
    BIG-IP Edge Gateway
    BIG-IP Global Traffic Manager
    User Requests
    Optimal Gateway
    VPN
    Web Accelerator
    WAN Optimizer
    DNS Bind Server
    Vendor A
    Vendor B
    Vendor C
    Open Source
    Resources
    Secure Optimized Session
    AAA x 5
    AAA x 2
    AAA x 10
    AAA
    AAA
    AAA
    AAA
    AD
    AAA
    AAA
    AAA
    AAA
    CA
    AAA
    Private
    Public
    TAM
    AD
    AD
    OAM
    LDAP
    Physical
    Virtual
    Cloud
    Multi-Site DCs
  • 43. Applications
    Clients
    F5 Solution: Seamless Access to Applications
    BIG-IP
    Edge Gateway
    New in 10.2
    • Edge Client Integration with Windows logon provides seamless VPN access
    • 44. Access Control for the Cloud