Secure Extranet with Equinix Fabric and F5 Distributed Cloud

Why: The Challenge of Building a Secure Extranet

Establishing a secure extranet that spans multiple clouds, partners, and enterprise locations is inherently complex. Organizations face several persistent challenges:

• Technology Fragmentation: Different clouds, vendors, and networking stacks introduce inconsistency and integration friction.
• Endpoint Proliferation: Each new partner or cloud region adds more endpoints to secure and manage.
• Configuration Drift: Manual or siloed configurations across environments increase the risk of misalignment and security gaps.
• Security Exposure: Without centralized control, enforcing consistent policies across environments is difficult, increasing the attack surface.
• Operational Overhead: Managing disparate systems and connections strains NetOps, DevOps, and SecOps teams.

These challenges make it difficult to scale securely and efficiently, especially when onboarding new partners or deploying applications globally.

 

What: A Unified, Secure, and Scalable Extranet Solution

The joint solution from F5 and Equinix addresses these challenges by combining:

• F5® Distributed Cloud Customer Edge (CE): A virtualized network and security node deployed via Equinix Network Edge.
• Equinix Fabric®: A software-defined interconnection platform that provides private, high-performance connectivity between clouds, partners, and enterprise locations.

Together, they create a strategic point of control at the edge of your enterprise network. This enables secure, scalable, and policy-driven connectivity across hybrid and multi-cloud environments.

This solution:

• Simplifies deployment by eliminating physical infrastructure dependencies.
• Centralizes policy enforcement across all connected environments.
• Accelerates partner onboarding with pre-integrated, software-defined connectors.
• Reduces risk by isolating traffic and enforcing consistent security policies.

 

How: Architectural Overview

At the heart of the architecture is the F5 Distributed Cloud CE, deployed as a virtual network function (VNF) on Equinix Network Edge. This CE:

• Acts as a gateway node for each location (cloud, data center, or partner site).
• Connects to other CEs via F5’s global private backbone, forming a secure service mesh.
• Integrates with F5 Distributed Cloud Console for centralized orchestration, visibility, and policy management.

The CE node(s) are interconnected to partners, vendors, etc. using Equinix Fabric, which provides:

• Private, low-latency interconnects to major cloud providers (AWS, Azure, GCP, OCI).
• Software-defined routing via Fabric Cloud Router.
• Tier-1 internet access for hybrid workloads.

This architecture enables a hub-and-spoke or full-mesh extranet topology, depending on business needs.

 

Key Tenets of the Solution

1. Strategic Point of Control
   The CE becomes the enforcement point for traffic inspection, segmentation, and policy enforcement—across all clouds and partners.
2. Unified Management
   F5 Distributed Cloud Console provides a single pane of glass for managing networking, security, and application delivery policies.
3. Zero-Trust Connectivity
   Built-in support for mutual TLS, IPsec, and SSL tunnels ensures encrypted, authenticated communication between nodes.
4. Rapid Partner Onboarding
   Equinix’s Fabric and F5 CE connectors allow new partners to be onboarded in minutes, not weeks.
5. Operational Efficiency
   Automation hooks (GitOps, Terraform, APIs) reduce manual effort and configuration drift.
6. Private interconnects and regional CE deployments help meet regulatory requirements.

 

Additional Links

• F5 and Equinix Partnership
• The Business Partner Exchange - An F5 Distributed Cloud Services Demonstration
• Equinix Fabric Overview
• Additional Equinix and F5 partner information