Secure Mobility - FIPS, CAC and Beyond

Paul Arnpriester, CDW Nonprofit

Glenn Exline, VMware

Paul Pindell, F5 Networks

Deepak Puri, VMware

EUC5196

#EUC5196

Today’s Agenda

• VMware Horizon Suite Overview

• Federal / Nonprofit and other highly security conscious customers concerns

• FIPS, CAC, and Smart Card requirements

• How F5 Access Policy Manager can secure Horizon Workspace and provide a FIPS and CAC Compliant solution

Centralized layered image management

for local deployment

Multi-device workspace for IT services

HORIZON SUITE The platform for workforce mobility

Horizon

View

Horizon

Mirage

Horizon

Workspace Complete desktop and application

virtualization

NEW

v5.2 NEW

v4.0

NEW

v1.0

F5 + HORIZON SUITE

Support for VMware validated solutions

Mobile Secure Desktop

Business Process Desktop

AlwaysOn Desktop

Branch Office Desktop

Unique F5 solutions

PCoIP Proxy

Single Namespace

Username Persistence

Intelligent traffic management and security

Local and global traffic management

Multi-site and multi-pod deployments

Access management and data center firewall

Horizon View

Intelligent Services

Framework

Secure • Fast • Available

Anywhere, any

service, any device

Intelligent Dynamic, agile,

adaptive

Horizon Mirage

Horizon Workspace

VM

VDI

VMware Horizon Workspace

Broker: Manage & secure

centrally and broker services to

your

workforce by policy

Transform: Transform

desktops, diverse apps and

data into centralized services

Deliver: Empower your

workforce

with flexible access across

devices, locations and

connectivity

Control & Governance Is More Challenging

People you employ

Using a network you

own to connect to…

Using software you own

on a Windows desktop

you own

An application you own,

running on a server you

own

Apps live in many

clouds and are easily

procured without IT

Always connected, via

3G, 4G and public or

personal wifi

Non-owned devices and

multiple non-Windows

OSs

Employees, contractors

outsourcers, partners

citizens, students

Encryption & Authentication

The [FIPS 140-2] standard specifies the security requirements that

must be satisfied by a cryptographic module utilized within a

security system that protects unclassified information within

computer and telecommunication systems including voice

systems. The standard provides four increasing, qualitative levels

of security: Level 1, Level 2, Level 3, and Level 4.

Source : Google

How F5 Access Policy Manager can secure Horizon Workspace and provide a FIPS and CAC Compliant solution

• Introduction to F5 Networks

• Introduction to F5 Access Policy Manager (APM)

F5 and VMware

A long-standing strategic partnership

VMware named F5

‘Global Technology Innovator Partner

of the Year’ (2011)

F5 was key launch partner for

VMware Ready for

Networking

and Security

Program

Across all

major VMware

solutions

and F5 products

Coordinated

back-end

customer

support

76% Market Share

60% Market Still

Untouched

$40 BILLION Market

Capitalization $4.2

BILLION Annual Sales

Traffic Management Operating System

01010101010101010101010101

Sw

itch

Fa

bric

Hig

h S

pee

d B

ridg

e

01010101010101010101010101

Dis

ag

gre

ga

tor

Sw

itch

Fa

bric

Hig

h S

pee

d B

ridg

e

TM Microkernel

TM Microkernel

TM Microkernel

TM Microkernel

Dis

ag

gre

ga

tor

L2 - L4 Hardware L5 - L7 Software L2 - L4 Hardware

TCP

Proxy Server side connection Client side connection

TMM

SS

L O

fflo

ad

Rate

Shap

ing

Web

Cachin

g

HT

TP

Pro

xy

TC

P E

xpre

ss

Clie

nt A

uth

OneC

onn

ect

Serv

er

Mon

ito

r

Lo

ad

Bala

nce

TC

P E

xpre

ss

Com

pre

ssio

n

iRule

s

ASIC FPGA FPGA CPUs

BIG-IP Access Policy Manager Identify, authenticate, and control user access to your applications

• Secure and accelerate application

access from any device and location

• Consolidate AAA and SSO services for

enterprise applications

• RDP, View, Citrix Xen Support

• Federate via SAML

Single Sign On

• Scalable SSL VPN w DTLS

• Advanced Endpoint checks

• BYOD: IOS, Win8, Android Support

Mobile User Access

Application Delivery Networking for Horizon Workspace 1.5

• F5 Networks LTM (Local Traffic Manager)

• Layer 4-7 Services

• Highly available Horizon Workspace environments

Application Delivery Networking for Horizon Workspace 1.5

• https://communities.vmware.com/docs/DOC-24577

• Document Written by Rasmus Jensen

• #EUC5238

• Shows how to use F5 to provide L4-7 traffic management in front of both the Workspace Gateway VAs, and the Connector VAs.

CAC in the Front, SAML in the back.

• Workflow of a connection

• F5 APM CAC Implementation

• F5 APM SAML Implementation

• F5 APM and Horizon Connector configurations

Demo Time

Questions, Answers, and Key Takeaways

THANK YOU

Secure Mobility - FIPS, CAC and Beyond

Paul Arnpriester, CDW Nonprofit

Glenn Exline, VMware

Paul Pindell, F5 Networks

Deepak Puri, VMware

EUC5196

#EUC5196