Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securely delivering Microsoft applications Paul Dignan F5 Networks.

Published byMaude Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "Securely delivering Microsoft applications Paul Dignan F5 Networks."— Presentation transcript:

1 Securely delivering Microsoft applications Paul Dignan F5 Networks

2 © F5 Networks, Inc 2 The Evolution of F5 Security Mobility/LTE Domain Name Services Hypervisor/Cloud ubiquity Multi-tenancy, all-active Identity access management Traffic management Optimization Acceleration 1 2 3

3 © F5 Networks, Inc 3 Software Defined Application Services 4 The Evolution of F5 Application Delivery Controller1 Broadened Application Services2 Cloud Ready3 © F5 Networks, Inc. 3

4 © F5 Networks, Inc 4 High-Performance Services Fabric Network [Physical Overlay SDN] Virtual Edition Chassis Appliance Data Plane Programmability Control Plane Management Plane

5 © F5 Networks, Inc 5 High-Performance Services Fabric Network [Physical Overlay SDN] Virtual Edition Chassis Appliance Data Plane Programmability Control Plane Management Plane

6 “ © F5 Networks, Inc 6 With the departure of Threat Management Gateway (TMG) how, or more importantly, what will administrators use to secure their Internet-facing Microsoft Applications?

7 F5 | Microsoft Strategic Relationship Joint investment, shared thought leadership and strategic planning Microsoft Technology Center Alliance Partner Microsoft Partner Solution Center Partner with office and lab space F5 training for Microsoft field, services, and support teams Visual Studio Industry Partner and VSIP Member “ We’re impressed with F5’s holistic view of the application…the comprehensive architecture F5 has designed will optimize application performance for Microsoft customers.” –Greg Kirchoff, Microsoft Director of ISV Group F5 International Technology Centers give customers who use Microsoft technologies access to the experts Solution development across products and technologies SSTP RDS/Terminal Services IIS/ASP.NET

8 © F5 Networks, Inc 8 Before f5 with f5 Internet Devices Load Balancing, DDoS Protection, Firewall Data Center ExchangeLyncSharePointWeb ServersExchangeLyncSharePointWeb Servers [Hardware Firewall] Internet Threat Management Gateway vs F5

9 © F5 Networks, Inc 9 Traffic Management is a core focus of F5, and the TM feature set found in BIG-IP LTM far exceeds anything else in the market today. Before f5 with f5 TMG included a basic Traffic Management feature set, which was primarily built for handling http traffic. Load Balancing: Primarily HTTP/HTTPs Monitoring: 3 Options: Simple get, ICMP, TCP port check Persistence: 2 Options: Source, Cookie SSL Engine: Offloading / Bridging / Rewrite Redirect Support F5 includes the industries widest, deepest, and most flexible Traffic Management engine. True application switching with full proxy support & the power of iRules. Load Balancing: Full Proxy, Multi Protocol Monitoring: Application aware health and availability, Synthetic client transactions Persistence: Multiple options with custom abilities SSL Engine: Full hardware based PKI support with advanced functionality TMG – Traffic Management

10 © F5 Networks, Inc 10 Customers migrating to F5 will be able to take advantage of a rich set of authentication and authorization features unique to F5. Endpoint inspection, AD interrogation, & layered auth are compelling capabilities that will be new to your customer. Management through the Visual Policy Editor will also make managing the advanced functionality even easier. Before f5 with f5 TMG offered customers a broad spectrum of authentication schemes (KCD, Basic, NTLM, Negotiate, Kerb, LDAP, Radius, AD, OTP, Client Cert, etc) with support for authentication translation. Landing Pages: Customized Cross forest: Supported Single Sign On: Limited The BIG-IP matches up well against TMGs range of supported authentication schemes and translation functionality. Landing Pages: Customized Cross forest: Supported Single Sign On: Full TMG – Client Authentication

11 © F5 Networks, Inc 11 With historically strong DOS & DDOS mitigation technology (syn cookies, connection limits, resource thresholds/watermarks, etc), recent certifications (ICSA) give credibility to F5s posture as a perimeter security device. Add to that BIG-IPs global address map & filtering capabilities, and you have firewalling with geographic awareness. Before f5 with f5 TMG is a certified (CC EAL4+) network firewall suitable for placement at the perimeter of any network. DOS prevention is supported via a set of connection (TCP, Half Open, UDP, HTTP RPS, non-TCP) limits per IP per second. Layer 3,4 Firewall Rules Supported Layer 3,4 DOS Prevention Connection Limits BIG-IP is an ICSA & CC certified network firewall suitable for placement at the perimeter of any network as well. Layer 3,4 Firewall Rules Supported Layer 3,4 DOS Prevention Advanced with DDOS prevention TMG – Network Layer (3,4) Firewall

