cancel
Showing results for 
Search instead for 
Did you mean: 
PSilva
Community Manager
Community Manager

Today let’s look at how F5 BIGIP APM can consolidate, secure and federate all the core VDI gateways technology. For instance, if an organization decides move from one VDI technology to another or if you’re consolidating VDI technologies, BIG-IP can help.

On the BIG-IP we’ve set up three VDI environments. Microsoft RDS/RDP with a broker authentication server, VMware Horizon and Citrix XenApp. With only a corporate account, a user can authenticate to all of them as needed and access all available desktop content.

In this example, we connect to the BIG-IP APM. This is the default view.

0151T000003d76zQAA.png

And here we’ve put some advanced security fields like OTP or multifactor authentication for instance.

0151T000003d770QAA.png

So here we’d use our username and password and for additional security we'll choose a secondary grid. By default, a grid is not generally available from any of the VDI vendors. When we select grid, BIG-IP APM will present a grid for a PIN entry. This is provided through a partnership with Gemalto. BIG-IP is connecting to Gemalto servers to present the grid to the user. We then enter our confidential PIN.

0151T000003d771QAA.png

Upon auth, we’re presented with our BIG-IP APM Webtop and BIG-IP did the necessary single sign on for all the VDI technologies and environments assigned to us.

0151T000003d772QAA.png

With a single, multifactor authentication we’re able to gain access to our federated BIG-IP Webtop and select the specific VDI resource we need.

From an administrative view, here is the full Visual Policy Editor (VPE) for the overall solution. This also shows where the OTP/Grid is if you follow the Host FQDN path.

0151T000003d773QAA.png

0151T000003d774QAA.png

And here are the specific inspections and criteria for the VDI scenario. You can see a path for each VDI vendor along with specific inspections and actions depending on the situation.

0151T000003d775QAA.png

Special thanks to F5 Sr. Security SE Matthieu Dierick for the explanation and you can watch the demo video.

ps

Comments
rob_carr
MVP
MVP

I like the content of the article, but the inline pictures need improvement. The webtop shot is too blurry and the text in the VPE is too small to read - even if I use the magnification option.

 

PSilva
Community Manager
Community Manager

Hi Rob~ I'll get some better/clearer images. You're right, the webtop one is a bit blurry.

 

Thanks for the note!

 

ps

 

PSilva
Community Manager
Community Manager

[Nov 22] Added/replaced some of the blurry images. Hope that's better. 🙂

 

Shingo
Cirrus
Cirrus

I am very interested in this solution.

 

How does APM display the PIN grid table on the login screen? How do you customize 'Logon page action'?

 

Matthieu_Dieric
F5 Employee
F5 Employee

Hi Shingo,

 

It is just a image based on an URL provided by Gemalto. So I modified the login page code in order to include this picture URL.

 

Gemalto provides with an How-to document explaining how to integrate the GRID in the APM logon page.

 

Shingo
Cirrus
Cirrus

Hi Matthieu,

 

Thank you. I found document.

 

https://www2.gemalto.com/sas/implementation-guides.html

 

link pdf

 

Version history
Last update:
‎14-Nov-2017 04:00
Updated by:
Contributors