BIG-IP® ACCESS POLICY MANAGER™
Simplify and scale access control for web applications
Organizations are moving more services and applications to the web to improve delivery of valuable consumer services and increase worker productivity. Yet ensuring security in the face of increasing web access requirements adds complexity to IT infrastructures and makes it difficult and expensive to scale.
BIG-IP Access Policy Manager (APM) is a flexible, high-performance access and security solution. BIG-IP APM drives identity into your network to provide secure, context-aware user access to web applications while simplifying authentication, authorization, and accounting (AAA) management.
BIG-IP APM provides a simplified, central point of control based on access policies, giving you granular control of users' web access. An optional endpoint security service validates devices with policy to protect your organization from virus or malware infections, accidental data loss, and rogue device access. The advanced Visual Policy Editor makes it easy to create individual and group access policies for many different identities, geolocation, and web authentication environments.
Simplified Infrastructure and Reduced Costs
Many solutions use application coding, web server agents, or specialized proxies or servers to manage web access. With AAA control directly on the BIG-IP system, you can apply repeatable access policies across many applications and servers while gaining centralized visibility of your authorization infrastructure. BIG-IP APM enables you to consolidate infrastructure, eliminate redundant tiers, simplify management, and reduce capital and operating expenses by up to 10x. BIG-IP APM also integrates with Oracle Access Manager, so you can manage policy-based access services for Oracle applications from one location.
Dynamic Access Control
With BIG-IP APM, you gain valuable insight into who is on the network and which applications they are using, and maintain complete, policy-based control of their navigation. BIG-IP APM secures connections with SSL (HTTPS) encryption and provides access authentication using ACLs and AAA server support.
BIG-IP APM provides dynamic access control by creating L4 and L7 access control lists (ACLs) based on user identity, IP address, and attributes such as group membership pulled from the directory. The results of endpoint inspection checks also contribute to access profiles.
High Performance, Scalability, and Layered Interoperability
BIG-IP APM offers multi-gigabit per second SSL encryption throughput with HTTP(s) and supports hundreds of logins per second. For organizations looking to scale, a single high-end appliance with the BIG-IP APM module can support tens of thousands of concurrent users.
With the efficient, multi-solution BIG-IP platform, you can add BIG-IP® Application Security Manager™ (ASM) to create a hardened application delivery network solution that layers web access management with application protection. For an additional performance boost, you can add BIG-IP® WebAccelerator™ for even faster application performance.
BIG-IP® APPLICATION SECURITY MANAGER™
Get the fastest, most comprehensive, and scalable web application firewall
Some of the most serious security threats come from attacks that target vulnerabilities in enterprise applications. Security regulations, including PCI DSS, require organizations to use application firewalls to protect against these attacks. Automated scanners and bot programs web scrape site data for replication, diluting brand equity. Yet conventional firewalls and intrusion-detection/prevention systems don’t detect all of these threats, which are often difficult and costly to mitigate.
BIG-IP Application Security Manager (ASM) delivers comprehensive protection for web applications while maintaining low total cost of ownership. BIG-IP ASM can help your organization quickly pass a security audit without requiring changes to the application code. PCI compliance reports provide an executive summary of requirements and recommendations for bringing your application environment into compliance. BIG-IP ASM employs unique technology that detects if your domains are being web scraped of valuable information and shields your sites from copy and reuse.
BIG-IP Application Security Manager is the fastest application delivery security product on the market and includes an integrated XML firewall. It combines application optimization and acceleration technologies such as fast cache, compression, SSL offload, TCP optimization, and other performance advantages of F5’s TMOS architecture. This offloads the servers, improves the user experience, and consolidates the footprint in the datacenter for easier management. BIG-IP ASM can also secure FTP and SMTP traffic and provide authentication.
Easy Implementation and Maintenance
With BIG-IP Application Security Manager, application delivery security is easy to implement and manage. It includes specific, built-in validated application security policies for common applications as well as an automatic policy-building engine that can quickly adapt to application updates. BIG-IP ASM helps you rapidly and virtually patch web application vulnerabilities without involving your application development team. This helps you maintain compliance with government and industry regulations such as PCI and HIPAA. To keep you up to speed on the latest web threats as they grow in number and complexity, BIG-IP ASM includes an attack expert system that provides on-the-spot knowledge of violations and attacks.
Certified and Award-winning Application Delivery Security
BIG-IP Application Security Manager has been rigorously tested and has received ICSA Web Application Firewall Certification. BIG-IP ASM has been deployed in more than 80 of the Fortune 1000 companies and recently received SC Magazine's 2010 Reader Trust Award for Best Web Application Security solution.
BIG-IP Application Security Manager is available as a standalone appliance and as a product module on the BIG-IP system.
