empower mobile users with secure corporate access using apm and emm

© 2016 IBM Corporation

F5 and IBM MaaS360

Dana Gauthier, Sr. Manager, Business Development, F5

Jay Kelley, Sr. Product Marketing Manager, F5

Joshua Lambert, Sr. Product Manager, IBM Security

Empower Mobile Users with Secure Corporate Access using APM and EMM

2© 2016 IBM Corporation

Housekeeping items

Duration – 60 minutesSubmit your questions to all panelists

in the Q&A box located on the right-hand side of your screen

Recording and slides will be emailed to you

© F5 Networks, Inc 3

Mobile is Strategic for Business

Mobile delivers a better user experience

Mobile changes the way people work


But Enterprise Mobility is Complex and Challenging

Mobile creates

risks for company data

Mobile mixes personal and

business

Mobile lives outside of the

perimeter

Mobile is fast-paced and multi-

platform


Poll question

Are you allowing both work and personal apps on your mobile devices?A. Yes, we fully support a Bring Your own

Device model.B. Yes, but we purchase all the mobile

devices.C. No, work apps and data only.

5


What IT and Security Pros Are Saying About Mobility

“How do I ensure all devices accessing our network are secured and encrypted?”

“How do I enable my workforce with the right apps and user experience at the right time?”

Maximize Productivity Amplify Protection

“How do I manage the rapid deployment of devices in a cost-effective way?”

“How do I tie in to all my existing systems? I need to protect my investment!”

“How do I ensure authorized access to customer data and protect against threats?”

“How do I show that we are compliant with our policies and industry regulations?”

AND

CIO CISO


Mobility is Much More Than Securing Devices

Authentication ContextIdentity Access MethodAuthorization

Mobility must also address:


Enterprise Mobility May Be Siloed

Mobile Users

App Wrapping+ App

Management+ Reporting

Full Device Termination + App Tunnel Termination+ Authentication

Data Center

Full Device Access + App Tunnel + App Container

Managed Apps

Unmanaged Apps

No data

transfer

Datatransfe

r

Salesforce.comEMM

Remote AccessMobile

Application

Email

Authentication

Store


Mobile Users

Data Center

SaaS Apps

Managed Devices

SharePoint

Email

Authentication

Store

On-premises

Cloud-based

Mobile Device Management

Load Balancer

Mobile Access Gateway




Remote

Remote Access Gateway

Remote/Mobile Users

(Branch, Home, etc.)

Enterprise Mobility Is Complex


Mobile Enterprise Challenges

Unifying Mobility

Simplifying Mobility

Scaling Mobile Access

Securing Mobility and

Access


Poll question

How are you connecting mobile devices to your Intranet resources?A. We currently use a VPN.B. We do not allow access to our Intranet

today.C. Some other corporate access service.

11


Unify, Simplify, Secure, and Dynamically Scale Mobility

Mobile Devices

Remote Devices

MaaS360 Client App

F5 Edge Client App

Devices MaaS360 Enterprise Mobility Management

Enterprise Mobility Gateway

Mobile Access Gateway +App Tunnel Termination+ Authentication+ Access Policy Creation & Management+ Identity Federation & SSO+ On-Demand VPN+ ActiveSync Proxy

BIG-IP Platform

MaaS360 Cloud

ExtenderData Center

SharePoint

Office 365

Active DirectoryKerberos

Distribution Center

Certificate Authority


How F5 and IBM Work TogetherMobile Devices

Remote Devices

MaaS360 Client App

F5 Edge Client App

Devices MaaS360 Enterprise Mobility Management



BIG-IP Platform

MaaS360 Cloud

ExtenderData Center

SharePoint

Office 365

Active DirectoryKerberos

Distribution Center

Certificate Authority

1

2 3

5

4

6

MaaS360 provisions a configured security policy to the enrolled mobile deviceMobile device accesses enterprise application proxy through F5 Edge Client mobile applicationThe request is passed to BIG-IP APM via the data path through firewallBIG-IP APM checks its local cache (that is refreshed periodically) for requesting device’s posture information – such as device enrollment status and compliance statusIf the information is not available in the local cache, BIG-IP APM queries MaaS360 to get device compliance status BIG-IP APM validates device compliance information along with user login credentials and establishes SSL VPN connection for application access

123456


• Consolidates access infrastructure while increasing scale• Simplifies deployment – Automatic F5 VPN Configuration• Centralizes control and management• Reduces TCO for mobile app rollouts• Maintains existing apps, infrastructure and processes• Robust, end-to-end network and device security

Secure, Managed Mobile Access, Apps and Devices

• Hardened, secure appliances • Unparalleled scalability• Per App VPN access• Remote (SSL VPN) access• ActiveSync and other proxy services• Highly scalable email proxy with

MaaS360 Secure Mail or native mail apps• Simplified• Access policy management• Application access management• Identity federation/single sign-on (SSO)• Adaptive authentication• Graphic, in-depth visibility with Splunk

SIEM integration

F5 delivers:• Mobile Device Management• Mobile Application Management• Mobile Content Management• Secure Productivity Suite• Secure Document Sharing• Mobile Enterprise Access• Mobile Threat Management

