vmworld 2013: secure mobility - fips, cac and beyond
TRANSCRIPT
Secure Mobility - FIPS, CAC and Beyond
Paul Arnpriester, CDW Nonprofit
Glenn Exline, VMware
Paul Pindell, F5 Networks
Deepak Puri, VMware
EUC5196
#EUC5196
Today’s Agenda
• VMware Horizon Suite Overview
• Federal / Nonprofit and other highly security conscious customers concerns
• FIPS, CAC, and Smart Card requirements
• How F5 Access Policy Manager can secure Horizon Workspace and provide a FIPS and CAC Compliant solution
Centralized layered image management
for local deployment
Multi-device workspace for IT services
HORIZON SUITE The platform for workforce mobility
Horizon
View
Horizon
Mirage
Horizon
Workspace Complete desktop and application
virtualization
NEW
v5.2 NEW
v4.0
NEW
v1.0
F5 + HORIZON SUITE
Support for VMware validated solutions
Mobile Secure Desktop
Business Process Desktop
AlwaysOn Desktop
Branch Office Desktop
Unique F5 solutions
PCoIP Proxy
Single Namespace
Username Persistence
Intelligent traffic management and security
Local and global traffic management
Multi-site and multi-pod deployments
Access management and data center firewall
Horizon View
Intelligent Services
Framework
Secure • Fast • Available
Anywhere, any
service, any device
Intelligent Dynamic, agile,
adaptive
Horizon Mirage
Horizon Workspace
VM
VDI
VMware Horizon Workspace
Broker: Manage & secure
centrally and broker services to
your
workforce by policy
Transform: Transform
desktops, diverse apps and
data into centralized services
Deliver: Empower your
workforce
with flexible access across
devices, locations and
connectivity
Control & Governance Is More Challenging
People you employ
Using a network you
own to connect to…
Using software you own
on a Windows desktop
you own
An application you own,
running on a server you
own
Apps live in many
clouds and are easily
procured without IT
Always connected, via
3G, 4G and public or
personal wifi
Non-owned devices and
multiple non-Windows
OSs
Employees, contractors
outsourcers, partners
citizens, students
Encryption & Authentication
The [FIPS 140-2] standard specifies the security requirements that
must be satisfied by a cryptographic module utilized within a
security system that protects unclassified information within
computer and telecommunication systems including voice
systems. The standard provides four increasing, qualitative levels
of security: Level 1, Level 2, Level 3, and Level 4.
Source : Google
How F5 Access Policy Manager can secure Horizon Workspace and provide a FIPS and CAC Compliant solution
• Introduction to F5 Networks
• Introduction to F5 Access Policy Manager (APM)
F5 and VMware
A long-standing strategic partnership
VMware named F5
‘Global Technology Innovator Partner
of the Year’ (2011)
F5 was key launch partner for
VMware Ready for
Networking
and Security
Program
Across all
major VMware
solutions
and F5 products
Coordinated
back-end
customer
support
76% Market Share
60% Market Still
Untouched
$40 BILLION Market
Capitalization $4.2
BILLION Annual Sales
Traffic Management Operating System
01010101010101010101010101
Sw
itch
Fa
bric
Hig
h S
pee
d B
ridg
e
01010101010101010101010101
Dis
ag
gre
ga
tor
Sw
itch
Fa
bric
Hig
h S
pee
d B
ridg
e
TM Microkernel
TM Microkernel
TM Microkernel
TM Microkernel
Dis
ag
gre
ga
tor
L2 - L4 Hardware L5 - L7 Software L2 - L4 Hardware
TCP
Proxy Server side connection Client side connection
TMM
SS
L O
fflo
ad
Rate
Shap
ing
Web
Cachin
g
HT
TP
Pro
xy
TC
P E
xpre
ss
Clie
nt A
uth
OneC
onn
ect
Serv
er
Mon
ito
r
Lo
ad
Bala
nce
TC
P E
xpre
ss
Com
pre
ssio
n
iRule
s
ASIC FPGA FPGA CPUs
BIG-IP Access Policy Manager Identify, authenticate, and control user access to your applications
• Secure and accelerate application
access from any device and location
• Consolidate AAA and SSO services for
enterprise applications
• RDP, View, Citrix Xen Support
• Federate via SAML
Single Sign On
• Scalable SSL VPN w DTLS
• Advanced Endpoint checks
• BYOD: IOS, Win8, Android Support
Mobile User Access
Application Delivery Networking for Horizon Workspace 1.5
• F5 Networks LTM (Local Traffic Manager)
• Layer 4-7 Services
• Highly available Horizon Workspace environments
Application Delivery Networking for Horizon Workspace 1.5
• https://communities.vmware.com/docs/DOC-24577
• Document Written by Rasmus Jensen
• #EUC5238
• Shows how to use F5 to provide L4-7 traffic management in front of both the Workspace Gateway VAs, and the Connector VAs.
CAC in the Front, SAML in the back.
• Workflow of a connection
• F5 APM CAC Implementation
• F5 APM SAML Implementation
• F5 APM and Horizon Connector configurations
Demo Time
Questions, Answers, and Key Takeaways
THANK YOU
Secure Mobility - FIPS, CAC and Beyond
Paul Arnpriester, CDW Nonprofit
Glenn Exline, VMware
Paul Pindell, F5 Networks
Deepak Puri, VMware
EUC5196
#EUC5196