Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
What’s Inside:
DATASHEET
DeliverSecureandAcceleratedRemoteAccesstoApplicationsAsmoremobileandremoteworkersaccessapplicationsanddatafrommanydifferentdevicesandlocations,ensuringfastapplicationperformanceforremoteusersisagrowingconcernforITorganizations.
F5BIG-IP®EdgeGateway™isanaccesssolutionthatbringstogetherSSLVPNremoteaccess,security,applicationacceleration,andavailabilityservicesforremoteusers.BIG-IPEdgeGatewaydrivesidentityintothenetworktoprovidepolicy-controlled,context-aware,secureremoteaccesstoapplicationsatLANspeed.Astheindustry’smostsecureandacceleratedaccesssolution,BIG-IPEdgeGatewaycanhelpyourorganizationdeliverpeakperformancelevelstousersaccessingtheapplicationsandnetworksthatarecriticaltoyourbusiness.
BIG-IPEdgeGateway
What’s Inside:
2 ScalabilitytoMeetFutureITDemands
2 StreamlinedAccessManagement
5 ImprovedUserExperienceandProductivity
6 SuperiorSecurity
6 AcceleratedApplicationPerformance
8 VirtualArchitecture
9 BIG-IPEdgeGatewayArchitecture
10 BIG-IPEdgeGatewayPlatforms
10 ProfessionalServicesandSupport
10 MoreInformation
Key benefits
Scale for the growing mobile workforce Supportaccessformoreremoteuserswithanadvancedgatewayattheedgeofthenetwork.
Streamline access management Getauthenticationandauthorizationservicesonasingle,easy-to-managenetworkdevice.
Provide automatic access anywhere Giveusersaseamlessconnectionwhentransitioningbetweenlocations.
Ensure strong endpoint security Protectyourorganizationandvalidateuserdeviceswithanoptionalendpointsecurityinspectionservice.
Accelerate application performance AcceleratetraffictoimprovetheremoteuserexperienceandprovideaccessatLANspeeds.
2
DATASHEET BIG-IP Edge Gateway
BIG-IP Edge Gateway unifies access services on a single, easy-to-manage, and optimized network device.
Scalability to Meet Future IT Demands
BIG-IPEdgeGatewayisanadvancedaccessgatewayattheedgeofthenetworkthatprovidessecureremoteaccessfortherapidlygrowingnumberofremoteandmobileusers.Withupto8GbpsofSSLVPNthroughput,BIG-IPEdgeGatewaydeliversunprecedentedperformance,supportingupto600loginspersecondandupto40,000concurrentSSL-encryptedusersessionsonasingleappliance.Itsuniqueaccessandaccelerationservices,alongwithcaching,compression,andoptimization,providesuperiorscalabilitytomeetcurrentandfutureITdemands.
LAN Users
BIG-IP Edge Client
Data Center Resources
Utilize existing user directories
BIG-IP Edge Gateway (web access, acceleration,
and optimization)Internal LAN
VLAN1
Internal LANVLAN2
DMZ
Branch Office Users
BIG-IP Edge Client
Wireless Users
BIG-IP Edge Client
Mobile Users
BIG-IP Edge Client
Internet
Streamlined Access Management
BIG-IPEdgeGatewayunifiesaccessservicesonasingle,easy-to-manage,andoptimizednetworkdevicetohelpyouachievefastimplementationandreducethecostofmanagementacrossservices.
Unified access services
Equippedwithnetworkandapplicationaccessaswellascontentrewriteforaccessinginternalapplications,BIG-IPEdgeGatewayprovidessecureconnectivitytocorporateapplicationsfromallnetworks,includingremoteLAN,internalLAN,andbothpublicandinternalwireless.Thisflexible,high-performancedeviceusesSSLtunnelingandoptionalclienttechnologytoprovidesecureaccesstoanyuserfromanylocationandanyclientdevice.
Access policies
WithBIG-IPEdgeGateway,youcandesignaccesspoliciesforendpointsecuritychecking,authentication,andauthorizationtoenforceusercompliancewithcompanypolicies.Youcandefineoneaccessprofileforallconnectionscomingfromanydevice,oryoucancreatemultipleprofilesfordifferentaccessmethods,eachwiththeirownaccesspolicy.
DATASHEET BIG-IP Edge Gateway
3
The advanced Visual Policy Editor makes it easy to create access policies.
Forexample,youcancreateapolicyforcorporateLAN,VPN,orwirelessconnections.Withpoliciesinplace,yournetworkbecomescontext-aware:understandingwhotheuseris,wheretheuserisaccessingtheapplication,andwhatthecurrentnetworkconditionsareatthetimeofaccess.
Advanced Visual Policy Editor
Theadvanced,GUI-basedVisualPolicyEditor(VPE)makesiteasytodesignandmanagegranularaccesscontrolpoliciesonanindividualorgroupbasis.WiththeVPE,youcanquicklyandefficientlycreateoreditentiredynamicaccesspolicieswithafewsimpleclicks.Forexample,youcan:designendpointsecuritypolicycheckstobringdevicesintocompliancewithantivirus,firewall,andOSupdates;designanauthenticationserverpolicyintegratedwithRADIUS;assignresourcesforaccessonceauthorizationiscomplete;ordenyaccessforfailuretocomplywithpolicy.Ageolocationagentprovidesautomaticlookupandlogging.Thissimplifiestheconfigurationprocessandenablesyoutocustomizeuseraccessrulesaccordingtoyourorganization’sgeolocationpolicy.TheVPEsimplifiesandcentralizespolicycontroltohelpyoumanageaccessmorecost-effectively.
Broad authentication support and AAA server integration
BIG-IPEdgeGatewayintegrateswithauthenticationserversusingaccesspoliciesandsupportsauthenticationrequirementsononeeasy-to-managedevice.Onceauthenticationintegrationsarecompleted,BIG-IPEdgeGatewayinteractswithauthentication,authorization,andaccounting(AAA)serverscontaininguserinformation.Abroadsetofauthenticationservices—includingActiveDirectory,LDAP,RADIUS,andnativeRSASecurID—ensuresstrongenforcementofaccesspolicies.Forexample,ActiveDirectorysupportgivesyouaccessenforcementforlookupandnesteddirectories.
DATASHEET BIG-IP Edge Gateway
4
You can manage all access, acceleration, and optimization services from one centralized GUI.
Machine certificate support
Duringauserlogon,BIG-IPEdgeGatewaycancheckforaWindowsmachinecertificateandalloworprohibitaccessbasedonwhetherornotthereisavalidcertificatepresent.BIG-IPEdgeGatewaycanusemachinecertificatesasaformoftwo-factorauthentication.
Out-of-the-box configuration wizards
BIG-IPEdgeGatewayhelpsreduceadministrativecostsbymakingiteasytoquicklyconfigureanddeployAAAserverintegrationandauthentication.Theconfigurationwizardincludesasetofpre-builtwebapplicationaccess,networkaccess,andlocaltrafficvirtualdevicewizards.Itcreatesabasesetofobjectsaswellasaccesspolicyforcommondeploymentswhileautomaticallybranchingtonecessaryconfigurations,suchasDNS.Withstep-by-stepconfiguration,context-sensitivehelp,review,andsummary,settingupauthenticationwithAAAserversonBIG-IPEdgeGatewayissimpleandfast.
Consolidated access for Oracle
BIG-IPEdgeGatewayintegrateswithOracleAccessManager,soyoucandesignaccesspoliciesandmanagepolicy-basedaccessservicesforOracleapplicationsfromonelocation.Byconsolidatingplug-insandwebauthenticationproxies,thisintegrationcanhelpyoureduceCapExandOpEx.
DATASHEET BIG-IP Edge Gateway
5
BIG-IP Edge Client uses cutting edge roaming, domain detection, and automatic connection to deliver a seamless transition between locations.
Improved User Experience and Productivity
BIG-IPEdgeGatewaydrivesauser’sidentityintothenetworktoprovidecontext-awarenetworkingthatminimizesthetimeandeffortrequiredtogainaccesstoauthorizedfilesandapplications.
“Always connected” remote access
Someaccessclientsneedconstantreconnectionthroughoutthedayasusersmovelocationsorrestartapplications.TheBIG-IP®EdgeClient™solutionisastate-of-the-art,integratedclientthatprovideslocationawarenessandzonedeterminationtodeliveraremoteaccesssolutionunlikeanyother.Cutting-edgeroaming,domaindetection,andautomaticconnectioncreateaseamlesstransitionasusersmovebetweenlocations.BIG-IPEdgeClienthelpsensurecontinueduserproductivitywhethertheuserisathomeonawirelessnetwork,usinganaircardintransit,givingapresentationfromcorporatewireless,inacaféonguestwireless,ordockedonaLANconnection.BIG-IPEdgeClientcanautomaticallydetectdomainsandconnect,evenafterlosingaVPNconnection,ordisconnectwhenaLANconnectionisdetected.
BIG-IP Edge Client
BIG-IP Edge Client
At home (wireless)
Always connected application access
In the office (docked LAN connection)
In the café(wireless)
Presenting (corporate wireless)
Commuting(air card)
BIG-IP Edge Client
BIG-IP Edge Client
BIG-IP Edge Client BIG-IP
Edge Client
Status and reporting
BIG-IPEdgeClientprovidesserverandtrafficstatus,andyoucanselectthedesiredaccessservertogainoptimalperformance.Graphreportingshowsconnectionstatus,routingtables,IPconfigurations,andmore.WithBIG-IPEdgeClient,theadministratorcantracktheincreaseinthenumberofconnectedusersinallroamingenvironments.
Windows logon credential reuse
WhentheuserfirstenterscredentialsaspartoftheWindowslogonprocess,BIG-IPEdgeClientcachesthemandthenautomaticallytriestheminthefirstattempttologontotheVPN.Thisstreamlinestheuserexperiencetohelpimproveproductivity.
DATASHEET BIG-IP Edge Gateway
6
Credential caching
BIG-IPEdgeGatewayprovidescredentialcachingandproxyservicesforsinglesign-on(SSO),sousersonlyneedtosigninoncetoaccessapprovedsitesandapplications.Asusersnavigate,sign-oncredentialsaredeliveredtowebapplications,savingvaluabletimeandincreasingproductivity.
Automatically synchronized Exchange services
BIG-IPEdgeGatewaysupportsthesynchronizationofemail,calendar,andcontactswithMicrosoftExchangeonmobiledevicesthatusetheMicrosoftActiveSyncprotocol,suchastheApple®iPhone®.ByeliminatingtheneedforanextratierofauthenticationgatewaystoacceptOutlookWebAccess,ActiveSync,andOutlookAnywhereconnections,BIG-IPEdgeGatewayhelpsyouconsolidateinfrastructureandkeepusersproductive.
Superior Security
BIG-IPEdgeGatewaymakespolicy-based,context-awareaccessdecisionstoensurethatuserseverywhere—usinganydevice—gainsecureaccesstoonlytheresourcestheyneedtostayproductive.
Strong endpoint security
BIG-IPEdgeGatewayprovidesabroadlayerofendpointinspectiontovalidateclientsecurityposturesagainstcorporatepolicy.Endpointinspectionprotectsagainstworms,viruses,andaccidentaldataloss.Morethanadozenintegratedendpointinspectionchecksarepreconfigured,includingWindows,Macintosh,Linux,antivirus,andfirewallchecks.Othercheckingfeaturesinclude:file,process,OS,andregistrychecks;assignmentofdynamicaccesscontrollists(ACLs)basedonendpointposturetodelivercontext-basedsecurity;andbrowsercachecleaningtoremoveanysensitivedataattheendofauser’ssession.
Customizable logon pages
Youcanfullycustomizeanentirelogonpagetobestsuityourexistingcorporatewebsiteportalsandprovidethebestuserexperience.CustomizableoptionsrangefromsimplenamingoffieldsfromCSSstylesheetstoHTMLcoding.Youcancustomizealogonpageusingtheconfigurationutilityorthecommandlineinterfacetouploadcustompages.
Encrypted environment with protected workspace
Usingtightencryption,BIG-IPEdgeGatewayprovidesaprotectedworkspaceforuserswhoneedtoswitchtoasecureenvironment.Inthismode,userscannotwritefilestolocationsoutsidetheprotectedworkspace.Temporaryfoldersandalloftheircontentsaredeletedattheendofthesessiontoensuremaximumprotectionofdata.YoucanconfigureBIG-IPEdgeGatewaytoautomaticallyswitchusersofWindows7(32-bit),WindowsXP,andWindowsVistatoaprotectedworkspace.
Dynamic access control
BIG-IPEdgeGatewayprovidesaccessauthenticationusingACLsandauthorizesuserswithdynamicallyappliedlayer4andlayer7ACLsonasession.BothL4andL7ACLsaresupportedbasedonendpointpostureasapolicyenforcementpoint.BIG-IPEdgeGatewayallowsindividualandgroupaccesstoapprovedapplicationsandnetworksusingdynamic,per-sessionL7(HTTP)ACLs.YoucanusetheVisualPolicyEditortoquicklyandeasilycreateACLs.
DATASHEET BIG-IP Edge Gateway
7
BIG-IP Edge Gateway combines asymmetric, symmetric, and client-based acceleration to deliver fast and secure access to applications and networks.
Accelerated Application Performance
WithBIG-IPEdgeGatewayaccelerationandoptimizationtechnologies,usersexperienceauthorizedremoteaccesstoapplicationsatLANspeeds.
Optimized downloads
BIG-IPEdgeGatewayoptimizesperformancefordownloadsandapplicationsbysecuringagainstpacketlossandusingclient-sidetrafficshapingtoreducecongestion.Caching,compression,andaccelerationenableuserstodownloaddocumentsfromfamiliarbusinessapplications—suchasMicrosoftOfficeSharePoint—atdoublethespeedoftraditionalVPN solutions.
Asymmetric and symmetric acceleration
BIG-IPEdgeGatewayaccelerationservicescacheahighpercentageofrepetitiveandduplicatewebapplicationdata,reducingbandwidthusageandoverallcosts.Asymmetricaccelerationcanimproveperformance2xto5x.Withsymmetricaccelerationdeployedatthedatacenterandataremotelocation,userscanaccessapplicationsupto10xfaster.
ApplicationsData Center
Microsoft
SAP
Oracle
Clients
BIG-IP Edge Gateway
BIG-IP Edge Client
BIG-IP Edge Gateway
Remote Office
asymmetric acceleration
symmetric acceleration
client acceleration
Client-based acceleration
UsingBIG-IPEdgeClientforclient-basedacceleration,youcangaingreatercontroloftraffictoimproveapplicationperformanceandenablefastercommunications.Dynamicdatacompressionandclient-sidecachereducetrafficvolumestominimizetheeffectsofInternetlatencyandclientconnectionbottlenecksonapplicationperformance.Client-sidequalityofservice(QoS)andapplicationtrafficshapingforWindowsdevicesreducelatencyanddroppedpacketsforremoteapplications.Youcanprioritizeapplicationtrafficsospecificapplications,suchasVoIP,aresentbeforeothers.
Faster global access
YoucanimplementglobalVPNaccessbyintegratingBIG-IP®GlobalTrafficManager™withBIG-IPEdgeGateway.Combinedaccessredirection,IPgeolocation,acceleration,andoptimizationservicesprovideusersaccessingapplicationsgloballywithupto8xfasterdocumentdownloads.ThiscreatesaseamlessglobalVPNarchitecturethatdeliverssecureaccesstoremoteusersatLANspeed.
DATASHEET BIG-IP Edge Gateway
8
WAN optimization
BIG-IPEdgeGatewayovercomesnetworkandapplicationissuesontheWANtoensurethatuserseverywheregettheapplicationavailabilityandperformancetheyneedtostayproductive.CommonInternetFileSystem(CIFS)andMessagingApplicationProgrammingInterface(MAPI)acceleration,datade-duplication,andsuperiorcompressionandaccelerationcapabilitiesareintegrateddirectlyonyourBIG-IPEdgeGatewaydevice.Theresultisdocumentdownloadsthatareupto8xfaster,moreeffectivebandwidthutilization,andmitigatedeffectsoflatencyforthecriticalapplicationsyourremoteusersaccess.
Virtual Architecture
BIG-IPEdgeGatewayvirtualizationcapabilitieshelpyoureducetheamountofhardwareyourequire,improveoperationalefficiency,anddecreasecosts.Youcancreatemultipleaccessvirtualserversandsupportmulti-tenancybydefiningandmanagingaccesspolicygroupsaccordingtoyourbusinessororganizationalneeds.BycreatingmultiplevirtualserversofBIG-IPEdgeGatewayononedevice,youcaneasilyscaleandcustomizeeachremoteaccessserviceseparately.BIG-IPEdgeGatewayisideallysuitedforenterprisesorserviceprovidersthatrequireconsolidationofmultiplecustomers’accessgroupsontoonedevice.
