empower mobile users with secure corporate access using apm and emm
TRANSCRIPT
© 2016 IBM Corporation
F5 and IBM MaaS360
Dana Gauthier, Sr. Manager, Business Development, F5
Jay Kelley, Sr. Product Marketing Manager, F5
Joshua Lambert, Sr. Product Manager, IBM Security
Empower Mobile Users with Secure Corporate Access using APM and EMM
2© 2016 IBM Corporation
Housekeeping items
Duration – 60 minutesSubmit your questions to all panelists
in the Q&A box located on the right-hand side of your screen
Recording and slides will be emailed to you
© F5 Networks, Inc 3
Mobile is Strategic for Business
Mobile delivers a better user experience
Mobile changes the way people work
© F5 Networks, Inc 4
But Enterprise Mobility is Complex and Challenging
Mobile creates
risks for company data
Mobile mixes personal and
business
Mobile lives outside of the
perimeter
Mobile is fast-paced and multi-
platform
© F5 Networks, Inc 5
Poll question
Are you allowing both work and personal apps on your mobile devices?A. Yes, we fully support a Bring Your own
Device model.B. Yes, but we purchase all the mobile
devices.C. No, work apps and data only.
5
© F5 Networks, Inc 6
What IT and Security Pros Are Saying About Mobility
“How do I ensure all devices accessing our network are secured and encrypted?”
“How do I enable my workforce with the right apps and user experience at the right time?”
Maximize Productivity Amplify Protection
“How do I manage the rapid deployment of devices in a cost-effective way?”
“How do I tie in to all my existing systems? I need to protect my investment!”
“How do I ensure authorized access to customer data and protect against threats?”
“How do I show that we are compliant with our policies and industry regulations?”
AND
CIO CISO
© F5 Networks, Inc 7
Mobility is Much More Than Securing Devices
Authentication ContextIdentity Access MethodAuthorization
Mobility must also address:
© F5 Networks, Inc 8
Enterprise Mobility May Be Siloed
Mobile Users
App Wrapping+ App
Management+ Reporting
Full Device Termination + App Tunnel Termination+ Authentication
Data Center
Full Device Access + App Tunnel + App Container
Managed Apps
Unmanaged Apps
No data
transfer
Datatransfe
r
Salesforce.comEMM
Remote AccessMobile
Application
Authentication
Store
© F5 Networks, Inc 9
Mobile Users
Data Center
SaaS Apps
Managed Devices
SharePoint
Authentication
Store
On-premises
Cloud-based
Mobile Device Management
Load Balancer
Mobile Access Gateway
Mobile Access Gateway
Mobile Access Gateway
Mobile Access Gateway
Remote
Remote Access Gateway
Remote/Mobile Users
(Branch, Home, etc.)
Enterprise Mobility Is Complex
© F5 Networks, Inc 10
Mobile Enterprise Challenges
Unifying Mobility
Simplifying Mobility
Scaling Mobile Access
Securing Mobility and
Access
© F5 Networks, Inc 11
Poll question
How are you connecting mobile devices to your Intranet resources?A. We currently use a VPN.B. We do not allow access to our Intranet
today.C. Some other corporate access service.
11
© F5 Networks, Inc 12
Unify, Simplify, Secure, and Dynamically Scale Mobility
Mobile Devices
Remote Devices
MaaS360 Client App
F5 Edge Client App
Devices MaaS360 Enterprise Mobility Management
Enterprise Mobility Gateway
Mobile Access Gateway +App Tunnel Termination+ Authentication+ Access Policy Creation & Management+ Identity Federation & SSO+ On-Demand VPN+ ActiveSync Proxy
BIG-IP Platform
MaaS360 Cloud
ExtenderData Center
SharePoint
Office 365
Active DirectoryKerberos
Distribution Center
Certificate Authority
© F5 Networks, Inc 13
How F5 and IBM Work TogetherMobile Devices
Remote Devices
MaaS360 Client App
F5 Edge Client App
Devices MaaS360 Enterprise Mobility Management
Enterprise Mobility Gateway
Mobile Access Gateway +App Tunnel Termination+ Authentication+ Access Policy Creation & Management+ Identity Federation & SSO+ On-Demand VPN+ ActiveSync Proxy
BIG-IP Platform
MaaS360 Cloud
ExtenderData Center
SharePoint
Office 365
Active DirectoryKerberos
Distribution Center
Certificate Authority
1
2 3
5
4
6
MaaS360 provisions a configured security policy to the enrolled mobile deviceMobile device accesses enterprise application proxy through F5 Edge Client mobile applicationThe request is passed to BIG-IP APM via the data path through firewallBIG-IP APM checks its local cache (that is refreshed periodically) for requesting device’s posture information – such as device enrollment status and compliance statusIf the information is not available in the local cache, BIG-IP APM queries MaaS360 to get device compliance status BIG-IP APM validates device compliance information along with user login credentials and establishes SSL VPN connection for application access
123456
© F5 Networks, Inc 14
• Consolidates access infrastructure while increasing scale• Simplifies deployment – Automatic F5 VPN Configuration• Centralizes control and management• Reduces TCO for mobile app rollouts• Maintains existing apps, infrastructure and processes• Robust, end-to-end network and device security
Secure, Managed Mobile Access, Apps and Devices
• Hardened, secure appliances • Unparalleled scalability• Per App VPN access• Remote (SSL VPN) access• ActiveSync and other proxy services• Highly scalable email proxy with
