Forum Discussion

Nfordhk_66801's avatar
Icon for Nimbostratus rankNimbostratus
Feb 19, 2015

Using APM to secure VS by machine name



We are attempting to meet compliance standards and determine a way to secure access to our Virtual Servers. Short of ACLs due to our IP design based on geographic rather than departments in our company, this would cause us to do a complete redesign and be a administrative nightmare. We determined the next best solution would be to utilize the APM. These servers sit directly behind the F5.


Our only requirement is: We must secure access based on machine name (rather than user)


How we had plan to do this was the following: Utilizing our PKI, deploy certificates based on machine name. Then, query AD utilizing the machine name to determine if you're allowed access.


We've been able to create a certificate and use the module Machine Cert Auth to accomplish the first part. The part we're having extreme trouble with is performing a query based on machine name with AD.


My main concern is, how does the F5 gather the machine name to perform this lookup? The cert contains the machine name, it's almost as if we could develop an iRule to strip from the cert that would work (above my head). Also, I know F5 hows this edge client that maybe we could deploy to gather this info to perform the lookup.


I'd really appreciate any feedback on our current design OR any ideas for alternate solutions utilizing the F5.