IBM Security Access Manager (BIG-IP v11.4: LTM, AAM)

This F5 deployment guide shows how to configure the BIG-IP Local Traffic Manager (LTM) and BIG-IP Application Acceleration Manager (AAM) with IBM Security Access Manager, specifically for SSL offload, load balancing, acceleration, and security of the WebSEAL component.

When deploying IBM Identity Management, WebSEAL is a critical component of the deployment and should be designed with a high availability architecture. WebSEAL communicates with the Secure Access Manager Policy Server and provides web proxy functionality. The BIG-IP system configuration for WebSEAL is primarily focused on SSL offload, load balancing, acceleration, and security.

Deploying the BIG-IP system in front of WebSEAL completes the highly available, secure, manageable and fast architecture required by any enterprise or business.

Using BIG-IP with SAM brings a host of benefits that complement WebSEAL's functionality.

  • BIG-IP Local Traffic Manager (LTM) provides high availability for your WebSEAL environments by using health checks to direct traffic to a WebSEAL server that is available.
  • BIG-IP LTM SSL offload brings step-down authentication capability to your WebSEAL deployments. By using 2048 or larger keys using ECC technology on the BIG-IP system, users can realize the strongest possible encryption while BIG-IP uses more efficient 1024 keys for communication with WebSEAL.
  • BIG-IP Application Acceleration Manager (AAM) can provide content caching and intelligent browser referencing (IBR) to accelerate the user experience for the content that your WebSEAL proxies are serving. BIG-IP AAM dynamically manages expires headers, provided content caching and intelligently manages content with browsers, reducing the total number of HTTP connections between browser and server, among other acceleration features.

The following simple configuration example shows the BIG-IP system with LTM and AAM modules in front of a pool of WebSEAL devices.