VMworld 2013: Secure Mobility - FIPS, CAC and Beyond
0 likes553 views
The document discusses secure mobility solutions focusing on FIPS and CAC compliance for federal and nonprofit sectors, highlighting the VMware Horizon Suite and its integration with F5 Networks' Access Policy Manager. It emphasizes centralized management and security for diverse applications and devices, and outlines various security levels as per FIPS 140-2 standards. Additionally, it reviews F5's role in application delivery networking and the strategic partnership with VMware to enhance security and user access across multiple platforms.
![Encryption & Authentication
The [FIPS 140-2] standard specifies the security requirements that
must be satisfied by a cryptographic module utilized within a
security system that protects unclassified information within
computer and telecommunication systems including voice
systems. The standard provides four increasing, qualitative levels
of security: Level 1, Level 2, Level 3, and Level 4.](https://image.slidesharecdn.com/euc5196formattedv3-140612182159-phpapp01/85/VMworld-2013-Secure-Mobility-FIPS-CAC-and-Beyond-6-320.jpg)
VMworld 2013: Secure Mobility - FIPS, CAC and Beyond
- 1. Secure Mobility - FIPS, CAC and Beyond Paul Arnpriester, CDW Nonprofit Glenn Exline, VMware Paul Pindell, F5 Networks Deepak Puri, VMware EUC5196 #EUC5196
- 2. Today’s Agenda • VMware Horizon Suite Overview • Federal / Nonprofit and other highly security conscious customers concerns • FIPS, CAC, and Smart Card requirements • How F5 Access Policy Manager can secure Horizon Workspace and provide a FIPS and CAC Compliant solution
- 3. Centralized layered image management for local deployment Multi-device workspace for IT services HORIZON SUITE The platform for workforce mobility Horizon View Horizon Mirage Horizon Workspace Complete desktop and application virtualization NEW v5.2 NEW v4.0 NEW v1.0 F5 + HORIZON SUITE Support for VMware validated solutions Mobile Secure Desktop Business Process Desktop AlwaysOn Desktop Branch Office Desktop Unique F5 solutions PCoIP Proxy Single Namespace Username Persistence Intelligent traffic management and security Local and global traffic management Multi-site and multi-pod deployments Access management and data center firewall Horizon View Intelligent Services Framework Secure • Fast • Available Anywhere, any service, any device Intelligent Dynamic, agile, adaptive Horizon Mirage Horizon Workspace VM VDI
- 4. VMware Horizon Workspace Broker: Manage & secure centrally and broker services to your workforce by policy Transform: Transform desktops, diverse apps and data into centralized services Deliver: Empower your workforce with flexible access across devices, locations and connectivity
- 5. Control & Governance Is More Challenging People you employ Using a network you own to connect to… Using software you own on a Windows desktop you own An application you own, running on a server you own Apps live in many clouds and are easily procured without IT Always connected, via 3G, 4G and public or personal wifi Non-owned devices and multiple non-Windows OSs Employees, contractors outsourcers, partners citizens, students
- 6. Encryption & Authentication The [FIPS 140-2] standard specifies the security requirements that must be satisfied by a cryptographic module utilized within a security system that protects unclassified information within computer and telecommunication systems including voice systems. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4.
- 8. How F5 Access Policy Manager can secure Horizon Workspace and provide a FIPS and CAC Compliant solution • Introduction to F5 Networks • Introduction to F5 Access Policy Manager (APM)
- 9. F5 and VMware A long-standing strategic partnership VMware named F5 ‘Global Technology Innovator Partner of the Year’ (2011) F5 was key launch partner for VMware Ready for Networking and Security Program Across all major VMware solutions and F5 products Coordinated back-end customer support 76% Market Share 60% Market Still Untouched $40 BILLION Market Capitalization $4.2 BILLION Annual Sales
- 10. Traffic Management Operating System 01010101010101010101010101 SwitchFabric HighSpeedBridge 01010101010101010101010101 Disaggregator SwitchFabric HighSpeedBridge TM Microkernel TM Microkernel TM Microkernel TM Microkernel Disaggregator L2 - L4 Hardware L5 - L7 Software L2 - L4 Hardware TCP Proxy Server side connectionClient side connection TMM SSLOffload RateShaping WebCaching HTTPProxy TCPExpress ClientAuth OneConnect ServerMonitor LoadBalance TCPExpress Compression iRules ASIC FPGA FPGA CPUs
- 11. BIG-IP Access Policy Manager Identify, authenticate, and control user access to your applications • Secure and accelerate application access from any device and location • Consolidate AAA and SSO services for enterprise applications • RDP, View, Citrix Xen Support • Federate via SAML Single Sign On • Scalable SSL VPN w DTLS • Advanced Endpoint checks • BYOD: IOS, Win8, Android Support Mobile User Access
- 12. Application Delivery Networking for Horizon Workspace 1.5 • F5 Networks LTM (Local Traffic Manager) • Layer 4-7 Services • Highly available Horizon Workspace environments
- 13. Application Delivery Networking for Horizon Workspace 1.5 • https://communities.vmware.com/docs/DOC- 24577 • Document Written by Rasmus Jensen • #EUC5238 • Shows how to use F5 to provide L4-7 traffic management in front of both the Workspace Gateway VAs, and the Connector VAs.
- 15. CAC in the Front, SAML in the back. • Workflow of a connection • F5 APM CAC Implementation • F5 APM SAML Implementation • F5 APM and Horizon Connector configurations
- 18. Demo Time
- 20. Questions, Answers, and Key Takeaways
- 22. THANK YOU
- 24. Secure Mobility - FIPS, CAC and Beyond Paul Arnpriester, CDW Nonprofit Glenn Exline, VMware Paul Pindell, F5 Networks Deepak Puri, VMware EUC5196 #EUC5196