BIG-IP Access Policy Manager (APM) secures and differentiates access to your applications, data, network, and the cloud based on user identity and context. That means it gives you centralized control over who’s able to access your network or cloud, which applications they can access, and the devices and locations they can access those apps from.
In short, BIG-IP APM unifies and enforces identity-based, context-aware, and policy-driven application access control—regardless of the location of the user or the application.
BIG-IP APM protects your public-facing applications via Layer 4 and Layer 7 dynamic access control lists (ACLs) created based on user and group identity, as well as contextual attributes, including device type and security posture, location, and other attributes pulled from your directory. Together with BIG-IP Edge Client, BIG-IP APM enables secure mobile and remote access to corporate resources such as Microsoft Exchange, SharePoint, and VDI, wherever they may be located.
BIG-IP APM enhances security and simplicity for a variety of end-user business apps from VMware, Microsoft, and Citrix. It also supports email, calendar, and contact synchronization for Microsoft Exchange on mobile devices. And, BIG-IP APM integrates seamlessly with Oracle Access Manager (OAM).
BIG-IP APM federates user identity across multiple domains using numerous authentication and attribute-sharing standards and protocols, including SAML 2.0.
BIG-IP APM supports connections initiated by SAML identity providers (IdPs) and service providers (SPs), extending secure single sign-on (SSO) capabilities to SaaS, cloud-based, web-based, and virtual applications; remote access (VPN) authentication and authorization; and client-based apps and browser-less environments.
With BIG-IP APM, it’s faster and easier to provision and de-provision user access to resources, no matter where they’re located.
BIG-IP APM supports up to 500,000 access sessions available on a single BIG-IP appliance or up to 2,000,000 access sessions on a VIPRION platform.
Use BIG-IP APM’s Visual Policy Editor (VPE) to intuitively create, edit, deploy, and manage granular, dynamic access control policies on an individual or group basis.
BIG-IP APM consolidates access infrastructure and management, eliminates redundant tiers, and reduces CapEx and OpEx, while giving you a centralized view of your entire authorization infrastructure.
F5's event-driven scripting language, iRules, gives you the flexibility to customize BIG-IP APM functionality, while iApps help you speed deployment and streamline operations by providing an app-centric view of application management and delivery.
Encrypted SSL VPN, DTLS, comprehensive endpoint security and posture checks, application tunnels, and optimized site-to-site encryption deliver secure app, network, and cloud connectivity and access from anywhere on virtually any device.
Taps into existing authentication, authorization, and accounting (AAA) servers to support dynamic identity- and context-aware policy creation and enforcement.
Case Study: Overlake Medical Center
APM enhances security and simplicity for end-user computing applications such as VMware Horizon View, Mirage and Workspace, Microsoft RDP, ActiveSync and Outlook Anywhere, as well as Citrix virtual desktop applications. It also supports the synchronization of email, calendar, and contacts with Microsoft Exchange on mobile devices. In addition, F5 APM integrates with Oracle Access Manager (OAM).
Seth Cooper | 8/13/2014
Every administrator that has designed and configured a policy on the Access Policy Manager (APM) module knows that a lot of time and effort goes into making sure your users will be able to get the access they need. A problem that I have run...
Seth Cooper | 4/23/2013
Outlook Web Access is the web interface to the Microsoft Exchange environment, and many customers have secured the portal behind their BIG-IP APM architecture. In looking at the OWA logon page, however, you'll notice that there are a couple...
Peter Silva | 1/29/2013
Organizations are deploying distributed, hybrid architectures that can span multiple security domains. At any moment, a user could be accessing the corporate data center, the organization’s cloud infrastructure, or even a third party, #SaaS web...
Greg Coward | 2/24/2012
Just like the early settlers who migrated en masse across the country by wagon train along the Oregon Trail, enterprises are migrating up into the cloud. Well okay, maybe not exactly like the early settlers. But, although there may not be a mass...
Lori MacVittie | 2/3/2012
I get by with a little help from my friends… While cloud and virtualization primarily focus on improving the provisioning process, there is a lot more to managing a data center and its critical components than just deployment. There’s upgrades...