tl;dr - BIG-IP APM provides granular access controls to discreet applications and networks supporting 2FA and federated identity management.

Providing application access is a complicated process.  You have distributed users, insecure clients, and unknown devices all vying for connectivity to your trusted applications. What's an admin to do in order to protect investments and still provide easy access anywhere? F5's BIG-IP Access Policy Manager (APM) provides multiple services to protect and manage access to your applications.  APM is available on hardware, in the cloud, or as a virtual appliance and provides access control wherever your applications live.  APM offers:

  • Identity Federation and SSO - Creates a single point of policy-based access for cloud and on premise/private applications with MFA support.
  • Client and Web-based SSL VPN Access - Policy-based access to network VPN service through web-plugins or clients on mobile and desktop operating systems.
  • Web Portal Access to Applications - Open web applications to users instead of opening up your network.  Great for contractors and remote workers who don't need full VPN tunnels.
  • Desktop Application and VDI Support - Policy-based access to virtualized applications through a single, consolidated gateway along with native VDI support and a customizable, web portal.
  • Access Policy Deployment and Management Solutions - Using the visual policy editor, administrators create highly customizable security polices allowing granular control over application and network access.
  • Secure Web Gateway Proxy Services - Provides web-based malware protection and URL filtering through Secure Web Gateway Services.

Policy Access Made Easy (or complex if you want)

I said policy-based a lot, didn't I?  Well, I repeat myself because it's an important part of access management.  You want the right users accessing the right apps... right? The Visual Policy Editor allows administrators granular control over who has what access to individual applications, instead of full network access.  Below is an example of a basic SAML access policy using Active Directory to not only initiate allowed authentication but the queries AD to determine if the user is allowed to access to selected SaaS resources assigned to this policy.F5 BIG-IP APM Visual Policy Editor Example

BIG-IP APM also integrates with other F5 solutions to aid in application and user security.

  • BIG-IP Application Security Manager (ASM) - Include web application firewall functionality allowing your application security visibility into who's using it (and if they should be).
  • Software Web Gateway (SWG) - Combined with APM, you can create access controlled URL categorization.  Combining APM with SWG allows for greater transparency and control to your users browsing and application access.
  • BIG-IQ - Centralize your policy management, distribution, and access monitoring into one location.  BIG-IQ becomes your window into your vast BIG-IP APM network.

BIG-IP APM offers a lot of flexibility for user access and security control but don't just take my word for it.  This article provides you a very general overview of what APM is and what is can do for you.  Follow the below links to see real scenarios of APM in use and learn more about why access control and security is a good thing. And as always if you have questions or comments drop us a line!

On DevCentral:
On F5.com: