BIG-IP APM: How to streamline your access requirements

Introduction

We will go through how BIG-IP Access Policy Manager (APM) helps your team streamline access solutions via different use cases

Access challenges

Access solutions are becoming more important, especially with the new emerging technologies. New technologies don't only introduce new functionalities, but introduce new access and identity vectors. 

We evolved from the direct Client > Server flow to a world of interconnected identities everywhere, 

The core of access still the same, 

  • How to Authenticate the client’s identity and provide the proper Authorization levels. 
  • How to validate the server’s identity is what it's claiming to be. 

Yet, the word "Identity" varies a lot depending on the access type, device, and function. Talking about identities needs dedicated articles, so let's focus back on our access solutions. 

 

 

Let's go through some of the new introduced access challenges, 🤔🤔

  • How do we protect against unauthorized access?  
  • How do we protect against compromised endpoints? 
  • How do we maintain high-performance and low latency across different regions while securing such critical access? 
  • How do we provide continuous monitoring and enforce organizational policies? 
  • How do we translate between modern and legacy access protocols to enhance security without compromising users’ experience?  

 

BIG-IP APM use cases

BIG-IP APM introduces a wide range of feature sets to solve access challenges. In this article, we will go through some of the common use cases to easily understand the features and their usage. 
The below graph shows an overview of three main use cases and the features that can be used to implement the use cases based on every organization’s needs. 

BIG-IP APM can handle both Per-session and Per-request flows, which gives enhanced granular access control covering different access needs. 

Listing the common use cases deployment,

  • Identity Aware Proxy,  
    • In which BIG-IP APM provides Zero Trust App access with wide range of functions integrated to deliver such use case. 
    • For this use case, BIG-IP APM makes use of the below but not limited to features.
    • Federation includes SAML, OAuth, and OIDC with different IDaaS providers: 
    • Microsoft EntraID, Okta, Ping, Duo, and others. 
    • Authentication via Active Directory, LDAP, and password-less methods.    
    • Single Sign-On using password and password-less methods.  
    • Multifactor authentication methods integrating with different 3rd parties (Duo, etc…).  
    • Endpoint inspection to ensure endpoint compliance.  
    • Per-session, and Per-request policies implementation to ensure granular and continuous monitoring.  
  • Remote access (VPN), 
    • BIG-IP APM acts as a VPN concentrator, supporting different types of remote access implementations. 
    • BIG-IP APM makes use of the same APM edge client, reducing the administration overhead required.  
    • It supports endpoint inspection. 
    • It supports creating machine tunnels that auto-create the VPN session with endpoints allowing for machines to connect VPN without user interaction.  
    • It supports a variety of authentication, SSO, and MFA protocols.  
  • Virtualized Desktop Infrastructure (VDI)
    • BIG-IP APM supports integrating with different VDI solutions, Microsoft, VMware, and Citrix. 
    • It enables unifying access to the different VDI components, which enhances user experience and eases the security requirements for the VDI deployment. 
    • It enabled identity-aware VDI access security and visibility. 

Conclusion

This article, as well as the provided resources will give more insights on deploying BIG-IP APM use cases supporting a variety of Authentication, Federation, SSO, and MFA protocols. In addition to the 3rd party integrations allowing for wider ecosystem feeds to enable enhanced identity-aware enforcement.  


Related Content

Published May 08, 2025
Version 1.0
application delivery
cloud
security
Verified Designs
No CommentsBe the first to comment