Extranets aren’t dead; they just need an upgrade
How F5 and Equinix are rewriting the playbook for secure partner connectivity.
There was a time when building an extranet felt like performing dark magic with BGP, MPLS, VPN concentrators, and routing rules scribbled on whiteboards like sacred runes. You needed specialized hardware, network wizards, and enough duct tape to qualify as a WAN provider.
And yet—and hold on because this may surprise you—extranets never went away.
Healthcare providers still need to connect securely to insurers and labs. Banks and payment processors still need high-trust, low-latency links between critical systems. Manufacturers still integrate supply chains across dozens of business partners.
So no, the extranet isn’t obsolete. It’s just been screaming for a better architecture.
Enter F5 and Equinix. Together, they offer a new model: a centralized, scalable, policy-driven approach that turns “building an extranet” from a 12-week routing project into a repeatable, secure service.
F5 Distributed Cloud (XC) enables global application delivery with centralized, consistent security across all environments, and simplifies deployment through cloud-native architecture.
From handcrafted to platform-driven
Traditional extranets were bespoke by design. Each partner had its own circuit, its own firewall rules, its own flavor of NAT, VPN, or Layer 2 voodoo. Multiply that by dozens of partners, and you weren’t running a network; you were curating a collection of one-off network architectures.
That’s where F5 Distributed Cloud Services Customer Edge (CE) on the Equinix Edge Marketplace changes the game. Instead of manually recreating security and networking architectures per partner, you deploy once, at a globally connected Equinix location, and apply logical, app-aware policies per relationship.
No more reinventing the perimeter. No more one-off network configs. You secure at the edge, apply fine-grained controls, and move on.
What’s in the figurative box?
I literally mean figurative, because one of the core principles of the F5 Application Delivery and Security Platform is that its services can be deployed anywhere. One of the ways we make that happen is through Distributed Cloud CE, a globally available cloud-native stack purpose-built to extend application and security services to the edge, cloud, and everywhere in between.
Distributed Cloud CE delivers the same enterprise-grade traffic management and protection capabilities you'd expect from traditional appliances, but without the traditional boundaries. That means WAF, bot defense, API security, and global load balancing are no longer confined to your data center. They go wherever your apps go, including partner networks, cloud regions, or Equinix fabric nodes.
So figuratively everywhere. But also, literally.
Distributed Cloud CE on Equinix Network Edge centralizes multi-cloud app security by migrating enforcement to the edge.
And because it’s part of the F5 platform, you get a lot of value in a small deployment footprint:
1. Centralized app & API security
You get WAAP-as-a-service (Web App and API Protection) baked into your deployment, complete with Layer 7 firewalling, bot defense, API schema enforcement, DDoS mitigation, and TLS termination.
That means each partner connection has tailored access to specific APIs, apps, or data, without spinning up redundant firewalls or creating Access Control List (ACL) nightmares.
2. Per-partner policy enforcement
With Distributed Cloud CE, you can define per-connection controls at Layer 7 to enforce authentication, access rules, rate limits, and even traffic shaping. Your bank partner gets different API exposure than your third-party CRM vendor.
Security is no longer a shared perimeter. It’s a policy you assign with surgical precision.
3. Faster, cheaper onboarding
Onboarding a new partner used to mean standing up infrastructure like VPNs, routers, and NAT policies with lead times measured in weeks.
Now? Provision a namespace, define a policy, generate credentials, and ship. What used to take weeks now takes hours. And what used to require bespoke engineering now happens inside a UI or an API call.
4. Built-in resilience & observability
Because Distributed Cloud CE runs natively as a VNF on Equinix, you get built-in global availability, failover, and full observability of what’s going on between your apps and your partners.
That includes:
- Real-time traffic monitoring
- Per-API analytics
- Anomaly detection
- Integration with your SIEM or observability stack
This isn’t a theoretical use case. It’s real infrastructure for industries that live and die by compliance, traceability, and uptime.
Healthcare providers can segment patient data access per lab or partner system without dragging a VPN into every conversation. Banks and FinTechs can expose just the necessary services to processors or affiliates while enforcing strict rate limits and behavioral controls. Even manufacturers can integrate with supply chain partners without blowing a hole in their internal network model.
The core value? It works like a platform, not a patchwork solution of point products.
The extranet, modernized
Distributed Cloud CE on Equinix gives you the power of traditional extranets (high trust, assurance, and connectivity) without the overhead, latency, or architectural rigidity imposed by traditional solutions.
You get a repeatable deployment model that doesn’t punish you for having more partners.
So if you're still dragging IPsec tunnels across cloud boundaries or troubleshooting asymmetric NAT between on-prem and a vendor, it’s time to stop.
The extranet didn’t die. It just needed to grow up.