Enhancing the User and Administrative Experience with Secure Hybrid Access

Jay Kelley 축소판
Jay Kelley
Published September 16, 2020

With hundreds of millions of applications in use today spread across multiple data centers and public clouds, as John Morgan, GM & VP, Security at F5, stated in his recent blog, it remains an application-driven world.

Applications are everywhere. They can be accessed from anywhere, helping drive productivity, user experience, business velocity, and digital transformation. But, the ever-growing number of applications, coupled with their ability to be everywhere and accessed from anywhere, creates an incredible amount of complexity for your organization. The ubiquity and convenience of apps vastly increases your organization’s risk and infinitely broadens your threat surface.

Regardless of application location—whether in the public cloud as a native cloud app or Software-as-a-Service (SaaS) offering, on-premises, in an offsite data center—your users need access to applications to do their jobs and to be productive. This need helps drive your organization to create better, simpler, safer, and faster user experiences for users accessing apps, but while trying to keep the costs of app access down.

Most older applications, such as classic applications, like many still-popular titles from vendors like Oracle and SAP, or custom applications, though, do not or cannot support modern authentication and authorization methods, or standards and protocols such as Secure Assertion Markup Language (SAML), or Open Authentication (OAuth) and OpenID Connect (OIDC). Many of these apps are mission-critical, with sensitive data behind them, and may be found on-premises, in an offsite data center, or in a private cloud. A majority of these apps are ill-suited for or are incapable of cloud migration. Also, lots of these applications do not support enhanced security, such as multi-factor authentication (MFA), putting them and the data behind them at risk. Many are also incapable of supporting identity federation or single sign-on (SSO).

Even as many applications are being born in or migrated to the cloud, your organization will need a hybrid application strategy to address secure access to applications across on-premises, offsite data centers, and multiple public clouds for many years to come. You will need to deploy a cost-effective hybrid architecture that ensures secure application access with a centralized identity and authentication strategy. Your user’s application experiences will need enhancement, empowering them to find apps easily, enjoy a consistent experience, and have simplified, centralized access.

Your organization and your users can already enjoy these benefits. By deploying Microsoft Azure Active Directory (Azure AD), Microsoft’s comprehensive cloud-based identity platform, along with F5’s trusted application access solution, BIG-IP Access Policy Manager (APM), you can already federate user identity, authentication, and authorization, and bridge the identity gap between cloud-based and SaaS applications that support modern authentication, and those on-premises or private cloud classic and custom applications that don’t.

F5 BIG-IP APM and Azure Active Directory together simplify application access and your user’s experience, allowing them to log in once and access all applications they are allowed and authorized to access to from a single location. This integrated solution also increases application security by enabling all applications—regardless of location—to be protected with MFA.

However, improving your user’s experience for application access is only part of the story. There is also a need for you to simplify setup and deployment, reduce management overhead, and in general, enhance your administrative experience, as well.

“For users, the experience is the same whether they are accessing an on-premises app or a cloud app. They sign in once using SSO and gain access to both cloud and legacy apps. It’s completely seamless.”

– Nitin Aggarwal, Global Identity Security Engineer, Johnson Controls

The F5 BIG-IP APM integration with Azure Active Directory address these needs, too.

BIG-IP APM includes an Access Guided Configuration (AGC) capability that simplifies the deployment and management of application access. The AGC will walk your administrator through a step-by-step process of setting up and deploying BIG-IP APM, saving you and your admin from additional administrative and deployment time and cost.

“The F5 integration with Microsoft also alleviates stress for administrators as it creates one centralized policy authority for application access, including on-premises legacy apps that don’t support modern authentication and applications in the cloud. Administrators can now simply tear down user access from a single location instead of having to enter each app to cancel user access, greatly reducing potential for human error.”

– John Morgan, GM & VP, Security, F5

The latest version of BIG-IP APM goes even further, though. BIG-IP APM’s AGC now allows your administrator to quickly, simply onboard and operationally manage classic mission-critical applications, such as SAP ERP and Oracle PeopleSoft, to Azure Active Directory.

This simplified guided access eliminates numerous steps previously required to bridge the access gap between applications supporting modern authentication and apps that support classic authentication methods, such as header-based or Kerberos authentication. The end-to-end operation of policy management for access to SAP ERP and Oracle PeopleSoft is now integrated directly into the BIG-IP APM AGC console. All your admin has to do is click on the appropriate icon in the BIG-IP APM AGC, and they will be walked step-by-step through the setup for SAP ERP or Oracle PeopleSoft with Azure AD and BIG-IP APM. Once complete, they simply click on the Deploy button, and the application is available for your users, federating their identity for those apps and their cloud and SaaS apps, enabling SSO and increasing security for these applications with MFA. This greatly reduces your administrative overhead involved in modernizing those applications.

F5 BIG-IP Access Policy Manager (APM) and its Access Guided Configuration (AGC) illustrating integration with Azure Active Directory
F5 BIG-IP APM’s Simplified Guided Access for Classic / Custom Applications to Azure Active Directory

This fusion of BIG-IP APM and Azure AD means support for identity federation, centralized user access (via SSO), and increased application security (via MFA) for mission-critical applications, like SAP ERP and Oracle PeopleSoft, in addition to cloud-based and SaaS apps. Support for SAP ERP and Oracle PeopleSoft are just the beginning, though; F5 and Microsoft will be adding additional support for more classic SAP, Oracle, and other vendor applications in future product releases.

“In today’s reality, organizations can no longer be selective in what apps can be accessed remotely. To ensure business continuity, employees have to connect to mission-critical on-premises applications from home. Microsoft and F5 are committed to helping our shared customers achieve their goals, providing them with simple and secure experiences. This is why we are taking a step further in our pre-integrated experience with the rollout of the new simplified UI. With this release, our customers can accelerate onboarding of their legacy on-premises applications to F5 BIG-IP APM and Azure AD.”

– Sue Bohn, Partner Director, Identity Division, Microsoft

With the integration between BIG-IP APM and Azure Active Directory, your users, administrators, and organizations will be the beneficiaries. As secure hybrid access is achieved, your management overhead and costs are reduced, your user and administrator experiences are enhanced, and classic and custom apps are better secured.

Click here for more information on the integration of F5 BIG-IP APM and Azure Active Directory.