Miele Protects E-Business Platform with F5 WAF and Proxy Solution

Miele & Cie. KG, a leading global appliance manufacturer, engaged with F5 to meet two key objectives: replace an outdated reverse proxy and add additional protection for its e-business platform. Miele chose to work with F5 due to its advanced portfolio of products that enables application security and management from a single source.

Business Challenges

Miele, founded in 1899 and headquartered in Gütersloh, Germany, is the world’s leading provider of premium household and commercial appliances for kitchen, laundry, and floor care. In addition, it produces equipment used in the preparation of medical instruments and laboratory needs. Miele is represented in more than 100 countries worldwide.

To maintain its leadership position in the appliance industry, Miele continuously expands its e-business platform for consumers, where business partners — suppliers, dealers, agencies, and service partners — are integrated into sales and operational processes with increasing depth. Because of this continuing innovation, the number of mission-critical web applications that need to be managed and secured is quickly growing.

A Holistic Solution

“F5 [provided] us with an integrated solution consisting of high-performance modules,” explains Michael Hüttenhölscher, Head of Data Center Infrastructure at Miele & Cie. KG. “It includes the BIG-IP Local Traffic Manager, Access Policy Manager, and Application Security Manager. There is no other solution that is as flexible and well-integrated into complex web application scenarios.”

As B2C shops are popular targets for cyber-attacks, Miele decided to increase security with an additional web application firewall (WAF). The existing WAF was no longer able to meet current and future requirements, making this a necessary and timely upgrade. The new reverse proxy integrates with a range of B2B applications for partners, which includes pre-authentication via multiple Active Directory domains in combination with single sign-on.

The F5 BIG-IP Local Traffic Manager (LTM) enables far-reaching visibility of application data traffic within the network, as well as control over how to manage it. It transforms large volumes of network traffic into logically aggregated data streams, then makes intelligent decisions, ensuring the data reaches the correct destination based on server performance, security, and availability. As BIG-IP LTM is a complete proxy within the network, it’s possible to analyze and manage inbound and outbound data traffic. From underlying load balancing to complex traffic management, it offers granular control over application data traffic based on the client, server, or application status. It was particularly crucial to Miele that BIG-IP LTM was implemented with the F5 iRules scripting feature to guarantee maximum flexibility when integrating different web applications in a portal.

Online shoppers today expect easy access, anytime and anywhere, to the applications and data they need, regardless of whether those resources are located in a data center, the cloud or a hybrid environment. The F5 BIG-IP Access Policy Manager (APM) secures, simplifies, and protects user access to applications and data in a context-sensitive manner, providing a highly scalable access gateway. BIG-IP APM integrates seamlessly with Miele’s Active Directory and enables SAML-based authentication.

Because potential security threats to applications and data continue to rise, they must be identified and quickly mitigated without compromising application performance. The F5 BIG-IP Application Security Manager (ASM) provides protection against sophisticated threats with a security efficacy rate of 99.89%. At the same time, application performance is maintained through SSL application swapping and the prevention of malicious content caching.

Miele chose Telonic GmbH as its IT service provider for the implementation. Since 1979, Telonic has worked with organizations in a wide range of industries to implement networking solutions seamlessly and in a way that meets the unique demand of each business. Together with Miele, Telonic supported the basic implementation of the BIG-IP systems. Furthermore, it provided training for Miele staff members in working with BIG-IP LTM and ASM.

Benefits

F5 has been a flexible, all-in-one solution for integrating and protecting web applications with a highly-efficient WAF.

Optimized application management

“The previous reverse proxy was gradually migrated,” says Michael Hüttenhölscher. “BIG-IP LTM and APM thereby proved to be extremely flexible modules[.] The configuration and activation of BIG-IP ASM was a simple, easily-managed, and iterative process. After going live, the entire solution worked reliably and without surprises right from day one.”

“[With F5] we get stable round-the-clock service and system management from a single source,” remarks Fritz Fronemann, Service Responsible for Web Infrastructure. “[Our] administrators benefit from good manageability and easy maintenance. Consequently, our BIG-IP [implementation] represents a reliable and scalable platform for the future.”

Seamless application integration

BIG-IP products also effectively integrate with Miele’s applications. Today, there are around 20 different B2B web applications integrated into a portal application. Miele uses one login for BIG-IP APM, whereby all applications receive a corresponding token for single sign-on. The applications respond distinctively to different HTTP headers and BIG-IP LTM can compensate for these differences. In addition, BIG-IP APM can integrate different Active Directory domains, even if they don’t present trust certificates.

Advanced Threat Protection

As Miele’s chosen WAF solution, BIG-IP ASM integrates smoothly into the overall IT ecosystem. It gives Miele tight control over data flow (with the help of BIG-IP LTM iRules) and greatly reduces complexity.

“The interaction with customers and partners is increasingly reliant on web-based applications," explains Fritz Fronemann. “Some applications do not expeditiously receive relevant patches. In this case, the web application firewall offers a viable auxiliary solution. It also staves off intrusion attack traffic from applications. This has significantly increased our level of security.”