IBM delivers:

F5 and IBM Customer Benefits


F5 Knows Application Access Authentication, authorization, and SSO from any device to all apps, anywhere, anytime

Remote Access and Application Access

Identity Federation

& SSO

Secure Web Gateway

Web Access Management

Mobile Apps

Web-based Apps Enterprise

Applications

Cloud, SaaS,VDI &

Partner Apps

Web Sites and

Applications

Virtual Edition Chassis Appliance

Internet Web Malware


VDI / Virtual Apps

Native VDI

© F5 Networks, Inc. 16

What is F5 BIG-IP APM • Hardened, secure access gateways• Most scalable access solution

available – 5X – 10X over competition, up to 200, 000 concurrent users on one appliance

• Granular, dynamic application access policy creation and management

• Dynamic Per App VPN support• Secure remote access (SSL VPN)• Support for ActiveSync and other

proxy services• Highly scalable email proxy with

MaaS360 Secure Mail or native mail apps

• Integrated identity federation/SSO/adaptive authentication

• Detailed, graphic visibility with Splunk SIEM integration

Industry’s only access solution with a simple GUI for creating/modifying context-aware policies

Web portal with access to only user authorized apps

© F5 Networks, Inc. 17

Simplify & Consolidate Enterprise Mobile App Access

All Mobile Users Data Center

SaaS Apps

Managed Devices

SharePoint

Email

Authentication

Store

Identity Bridging

On-premises

Cloud-based

Mobile Device Management

Layers 3-7 and App VPN

Tunneling

Remote

Virtual Apps



BIG-IP Platform

F5 Edge Client App

Devices


A Joint F5/IBM Customer Deployment

CUSTOMER REQUIREMENTS• Pre-authentication proxy for

managed ActiveSync clients• Per App VPN access for enterprise

app connections to internal resources

• Client certificate based authentication

• Support for close to 100,000 users

WHY F5 BIG-IP APM + IBM MAAS360• Highly scalable, secure solution• Ability to leverage SAML for identity

federation/SSO• Able to send MaaS360 Secure

Browser traffic to internal explicit proxies

• Dynamic, granular Per App VPN capabilities

• ActiveSync proxy

A major financial institution required secure remote access to email and internal apps from managed mobile devices


Complete enterprise mobility management

Productivity SuiteTrusted Workplace

Content SuiteContent Collaboration

Mobile Threat ManagementMalware Protection

Gateway SuiteEnterprise Access

Management SuiteVisibility & Control


Seamless enterprise integration

Management SuiteVisibility & Control

Productivity Suite Trusted Workplace

Content SuiteContent CollaborationMobile Threat Management

Malware Protection

Gateway SuiteEnterprise Access

BYODCorporate

Shared

Mail systemsDirectoriesCertificatesFile shares


Why IBM MaaS360?

Integratedsolutions that connect

seamlessly to your existing and external

environments

Scalabledata security with intelligence for the

volume, speed, and variability of mobile

Completemanagement of

devices, apps, content and users from a single platform


F5 and IBM MaaS360: Unifying, Simplifying, and Securing Enterprise Mobility at Scale

Joint solution delivers corporate security and employee productivityConfidently provide employees access to company resourcesAllow only Enterprise apps access to the Corporate Network

Ensure only trusted devices can access VPN and EmailBlock devices that are not managed by IBM MaaS360Restrict devices that do not meet IT policies until they are remediated


Mobility Solution (IBM MaaS360 – F5 APM) F5 News Release: https://f5.com/about-us/news/articles/ibm-and-f5-give-customers-access-to-applications-for-mobile-collaboration IBM-F5 Partner Use Case: https://f5.com/Portals/1/PDF/Partners/secure-mobile-access-using-f5-big-ip-and-ibm-maas360-use-case.pdf

F5 Recorded Demos: https://www.youtube.com/channel/UCzT4C-RCtyWXA4rvglOZhgQ

IBM-F5 Solution Brief: https://ibm.biz/BdH6mH

Key Contacts for Clients F5:

Joe Perettine, Client Director, [email protected], +1-914-486-1030 Peter Maranian, Field System Engineer, [email protected], +1 781-879-6329 Dana Gauthier, Sr. Business Development Manager, [email protected], +1 650-576-1693 Charlie Nath, Inside Sales Account Manager, [email protected], +1 206-953-9531

IBM: Sales and support: [email protected], 1-855-MAAS360

IBM – F5 Client Documents and Contacts

https://f5.com/about-us/news/articles/ibm-and-f5-give-customers-access-to-applications-for-mobile-collaboration

https://f5.com/Portals/1/PDF/Partners/secure-mobile-access-using-f5-big-ip-and-ibm-maas360-use-case.pdf

https://www.youtube.com/channel/UCzT4C-RCtyWXA4rvglOZhgQ

https://ibm.biz/BdH6mH

mailto:[email protected]





© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

THANK YOUwww.ibm.com/security

http://www.ibm.com/security

http://www.ibm.com/security