应用交付网络f5使用总结.ppt

* * Strategic Planning Assumption: Through 2010, server centralization projects that fail to account for network latency will fail to deliver acceptable performance (0.8 probability). * * * * * Sensitive user access and corporate data needs to be controlled Organizations provide basic web access to corporate networks No view into what is accessed or where a user has navigated Visibility at IP level with no determination who user is Access via ID and password An anonymous network only has visibility at the Internet Protocol (IP) or media access control (MAC) address level, and cannot determine whether a user is a contractor, a guest or an employee. This level of security has been acceptable to many organizations, because applications and other critical resources are protected via authorization and authentication processes (usually user ID and password) and IAM solutions. However, because networks are blind to a users identity, the risk is that users see applications that they are not authorized to access (see Figure 1). For example, a contractor who has been granted network access could go exploring (undetected) and attempt to access sensitive information. “Introducing the Identity-Aware Network,” Lawrence Orans, Gartner * * * Solaris ? Radius Window ? AD Novel ? LDAP * Add-On Module for BIG-IP Family (For new BIG-IP platforms, e.g. 3600, 3900, 6900, 6900 FIPS, 8900. Available as an add-on module for BIG-IP LTM.) Access Profile for Local Traffic Virtual Servers (Very simple configuration to add an Access Policy to an LTM Virtual. Just select an Access Profile from the pulldown menu under the LTM Virtual configuration page. The rest of the Access Policy is configured under the Access Control left-hand menu, where AAA servers are configured, ACLs and ACEs are defined, and VPE is used to create the visual policy.) APM Policy Engine (This is the advanced policy engine behind APM add-on for BIG-IP) Industry Leading Visual Policy Editor (VPE) (See screensh