Case Studies Archive Search Case Studies

PensionsFirst Delivers Secure and Scalable Web Application Access with F5 BIG-IP Solutions

PensionsFirst Analytics offers advanced analytical and advisory services to the defined benefit (DB) pensions industry. The company’s PFaroe application brings a revolutionary level of precision and speed to the measurement and management of defined benefits pensions’ risk, providing fast, accurate, and up-to-date information. As PensionsFirst moved the application to a web-based platform, the company turned to F5 solutions to ensure the performance and reliability of its online services. In the process, the IT team discovered that F5 could also help improve the security authentication process. With F5 BIG-IP solutions, PensionsFirst has ensured superior security for application and customer data, and the company has positioned its IT infrastructure to efficiently scale and add services to meet future business growth goals.

Business Challenges


To better meet the needs of the company’s rapidly growing customer base, the IT team at PensionsFirst made a strategic decision to move from a traditional client-server architecture to a web-based application.  Their most immediate need was to find a load balancing solution to ensure high performance and reliability for users accessing the web application, which processes an extremely large volume of financial data.

At the same time, the team was also exploring new methods of handling the two-factor authentication they had in place to provide secure access to the application. While the SSL VPN appliance they were using was solid and reliable, it was not scalable. “It met our needs, but it wasn’t something we could upgrade,” said Dean Newman, Director of Information Technology at PensionsFirst. “We would have reached a cap and then had to re-design the environment.”

With this view to scaling with anticipated growth, the team also wanted to minimize the complexity of the environment and find solutions that would not increase the overall management burden.

“We’ve built an iron fence around our web application with BIG‑IP APM. It not only secures the application; it helps us manage the traffic and the user experience.” Dean Newman, Director of Information Technology, PensionsFirst



On the recommendation of its technology partner Dell, PensionsFirst initially looked at F5 BIG-IP Local Traffic Manager (LTM) to load balance the web application traffic As discussions with Dell and F5 progressed, it became clear that the F5 BIG-IP Access Policy Manager (APM) product was an excellent fit to provide a more scalable and manageable means to support the company’s security authentication needs.  PensionsFirst purchased BIG-IP LTM with the BIG-IP APM module.

BIG-IP LTM manages web application traffic to ensure that the PFaroe application always delivers the fast, secure, and reliable online experience pension managers need to access their critical risk management information.  Users access the application through a log-in portal that secures customer data by requiring two-factor authentication, which BIG-IP APM supports as a result of its ability to integrate with a wide range of user directory and authentication servers and services.

With authentication, authorization, and accounting control on the BIG-IP system, PensionsFirst is able to separate access security from the processing environment and manage it at the network level.

“We’ve built an iron fence around our web application with BIG-IP APM,” Newman said. “It not only secures the application; it helps us manage the traffic and the user experience.”

PensionsFirst also takes advantage of F5’s iRules custom scripting language to modify traffic to further protect its application through resource cloaking. By selectively filtering and blocking server headers and codes that could reveal information about PensionsFirst’s infrastructure, iRules prevents malicious users from being able to find vulnerabilities.



By implementing the BIG-IP solution with the BIG-IP APM module, PensionsFirst is providing its customers with the top-level security and performance they demand, and has positioned its IT infrastructure to meet rapid growth efficiently and cost-effectively.

Tier 1 security and compliance

The F5 solution has helped PensionsFirst deliver the cutting-edge service that its customers are seeking. Many of its users are in Tier 1 organizations with very stringent security and performance requirements.

“Our customers expect us to treat their data in the same way they have to, with the same level of security and compliance,” Newman explained. “In choosing F5, we knew we had selected a partner that would help us provide the most secure, reliable, and performance- based system that we could.”

Simple and efficient manageability

Newman finds that one of the most compelling features of BIG-APM is the Visual Policy Editor, an intuitive interface   for creating and managing access policies.

“We like its visual simplicity. You can see a rule and know exactly what each step does,” Newman said. “We have big aspirations as an organization, so anything that can streamline the efficiency of the IT operations team and help us scale is very valuable to us.”

Scalability and a roadmap for the future

BIG-IP APM offers multi-gigabit SSL encrypted throughput that will enable PensionsFirst to continue securing sensitive customer data through an enormous amount of growth. But scalability is about much more than just security for PensionsFirst.

Newman says the company is also planning to benefit from the ability to add modules to gain more services from the BIG-IP system as it continues to expand.

“F5 offerings have provided us with a roadmap to meet our strategic goals in terms of business growth,” Newman explains. “Our initial investment is protected because we can continue adding services on the BIG-IP system as we require them without having to reengineer our security environment.”

With the company’s second data center completed, Newman expects that BIG-IP Global Traffic Manager, which optimizes the user experience by routing traffic to the best-performing data center, will be an essential component in maintaining business continuity. And in addition to the performance-boosting BIG-IP WebAccelerator product, PensionsFirst is considering the BIG-IP WAN Optimization Module to help manage data replication and mirroring for its huge volumes of data.

“We’re going to create tens if not hundreds of terabytes of data,” Newman said. “F5 is helping us with our ultimate goal of protecting the infrastructure of the systems and the data that reside on them, 24 hours a day, seven days a week.”

Long-term ROI

While the IT team could have made the previous security solution work to meet its immediate needs with a lower budget, they chose F5 solutions in anticipation of future benefits that will continue to pay off at every stage of the company’s growth.  Newman explained, “Long-term, we expect the BIG-IP system will save us time, money, and resources in not having to redesign the environment as we grow.”