F5's Access Policy Manager the Access Proxy for Zero Trust Architectures
In my previous article titled 7 Steps for Successfully Implementing Zero Trust Architectures, I detailed how to get started on the journey of implementing Zero Trust Architectures. In that article, I pointed out 7 steps I felt were critical in effectively implementing a Zero Trust Architecture. One of the necessary steps was having a robust Access Proxy. This article will showcase F5’s robust Access Proxy. In a Zero Trust architecture the centralized control point for all clients and applications is the Access Proxy. At the Access Proxy we need to handle authentication, authorization, and centralized logging. This Access Proxy should interface with multiple systems for authentication, handling both multi factor authentication and Single Sign On (SSO) to relieve users of the burden of logging into multiple systems. This Access Proxy initially checks and continuously monitors devices for the required configuration. Finally, robust Access Proxy should be able to seamlessly integrate with third party solutions. F5’s Access Proxy is the Access Policy Manager (APM). APM is one of the best Access Proxy’s on the market. The following sections will highlight the versatility and ease that F5’s solution offers: Select Appropriate Configuration F5 released Access Guided Configurations to make it simple and intuitive. The image below illustrates all the guided configurations available at the time of this article. This article we will focus on the Zero Trust selection. Click the Zero Trust option Verify Required Configuration F5 will verify that basic configuration items required are present. If not, you will be guided through the steps. Here the base configuration is already in place. Select Appropriate Configuration Determine whether a single or multi proxy topology is required. You are presented a diagram and a description to help make the decision based on your requirements. Select Appropriate Configuration Object The next decision is the enabling/leaving unselected any of the following items based on how you decided to implement this solution. The user will be presented different options based on their previous selections. ● Device Posture ● MFA ● SSO ● Application Group ● Webtop Select Appropriate Authentication Properties Based on your environment you are offered the authentication type required and supported by APM. Select Appropriate MFA Properties - If Selected F5 has developed third party integrations based on demand from customers. This simplifies and streamlines the process. Review and Modify Session Management Variables F5 provides the opportunity to fine tune session variables before finalizing the configuration. The form has default values provided, if you are unsure. Review and Modify Final Deployment The final step in this Guide Configuration before deployment is reviewing and the ability to edit anything previously configured before deployment. Closing – As illustrated, F5’s APM solution deployed as an Identity Aware Proxy nicely fits in a Zero Trust Architecture. IAP is a single control point for all users and devices accessing your applications. IAP continuously monitors users and devices and applies access control policies as finely grained as you specify. It will handle SSO and MFA if configured. The APM has the ability to be configured to implement a per-request policy enforcement posture to better align with a Zero Trust Architecture. This article was not meant for a step by step guide to implement F5’s APM in a Zero Trust Architecture. This was to show the ease of deployment and how this implementation walks one through the setup. https://www.f5.com/company/blog/zero-trust-azure-active-directory-access-big-ip-apm For detailed steps I have linked several resources below. https://clouddocs.f5.com/training/community/access-solutions/ https://clouddocs.f5.com/training/community/iam/html/class2/class2.html #zerotrust #ZT #ZTA #ZTNA