BIG-IP® GLOBAL TRAFFIC MANAGER™
Get the most out of secondary data centers
What's the use of having multiple data centers if there's not an intelligent way to route the user to the best site? While DNS can point a user to a data center, BIG-IP Global Traffic Manager (GTM) can automatically direct users to the closest or best-performing data center. You can realize the full potential of multiple data centers by using BIG-IP GTM to provide seamless disaster recovery and routing based on quality of service or business criteria.
When users try to access a data center that is overloaded or unreachable, BIG-IP Global Traffic Manager automatically and seamlessly directs them to a secondary data center. The user isn't even aware of the switch: they could be accessing a data center at corporate headquarters, in another city, or on another continent. This capability makes BIG-IP GTM especially important for enterprises that need to maintain operations in the event of a natural disaster, power failure, or any other large-scale service disruption.
SOA Application Management
Distributed applications may rely on several Web servers, application servers, and databases that work in parallel. BIG-IP Global Traffic Manager automates the process of tracking and managing the dependencies between individual application services, helping to achieve high availability, persistence, and maintenance for these applications. It eliminates the guesswork, errors, and inefficiencies related to manual management, so you have a holistic framework to manage all application services across multiple sites.
Global Business Criteria Management
Global enterprises often have data centers spread throughout the world. So why send a user in Hong Kong to the Dallas data center when there's one in Singapore? BIG-IP Global Traffic Manager uses topology-based load balancing to inspect a user's IP and determine the most efficient data center. The topology could be based on continent, country, ISP, or custom IP subnet level.
BIG-IP Global Traffic Manager is available as a standalone version, and also as a product module for BIG-IP.
BIG-IP® LINK CONTROLLER™
Prevent Internet Service Disruptions
Enterprises rely on their Internet connections. Connection problems, however, can occur anywhere at anytime. Something as simple as a backhoe cutting into a buried cable could take a service provider offline.
That's why most enterprises maintain multiple Internet connections. BIG-IP Link Controller (LC) intelligently controls the flow of traffic across those connections, preventing problems and making sure the fastest available connection is always in use.
Reliable Network Connectivity
BIG-IP Link Controller detects errors across an entire link to provide end-to-end, reliable WAN connectivity. It monitors the health and availability of each connection, detecting outages to a link or ISP. In the event of a failure, traffic is dynamically directed across other available links so users and external customers stay connected.
Maximize Bandwidth and ROI
The BIG-IP Link Controller's optional compression module enables you to intelligently compress traffic, reduce WAN link bandwidth for lower ISP costs, and cut down on bandwidth bottlenecks for faster application delivery. Regardless of the link type or provider, BIG-IP LC can aggregate smaller, less expensive lines to lower your bandwidth redundancy costs, while minimizing the amount of money spent on dark fiber or unused standby lines.
Scale up easily while improving the user experience
Application delivery delays, inefficiencies, and failures can cost millions of dollars in terms of wasted budgets, damage to company reputation, system and application downtime, legal liability, and lost opportunities.
BIG-IP Local Traffic Manager (LTM) is an application delivery networking system that provides intelligent load balancing and traffic management as well as advanced application security, acceleration, and optimization.
With BIG-IP LTM, you get a full set of unified application infrastructure services that give you total control, vision, and flexibility. With services consolidated in one easy to manage device, BIG-IP LTM can help you simplify system management, scale without disruption, and significantly reduce infrastructure and operational costs.
You can choose from a range of devices to meet your specific performance and capacity needs. BIG-IP LTM is also available in a Virtual Edition for added flexibility in virtual environments.
It's not just about stopping attacks -- it's also about simultaneously serving legitimate users. BIG-IP Local Traffic Manager delivers the best of both worlds, providing a suite of security services that can help you significantly bolster network and application security. From adding powerful network and protocol-level security to filtering application attacks, BIG-IP LTM is deployed at a critical gateway to your most precious resources -- the applications that run your business.
By reducing traffic volumes and minimizing the effect of client connection bottlenecks as well as WAN, LAN, and Internet latency, BIG-IP Local Traffic Manager provides a powerful solution for improving application performance and increasing the capacity of your existing infrastructure.
BIG-IP Local Traffic Manager removes single points of failure and virtualizes the network and applications using industry-leading L7 intelligence. BIG-IP LTM includes rich static and dynamic load balancing methods, including Dynamic Ratio, Least Connections, and Observed Load Balancing. Since BIG-IP LTM tracks dynamic performance levels of servers in a group, it ensures all sites are always on, and more scalable and easier to manage than ever before.
Speed up your Web applications
Organizations rely on dynamic Web applications like Microsoft SharePoint, Oracle Portal, Microsoft Outlook Web Access, and Siebel CRM. But while users working near the corporate office's data center have virtually instant access, mobile and remote users get long delays -- or even worse, they find that an application doesn't work at all.