12 © F5 Networks, Inc 12 Customers migrating to F5 will be able to take advantage of a rich set of authentication and authorization features unique to F5. Before f5 with f5 TMG included an RA/VPN engine with several access protocols. Access Protocols L2TP, PPTP, SSTP Methods Site to Site (IPSec), Remote User Quarantine Supported Authentication Username/Password, Certificate APM delivers a rich & full remote access & site to site feature set that provides clientless or client based options, endpoint inspection, quarantining. Providing client access over browser based HTTPS connections means that client management will no longer be an administrative burden. Management through APMs VPE (Virtual Policy Editor) makes management of complex security rules easy. TMG – Remote Access & VPN

13 © F5 Networks, Inc 13 F5 provides bespoke security policies for a broad range of Microsoft Applications and Services Before f5 with f5 TMG offered L7 firewalling in a set of application filters that covered several protocols Protocol filters HTTP, SMTP, …… Added Protection Virus Scanning, SPAM filtering TMGs L7 firewalling does rely on subscription services to keep maintained. F5’s ASM is designed with a focus on HTTP, SMTP, FTP, & XML security, with the flexibility to build policies specific to applications leveraging those protocols & data types. An automatic policy building engine will adapt to application updates, and visibility/analytics are presented through a web based real time dashboard. Pre-built policies ship for popular applications such as SharePoint and Exchange. TMG – Application Layer 7 Firewall

14 © F5 Networks, Inc 14 A Strategic Point of Control for Application Delivery An application delivery controller provides a strategic point of control where corporate applications can be deployed more securely and policy can be implemented consistently. BIG-IP provides a central point from which to administer access to multiple applications. Without this central management point solution, access must be configured and managed separately at each internal resource, such as Exchange and SharePoint. Single Sign-On, (SSO) across multiple on-premise and cloud-based applications. Endpoint Inspection With the BIG-IP® Access Policy Manager® (APM), administrators can manage access to corporate resources based upon the device that is trying to connect. Administrators can also ensure that the approved device adheres to corporate policies for AV status, OS versions, patch levels, and more. Reverse Proxy / Pre-Authentication “ Much like a nightclub bouncer working the door, the ADC isolates internal resources from external access, allowing only authenticated and authorized users to enter the corporate LAN and use internal resources.”

15 © F5 Networks, Inc 15 Multi-factor Authentication and Authorization Remote access solutions provide a much more secure authentication mechanism than what can be natively found on most applications. The BIG-IP with APM, (Access Policy Manager) integrates with a number of authentication mechanisms including RSA SecurID, RADIUS OTP, and client-side certificates. Using the flexibility of the BIG-IP APM Visual Policy Editor (see below) and BIG-IP iRules®, administrators can integrate with a variety of authentication providers and technologies. Figure 1: BIG-IP APM Visual Policy Editor. Ability to query Active Directory for user attributes such as AD group membership, assigned mailbox database, and device IDs. Attributes, along with deep packet inspection, can then be used to dynamically apply policy further enhancing device security. Reverse Proxy / Pre-Authentication

16 Questions?

17

Download ppt "Securely delivering Microsoft applications Paul Dignan F5 Networks."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
(c) 2003, SOHOware, Inc. Proprietary and Confidential Your OEM Partner for Intel XScale based Networking Appliances Targeting Small and Medium Business.

(c) 2003, SOHOware, Inc. Proprietary and Confidential Your OEM Partner for Intel XScale based Networking Appliances Targeting Small and Medium Business.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Citrix NetScaler as part of a TMG replacement

Citrix NetScaler as part of a TMG replacement
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.

1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
CONFIDENTIAL & PROPRIETARY 1 WAF and Identity and Access Management Integration The Next Step in the Evolution of Application Security Best Practices Jan.

CONFIDENTIAL & PROPRIETARY 1 WAF and Identity and Access Management Integration The Next Step in the Evolution of Application Security Best Practices Jan.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | Certified Ethical Hacker | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | Certified Ethical Hacker | |
Managing Client Access

Managing Client Access
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Similar presentations

Ads by Google