BIG-IP Access Policy Manager (APM) secures and differentiates access to your applications, data, network, and the cloud based on user identity and context. That means it gives you centralized control over who’s able to access your network or cloud, which applications they can access, and the devices and locations from which they can access those apps.
In short, BIG-IP APM unifies and enforces identity-based, context-aware, dynamic policy-driven application access control—regardless of the location of the user or the application.
BIG-IP APM protects your public-facing applications via Layer 4 and Layer 7 dynamic access control lists (ACLs) created based on user and group identity, as well as contextual attributes, including device type and security posture, location, and other attributes pulled from your directory. BIG-IP APM enables secure mobile and remote access to corporate resources such as Microsoft Exchange, SharePoint, and virtualized desktops and applications, wherever they may be located. It also delivers secure, identity- and context-driven SSL VPN remote access for mobile and remote workers, as well as per-app VPN access from mobile devices without requiring user intervention.
BIG-IP APM enhances security and simplicity for a variety of end-user business apps from VMware, Microsoft, and Citrix, providing a consolidated, highly scalable, secure proxy for virtualized desktops and applications that is integrated with access policies. For example, BIG-IP APM mitigates data loss by supporting per user control in policies for USB redirection and client drive mapping for VMware Horizon desktops. It supports email, calendar, and contact synchronization for Microsoft Exchange on mobile devices. BIG-IP APM also integrates seamlessly with Oracle Access Manager (OAM), providing access to apps secured with OAM, replacing the need for a WebGate agent.
BIG-IP APM federates user identity across multiple domains using numerous authentication and attribute-sharing standards and protocols, including SAML 2.0. BIG-IP APM supports connections initiated by SAML identity providers (IdPs) and service providers (SPs), extending secure single sign-on (SSO) capabilities to SaaS, cloud-based, web-based, and virtual applications; remote access (VPN) authentication and authorization; adaptive multi-factor authentication; and client-based apps and browser-less environments.
With BIG-IP APM, it’s faster and easier to provision and de-provision user access to applications and resources, no matter where they’re located.
BIG-IP APM supports up to 500,000 access sessions available on a single BIG-IP appliance or up to 2,000,000 access sessions on a VIPRION platform.
Use BIG-IP APM’s Visual Policy Editor (VPE) to intuitively create, edit, deploy, and manage granular, dynamic access control policies on an individual or group basis.
BIG-IP APM consolidates access infrastructure and management, eliminates redundant tiers, and reduces CapEx and OpEx, while giving you a centralized view of your entire authorization infrastructure.
F5's event-driven scripting language, iRules, gives you the flexibility to customize BIG-IP APM functionality, while iApps help you speed deployment and streamline operations by providing an app-centric view of application management and delivery.
Encrypted SSL VPN, DTLS, comprehensive endpoint security and posture checks, application tunnels, and optimized site-to-site encryption deliver secure app, network, and cloud connectivity and access from anywhere on virtually any device.
Taps into existing authentication, authorization, and accounting (AAA) servers to support dynamic identity- and context-aware policy creation and enforcement.
Case Study: Overlake Medical Center
APM enhances security and simplicity for end-user computing applications such as VMware Horizon View, Mirage and Workspace, Microsoft RDP, ActiveSync and Outlook Anywhere, as well as Citrix virtual desktop applications. It also supports the synchronization of email, calendar, and contacts with Microsoft Exchange on mobile devices. In addition, F5 APM integrates with Oracle Access Manager (OAM).
John Wagnon | 12/9/2015
The Security Assertion Markup Language (SAML) allows you to simplify access control and management of your applications. Once upon a time, you would need a separate username/password database for each application you hosted. Now, with the use of SAML, you can consolidate everything into one place and reduce the management and security headache of it all...
Robert Teller | 9/25/2015
Technical Challenge F5 like most large enterprises organizations require Two-Factor Authentication (TFA) for employee remote connectivity. To meet this requirement IT integrated BIG-IP Access Policy Manager with a third-party vendor that provides...
Jason Rahm | 7/27/2015
Duo Security integrates into F5 BIG-IP Access Policy Manager as a full featured two factor authentication solution and offers inline self-enrollment and an interactive, user-friendly login experience that enables the user to select from a wide...
Jason Rahm | 5/11/2015
Recently we released the F5 BIG-IP TMOS: Operations Guide and now we’re excited to introduce the first version of the F5 BIG-IP Access Policy Manager Operations Guide.
This guide covers the gamut, including:
Peter Silva | 4/23/2015
F5 Worldwide Security Evangelist, David Holmes, talks about why the internet is going SSL Everywhere. He explains why there’s been a surge in encrypted traffic and reveals some interesting statistics from his ongoing research on the SSL protocol....