Zero Trust building blocks - Leverage F5 NGINX Plus Single Sign-On (SSO) and F5 XC
As part of your organization journey to build a Zero Trust strategy with distributed Microservices, you would think of a light weight engine that allows to perform request authentication and authorization.
While keeping the continuous monitoring and the protection provided by F5 Distributed Cloud Web App & API Protection (WAAP), you can provide the authentication and authorization required to your microservices by implementing F5 NGINX Plus for Single Sign-On SSO.
In our article we will explore the path through previously created articles and how we can make use of it to achieve our organization strategy.
Deployment options
We have multiple deployment options to suit your needs, below are two examples:
- Using F5 Hybrid Security Architecture Article, there's more to follow on series-f5-hybrid-architecture.
- You can deploy and NGINX Plus instance in AWS and manually create an HTTP LoadBalancer in Distributed Cloud, F5 Distributed Cloud - Introduction to Deployment Models and Services.
SSO with NGINX Plus
Once you have completed your infrastructure deployment it's time to delpoy the Identity layer and this was discussed over hereEnhanced Modern Applications and MicroServices SSO with NGINX
Summary
In this article we utilized both Distributed Cloud WAAP and the NGINX Plus SSO feature to allow for continuous monitoring and protection for users traffic and maintaining authentication and authorization through our microservices deployment.
Related Content
- Deploy WAAP Anywhere with F5 Distributed Cloud
- How to get started with F5 Distributed Cloud Managed Services
- F5 Hybrid Security Architectures: One WAF Engine, Total Flexibility
- F5 Hybrid Security Architectures for DevSecOps: F5's Distributed Cloud WAF and BIG-IP Advanced WAF
- F5 Hybrid Security Architectures for DevSecOps: F5's Distributed Cloud WAF and NGINX App Protect WAF
- F5 Hybrid Security Architectures: F5 XC API Protection and NGINX Ingress Controller
- F5 Hybrid Security Architectures for DevSecOps: F5's Distributed Cloud WAAP Bot and DDoS Defense and BIG-IP Advanced WAF
- Installing NGINX Plus | NGINX Documentation
- Leveraging NGINX Plus for Modern Apps SSO
Published Jul 07, 2023
Version 1.0
momahdy
Employee
Employee- Nikoolayy1
MVP
I think it is better to install the Nginx in the RE or CE vk8s as shown here https://community.f5.com/t5/technical-articles/enable-saml-service-provider-on-f5-distributed-cloud-application/ta-p/316166 .
Maybe in the cases where Nginx is a ingress controller in a Amazon EKS then it is not in the CE/RE and the CE can also be a pod in the Amazon EKS. That will be an interesting article making the two pods (Nginx and CE) to work together as one will be the Ingress.
- momahdy
Thank you Nikoolay,
Yes, if there's ability to deploy it on RE/CE for sure that article would be the one to go with.The approach you described sounds very intersting as well