MaaS360 Secure Mail or native mail apps• Simplified• Access policy management• Application access management• Identity federation/single sign-on (SSO)• Adaptive authentication• Graphic, in-depth visibility with Splunk
SIEM integration
F5 delivers:• Mobile Device Management• Mobile Application Management• Mobile Content Management• Secure Productivity Suite• Secure Document Sharing• Mobile Enterprise Access• Mobile Threat Management
IBM delivers:
F5 and IBM Customer Benefits
© F5 Networks, Inc 15
F5 Knows Application Access Authentication, authorization, and SSO from any device to all apps, anywhere, anytime
Remote Access and Application Access
Identity Federation
& SSO
Secure Web Gateway
Web Access Management
Mobile Apps
Web-based Apps Enterprise
Applications
Cloud, SaaS,VDI &
Partner Apps
Web Sites and
Applications
Virtual Edition Chassis Appliance
Internet Web Malware
Enterprise Mobility Gateway
VDI / Virtual Apps
Native VDI
© F5 Networks, Inc. 16
What is F5 BIG-IP APM • Hardened, secure access gateways• Most scalable access solution
available – 5X – 10X over competition, up to 200, 000 concurrent users on one appliance
• Granular, dynamic application access policy creation and management
• Dynamic Per App VPN support• Secure remote access (SSL VPN)• Support for ActiveSync and other
proxy services• Highly scalable email proxy with
MaaS360 Secure Mail or native mail apps
• Integrated identity federation/SSO/adaptive authentication
• Detailed, graphic visibility with Splunk SIEM integration
Industry’s only access solution with a simple GUI for creating/modifying context-aware policies
Web portal with access to only user authorized apps
© F5 Networks, Inc. 17
Simplify & Consolidate Enterprise Mobile App Access
All Mobile Users Data Center
SaaS Apps
Managed Devices
SharePoint
Authentication
Store
Identity Bridging
On-premises
Cloud-based
Mobile Device Management
Layers 3-7 and App VPN
Tunneling
Remote
Virtual Apps
Enterprise Mobility Gateway
Mobile Access Gateway +App Tunnel Termination+ Authentication+ Access Policy Creation & Management+ Identity Federation & SSO+ On-Demand VPN+ ActiveSync Proxy
BIG-IP Platform
F5 Edge Client App
Devices
© F5 Networks, Inc 18
A Joint F5/IBM Customer Deployment
CUSTOMER REQUIREMENTS• Pre-authentication proxy for
managed ActiveSync clients• Per App VPN access for enterprise
app connections to internal resources
• Client certificate based authentication
• Support for close to 100,000 users
WHY F5 BIG-IP APM + IBM MAAS360• Highly scalable, secure solution• Ability to leverage SAML for identity
federation/SSO• Able to send MaaS360 Secure
Browser traffic to internal explicit proxies
• Dynamic, granular Per App VPN capabilities
• ActiveSync proxy
A major financial institution required secure remote access to email and internal apps from managed mobile devices
19© 2016 IBM Corporation
Complete enterprise mobility management
Productivity SuiteTrusted Workplace
Content SuiteContent Collaboration
Mobile Threat ManagementMalware Protection
Gateway SuiteEnterprise Access
Management SuiteVisibility & Control
20© 2016 IBM Corporation
Seamless enterprise integration
Management SuiteVisibility & Control
Productivity Suite Trusted Workplace
Content SuiteContent CollaborationMobile Threat Management
Malware Protection
Gateway SuiteEnterprise Access
BYODCorporate
Shared
Mail systemsDirectoriesCertificatesFile shares
21© 2016 IBM Corporation
Why IBM MaaS360?
Integratedsolutions that connect
seamlessly to your existing and external
environments
Scalabledata security with intelligence for the
volume, speed, and variability of mobile
Completemanagement of
devices, apps, content and users from a single platform
© F5 Networks, Inc 22
F5 and IBM MaaS360: Unifying, Simplifying, and Securing Enterprise Mobility at Scale
Joint solution delivers corporate security and employee productivityConfidently provide employees access to company resourcesAllow only Enterprise apps access to the Corporate Network
Ensure only trusted devices can access VPN and EmailBlock devices that are not managed by IBM MaaS360Restrict devices that do not meet IT policies until they are remediated
© F5 Networks, Inc 23
Mobility Solution (IBM MaaS360 – F5 APM) F5 News Release: https://f5.com/about-us/news/articles/ibm-and-f5-give-customers-access-to-applications-for-mobile-collaboration IBM-F5 Partner Use Case: https://f5.com/Portals/1/PDF/Partners/secure-mobile-access-using-f5-big-ip-and-ibm-maas360-use-case.pdf
F5 Recorded Demos: https://www.youtube.com/channel/UCzT4C-RCtyWXA4rvglOZhgQ
IBM-F5 Solution Brief: https://ibm.biz/BdH6mH
Key Contacts for Clients F5:
Joe Perettine, Client Director, [email protected], +1-914-486-1030 Peter Maranian, Field System Engineer, [email protected], +1 781-879-6329 Dana Gauthier, Sr. Business Development Manager, [email protected], +1 650-576-1693 Charlie Nath, Inside Sales Account Manager, [email protected], +1 206-953-9531
IBM: Sales and support: [email protected], 1-855-MAAS360
IBM – F5 Client Documents and Contacts
© 2016 IBM Corporation
Questions?
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security