F5 Blog

 
Archive Search Articles

SSO for your Hybrid Cloud

In our recently released State of Application Delivery report, 80% of survey respondents said they employ a hybrid cloud strategy, meaning they have applications that reside in a combination of SaaS environments, on-premises, and in IaaS. Oftentimes, the question of lifting and shifting an on-prem legacy app to the cloud gets a quick answer: too expensive; can’t afford the opportunity cost. Dedicating your software developers’ already stretched time to an application that already works doesn’t usually compete with delivering new applications demanded by the business. To help frame the decision, do the math…

C = Current Annual Cost 
(server/network hardware/software maintenance and licensing, power, application maintenance)

F = Future Annual Cost 
(IaaS service/feature expenses, application maintenance)

D = Cost of Developers
(inc. QA and operations time necessary to make app cloud-ready)

L = Lifetime of the Application 
(in years)


So, if D + FL > CL, the easy answer is, "well, if it ain’t broke..." But what if that simple math provides a different answer? What if it tells you that it would be worth re-architecting that app to move to the cloud? Then you need to weigh that against the opportunity cost of committing your developers’ time to a new application or new features to an existing application that would gain efficiencies and savings for the business. Another thing to consider: is the application the last hold-out tenant in a data center that is otherwise ready to shut down? The point is, there are several things to weigh when making the decision to lift and shift an app to the cloud.

Our State of Application Delivery report also told us that 47% of companies now have a cloud-first strategy, however that doesn’t mean they are free of the constraints and considerations noted above. No matter where your applications reside, access to ALL your applications should be simple and easy for your users, while also protecting user identities. F5 and our partners offer several choices of solutions to best fit the architecture that you choose, or in many cases, the architecture that you have inherited.

Benefits of a great SSO solution include a greatly reduced chance of credential theft, improved user experience and satisfaction, fewer calls to your helpdesk, centralized access logs, and more. F5’s SSO solution can end users’ burden of multiple points of access, by supporting SAML and OAuth federation for your cloud apps, and Kerberos or header-based authentication for your on-prem apps that don’t support SAML federation. This SSO solution also comes with powerful centralized access management that is easily achieved with our Visual Policy Editor.

F5 partners including Okta, Ping Identity, Microsoft Azure AD, and VMware all offer great SSO solutions as well. F5’s BIG-IP APM augments these solutions by consuming a SAML or OAuth assertion/token from these aforementioned Identity Providers, and translates it into a Kerberos or header-based authentication to your on-prem applications. Simply put, the BIG-IP APM extends the coverage of Identity-as-a-Service (IDaaS) providers to allow your users to connect to all apps from the same user experience. And as we all know, a consistent user experience is a key component of reducing the likelihood of credential theft through phishing.

So with F5, you have flexibility. You can extend on-prem authentication into the cloud, or cloud authentication into the data center while enhancing the security of both with SSO and additional custom access policies.

Related Content:
SSO to Legacy Web Applications

The Perimeter: An Identity Crisis

Credential Theft: Easy as Shooting Phish in a Barrel