F5 APM and Okta Integration

I’m happy to announce the F5 APM and Okta integration guide has been published on Okta’s website.  I’ve been playing with this solution for the past 4 months and I have to say it’s pretty cool.  F5 Access Policy Manager and Okta complement each other well and provide customers a solution to address identity, access and single sign-on for cloud and on-premises applications regardless of their authentication requirements.

In this integration guide F5 and Okta focus on single sign-on capabilities for on-premises legacy applications that cannot consume a SAML or Claim assertion.  For these legacy applications you can leverage F5’s Access Policy Manger to perform Kerberos Constrained Delegation or Header authentication.

I deviated from the deployment guide and used APM’s per-request policy engine to insert the header versus the iRule.  I prefer this method as it is easier for people new to F5 and it will survive future upgrades.

I’ve provided a video demo below:

Easily Copy an ISO to Multiple BIG-IPs

With 12.1 dropping yesterday I have multiple BIG-IPs I need to upgrade in my lab environment.  In the lab we have a CIFS share that stores the ISOs so I can upload the 12.1 ISO to each F5 from that filer with the following command.

mkdir /tmp/iso
mount -t cifs -o username=user,password=user //10.1.1.254/ISO /tmp/iso/
rsync --progress -a /tmp/iso/F5/12/BIGIP-12.1.0.0.0.1434.iso /shared/images/

You could also remove the BIGIP-12.1.0.0.0.1434.iso on the rsync command and it would copy all ISOs to the BIG-IP.  This could easily be added to a crontab to make your life easier.

Collaborate in the Cloud

SaaS/PaaS conversations are coming up more and more in my customer meetings. I think it is important to understand the difference between authentication and authorization and what fits a cloud model and what does not. This post does a great job of outlining some of the strengths F5 Access Policy Manager provides in regards to authentication as well as APM’s ability to help you consolidate solutions/infrastructure.

psilva's prophecies

Employee collaboration and access to communication tools are essential for workplace productivity. Organizations are increasing their use of Microsoft Office 365, a subscription-based service that provides hosted versions of familiar Microsoft applications. Most businesses choose Exchange Online as the first app in Office 365 they adopt.

The challenge with any SaaS application such as Office 365 is that user authentication is usually handled by the application itself, so user credentials are typically stored and managed in the cloud by the provider. The challenge for IT is to properly authenticate the employee (whether located inside or outside the corporate network) to a highly available identity provider (such as Active Directory).

Authentication without complexity

DIAG-PMAP-AVAIL-24708-app-avail-between-hybrid-data-centers

Even though Office 365 runs in a Microsoft-hosted cloud environment, user authentication and authorization are often accomplished by federating on premises Active Directory with Office 365. Organizations subscribing to Office 365 may deploy Active Directory Federation Services (ADFS)…

View original post 757 more words

A Living Architecture

Great overview of F5’s GTM capabilities. If you still think all we do is load balancing you’re missing all the cool stuff!

psilva's prophecies

You often hear people say, ‘oh, this is a living document,’ to indicate that the information is continually updated or edited to reflect changes that may occur during the life of the document. Your infrastructure is also living and dynamic. You make changes, updates or upgrades to address the ever changing requirements of your employees, web visitors, customers, partners, networks, applications and anything else tied to your systems.

This is also true for F5’s Reference Architectures. They too are living architectures.

F5’s Reference Architectures are the proof-points or customer scenarios that drive Synthesis to your data center and beyond.

When we initially built out these RA’s, we knew that they’d be continuously updated to not only reflect new BIG-IP functionality but also show new solutions to the changing challenges IT faces daily. We’ve recently updated the Intelligent DNS Scale Reference Architecture to include more security (DNSSEC) and to…

View original post 451 more words