DATASHEET BIG-IP Edge Gateway
9
TMOS delivers:
· SSL offload
· Advanced rate shaping and quality of service
· IP/port filtering
· iRules® scripting language
· iSessions
· Fast cache
· Symmetric adaptive compression
· Resource provisioning
· Route domains (virtualization)
· Geolocation agent in Visual Policy Editor
· Report scheduling
· TCP/IP optimization
· Full proxy
· Key management and failover handling
· VLAN segmentation
· DoS protection
· System-level security protections
BIG-IP Edge Gateway features include:
· Secure accelerated remote access
· Acceleration and optimization services
· Network access management
· Rewrite engine – internal application access
· Granular access policy enforcement
· Advanced Visual Policy Editor
· L4/L7 dynamic access control list (ACL)
· BIG-IP Edge Client: web-based and standalone
· Auto-connect and reconnect
· Windows logon credential reuse
· Location awareness
· Dynamic profiling
· Dynamic data compression
· Client logging for events
· SDK
· Client-side traffic shaping for Windows (QoS)
· Optimized and secure connections with Datagram-TLS
· Protected workspace support and encryption
· Style sheets for customized logon page
· Credential caching and proxying for SSO
· Integration with Oracle Access Manager
· Endpoint security
· Endpoint inspection: Windows, Mac, Linux, antivirus, and firewall checks
· More than a dozen endpoint checks
· Virtual keyboard support
· AAA server authentication
· RADIUS
· LDAP
· Active Directory
· Native RSA SecurID
· Microsoft ActiveSync support
· Health check monitor for RADIUS accounting
· Windows machine certificate support
· External logon page support
· Out-of-the-box configuration wizards
· Application access management for BIG-IP virtual servers
· Network access
· Web application setup
· Scale up to 40,000 concurrent users
· Asymmetric and symmetric network and application acceleration
· Dynamic caching and compression
· Data de-duplication
· CIFS and MAPI acceleration
· Hardware acceleration (SSL and compression)
· Virtual architecture
· Centralized advanced reporting
· Access policy dashboard
· Session logging and reporting summaries
· Splunk integration reporting
· Policy routing
· Export and import of access policies
· Clustered multi-processing
· DNS cache/proxy support
· BIG-IP Edge Gateway and BIG-IP Global Traffic Manager layering
· F5 Enterprise Manager layering
· Group policy support and integration
· Windows Mobile package customization
BIG-IP Edge Gateway Architecture
BIG-IP Edge Gateway runs on F5’s unique, purpose-built TMOS® architecture. TMOS is an
intelligent, modular, and high-performing platform that delivers insight, flexibility, and
control to help you intelligently deliver your web applications.
DATASHEET BIG-IP Edge Gateway
F5 Networks, Inc.Corporate [email protected]
F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com
F5 Networks Ltd.Europe/Middle-East/[email protected]
F5 NetworksJapan [email protected]
10
DATASHEET BIG-IP Edge Gateway
BIG-IP Edge Gateway Platforms
BIG-IPEdgeGatewayisavailableasastandalonesolutiononthe8900,6900,3900,3600,and1600platforms.Fordetailedphysicalspecifications,pleaserefertotheBIG-IPSystemHardwareDatasheet.
Platform 8900 6900 3900 3600 1600
Base Concurrent Users: 5,000 2,500 1,000 500 300
Maximum Concurrent Users:
40,000 25,000 10,000 5,000 1,000
Professional Services and Support
F5isdedicatedtohelpingyougetthemostfromyourF5products.TofindouthowF5supportservicescanhelpyouimproveyourROI,reduceadministrativetimeandexpense,andoptimizetheperformanceandreliabilityofyourIT
infrastructure,[email protected].
More Information
BrowsefortheseandotherresourcesonF5.comtolearnmoreaboutBIG-IPEdgeGateway.
Product overview
BIG-IP Edge Gateway
White paper
Unified Access and Optimization with F5 BIG-IP Edge Gateway
Video
BIG-IP Edge Gateway Demo
Consolidate Access with BIG-IP Edge Gateway
Podcast
F5 Customer Interview: CSC and Remote Access
8900 Series 6900 Series
3900 Series
1600 Series
3600 Series
Windows, Windows XP, Windows Vista, and Active Directory are registered trademarks or trademarks of Microsoft Corporation in the United States and other countries.
© 2010 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, FirePass, iControl, TMOS, and VIPRION are trademarks or registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. CS03-00004 0710