Collaborate in the Cloud

SaaS/PaaS conversations are coming up more and more in my customer meetings. I think it is important to understand the difference between authentication and authorization and what fits a cloud model and what does not. This post does a great job of outlining some of the strengths F5 Access Policy Manager provides in regards to authentication as well as APM’s ability to help you consolidate solutions/infrastructure.

psilva's prophecies

Employee collaboration and access to communication tools are essential for workplace productivity. Organizations are increasing their use of Microsoft Office 365, a subscription-based service that provides hosted versions of familiar Microsoft applications. Most businesses choose Exchange Online as the first app in Office 365 they adopt.

The challenge with any SaaS application such as Office 365 is that user authentication is usually handled by the application itself, so user credentials are typically stored and managed in the cloud by the provider. The challenge for IT is to properly authenticate the employee (whether located inside or outside the corporate network) to a highly available identity provider (such as Active Directory).

Authentication without complexity

Even though Office 365 runs in a Microsoft-hosted cloud environment, user authentication and authorization are often accomplished by federating on premises Active Directory with Office 365. Organizations subscribing to Office 365 may deploy Active Directory Federation Services (ADFS)…

View original post 757 more words

APM Citrix Client Bundle for StoreFront 2.6 HTML5 Receiver

If you're using Citrix StoreFront 2.6 and following the Citrix-VDI-iApp 2.0.0 deployment guide you may run into a snag while creating the Citrix Client Bundle for HTML 5 support (on page 45). In StoreFront 2.6 the Citrix HTML5 Receiver is no longer a standalone MSI file but is now bundled into the StoreFront 2.6 executable. … Continue reading APM Citrix Client Bundle for StoreFront 2.6 HTML5 Receiver →

APM Cookbook: Multiple Domain Authentication – Part 2

In this series we examine ways to make APM authenticate against multiple Active Directory Domains. Part 1 discussed the use of a drop down menu on the APM login page. In Part 2 we use the user’s UPN to determine the correct domain for authentication. Note: If you are following along through the series I recommend … Continue reading APM Cookbook: Multiple Domain Authentication – Part 2 →

APM Client Side NTLM Authentication – 3 Things to Watch

APM has a nice feature that allows seamless authentication for domain joined machines by leveraging NTLM and/or Kerberos authentication. Michael Koyfman has a great article on DevCentral titled Leveraging BIG-IP APM for seamless client NTLM Authentication that will walk you through the steps. I've implemented this a few times and I wanted to share some … Continue reading APM Client Side NTLM Authentication – 3 Things to Watch →

Protected: Agility 2014 – VDI the F5 Way (201) Lab Guide

There is no excerpt because this is a protected post.

F5 Networks – Agility 2014

Agility is F5 Networks' annual user and partner conference that offers lab training session, product overviews and breakout sessions on hot topics. This year Agility is is being held in New York City at the Marriott Marquis in Time Square August 4th through the 6th. The Agility lab training sessions are all new this year … Continue reading F5 Networks – Agility 2014 →

BIG-IP Troubleshooting 101

When you work with any technology there reaches a point where the "it's a black box" approach is no longer valid and you have to dig in a little deeper and understand how the product works. With F5 BIG-IP this means understanding how traffic flows through the appliance and how to monitor and watch it. … Continue reading BIG-IP Troubleshooting 101 →

Clustered Multi-processing (CMP) versus Traditional Shared Memory Architecture

Over on DevCentral Robert Haynes has posted a great article outlining the advantages of F5's clustered multiprocessing (CMP) architecture versus traditional shared memory architecture. So why does this matter? Because attacks today are designed to stress the performance of security devices and bring them to their knees. If your architecture is designed correctly then it … Continue reading Clustered Multi-processing (CMP) versus Traditional Shared Memory Architecture →

SAML – Client versus Server Authentication with F5 APM

As organizations start to utilize Software as a Service (SaaS) the concern on how to authenticate users becomes a critical security issue. Many organizations look to federated authentication mechanisms, such as SAML, to help address this security risk. The benefits of using SAML are that user credentials are not replicated across each vendor cloud instance … Continue reading SAML – Client versus Server Authentication with F5 APM →

Configuring and Testing an External Monitor

In follow-up to my post on Monitoring Access Policy Manager this post will walk you through how to assign the monitor to a GTM pool and simulate a down status to ensure GTM is configured correctly. If you do not know how to import the external monitor into GTM please reference SOL13423. Someone asked what … Continue reading Configuring and Testing an External Monitor →