F5’s BIG-IP Access Policy Manager (APM) and SharePoint
F5 introduced Access Policy Manager for the BIG-IP Local Traffic Manager nearly a year ago. And as F5 often does with modules, they continue to add functionality with every release. This post takes a look at what is possible with APM in v10.2 and Microsoft SharePoint 2010.
What is APM?
In short, it adds secure access & authentication functionality to the core features already found on the BIG-IP.
APM allows you to authenticate users at the BIG-IP, before passing them onto the resource(s) they are requesting. Beyond authentication, APM also provides a number of authorization & accounting (AAA) based tools, such as access policies, ACLs, SSO, endpoint checking, and more. Paired with a powerful Visual Policy Editor, iRules, and Active Directory/LDAP support, you have a very flexible AAA engine that makes securing access to your applications and networks much easier than before.
Does APM only provide secure access to web apps?
This is a common misperception that I wanted to clear up. APM supports all types of applications, web based or not, as well as general network access.
So what can I do with APM and SharePoint?
At its most basic, APM provides perimeter security by authenticating users before they are forwarded onto the SharePoint front ends. In effect, it ensures that only authenticated connections ever reach the SharePoint servers. For customers looking for more granular access control, APM can enforce a range of client side checks, such as antivirus/firewall/process checks, enforce ACLs, and use AD attributes to determine the level of access each user should have.
I plan on following this post up with some example configurations of APM and SharePoint 2010. Stay tuned!