BIG-IP WebAccelerator is an advanced Web application delivery solution that provides a series of intelligent technologies that overcome performance issues involving browsers, Web application platforms, and WAN latency. By decreasing page download times, WebAccelerator offloads servers, decreases bandwidth usage, and ensures the productivity of application end users.
Application Acceleration for Remote Offices and Mobile Users
BIG-IP WebAccelerator solves WAN content delivery issues by locating content closer to users, which speeds up their first and repeat visits to portal, CRM, eLearning, and e-commerce sites. This significantly increases the speed and reduces the cost of using enterprise Web applications in remote office and mobile deployments. WebAccelerator is ideal for extremely scalable Dynamic Content Caching, lowering costs through server and data center consolidation.
WebAccelerator Intelligent Browser Referencing (IBR) features can often deliver a tenfold increase in interactive user performance when using portal, CRM, or collaboration applications (such as SharePoint, Oracle Portal, OWA, Siebel, Hyperion, PeopleSoft, Plumtree, SAP, and custom and homegrown Web applications).
Symmetric Acceleration for Super Fast Performance
By deploying BIG-IP WebAccelerator in a symmetric configuration, Web application performance can increase 40x over unaccelerated applications. WebAccelerator is the only product on the market that can be deployed in both asymmetric and symmetric configurations simultaneously, giving organizations the freedom to choose the most appropriate configuration for their environment. Whether users are in a remote office, at home, or at a coffeeshop, they are guaranteed to have the fastest possible access to Web content and the best possible user experience.
Accelerating Content via SSL
BIG-IP WebAccelerator is the first to provide robust acceleration for Web content via SSL. It comes with hardware offload, FIPS and client certificate support, and other advanced SSL features on a security-hardened and certified system. This advanced capability and scalability accelerates secure Web applications 2x to 10x (first time and repeat visits) without worries about potential internal DOS attacks on the WAN optimization solution.
Enterprise Content Delivery Networks (eCDN)
Enterprises want to distribute content closer to their users, but using commercial CDNs can present a variety of problems. Content creators lose control of their material, regulatory compliance cannot be achieved, costs are high and variable, and remote office users cannot benefit from each other's downloads.
BIG-IP WebAccelerator can be deployed symmetrically in conjunction with other F5 solutions to create an eCDN that gives enterprise Web sites high availability, DOS protection, and the fastest user experience. This solution also helps ensure regulatory compliance for confidential company information.
Content Delivery Network (CDN) Expense Reduction
Many enterprises use commercial CDNs with erratic results and unpredictable costs. BIG-IP WebAccelerator allows organizations to control and lower these costs, by reducing redundant and repeat downloads of content -- even dynamic content. WebAccelerator allows enterprises to augment their own content delivery architecture, while still being able to fall back on a CDN overlay network when needed.
BIG-IP® WAN OPTIMIZATION MODULE™
Accelerate data replication and applications between data centers
Application and replication performance on the WAN is affected by a large number of factors that can’t be solved by adding bandwidth alone. These issues include: the natural behavior of application protocols and backup/replication software that were not designed or optimized for WAN conditions; application protocols that engage in excessive handshaking; and the serialization of the applications themselves.
BIG-IP WAN Optimization Module (WOM) saves you time and money by speeding data transfers over the WAN and enabling traffic between data centers to be optimized, encrypted, and highly available.
BIG-IP WOM accelerates file transfers, email, client-server applications, data replication, and more-resulting in reliable, fast performance for all users accessing applications across the WAN.
Accelerated Replication Performance
With F5 WAN optimization services, you can replicate and backup critical data across the WAN up to 95x faster than without optimization. TCP optimizations and protocol acceleration enable companies to mitigate the effects of latency due to distance between data centers and the excessive handshaking or “chattiness” of some protocols like CIFS and MAPI. In addition, F5 traffic control capabilities allocate bandwidth to the applications and data that you decide are higher priority.
Improved Bandwidth Efficiency
One of the best ways to improve throughput and utilize your existing bandwidth more efficiently is to reduce the amount of data that is sent across the WAN. BIG IP WOM includes symmetric adaptive compression, which applies the appropriate compression algorithm to dramatically reduce the amount of traffic that has to be sent. Another technique is data deduplication, which sends references of repetitive data that is identified and cached on BIG-IP WOM.
Consolidated Infrastructure and Cost Reduction
F5 BIG-IP devices eliminate the need for multiple appliances by combining WAN optimization, security, and application delivery technologies together, built on F5’s unique, highly scalable TMOS architecture. These consolidated services help you save on hardware costs, rack space, energy consumption, and management resources. By taking advantage of dedicated compression and encryption hardware, you can offload these CPU-intensive processes from your servers and avoid costly data center upgrades. BIG-IP WOM makes full use of the F5 iControl API and iRules scripting language capabilities, giving you unprecedented flexibility and control in scaling, managing, and optimizing your BIG-IP system.