Welcome!

Weblogic Authors: Yeshim Deniz, Elizabeth White, Michael Meiner, Michael Bushong, Avi Rosenthal

Blog Feed Post

F5 Friday: Application Access Control - Code, Agent, or Proxy?

How about some integration, instead? A combined Oracle Access Manager and F5 BIG-IP Access Policy Manager solution is more scalable, more reliable, and easier to manage than any of the traditional three solutions.

 

f5friday

In the course of deploying applications it becomes necessary to ensure that only authenticated and authorized users have access to that application. Over time several solutions have been used to provide this capability, but each one comes with its own set of challenges. There is a fourth option, however, that’s arisen from understanding the limitations (and advantages) of each of the previous three options. That fourth option is more scalable, more reliable, and definitely easier to manage than previous incarnations.

APPLICATION ACCESS CONTROL: CODE

In the beginning, developers created web applications. And the users saw that it was good. But then it was decided that only certain people should have have access to those applications and developers had to figure out how to “authenticate” those people to the application. Oh, at first web applications used simple techniques like HTTP Basic Authentication, but the costs associated with managing both an internal directory of users and a second application access control store for each application got to be too much. So they found a way to use existing corporate identity stores to authenticate access through the applications. They wrote code specifically for the identity store right in the app. This, of course, eventually caused a great deal of consternation the first time an organization attempted to change identity store vendors. It also wasn’t very pleasant to contemplate an upgrade in the libraries that enabled that integration as they often deprecated or simply removed functions that caused the application to break or worse – to be completely without any kind of authentication whatsoever. It also didn’t lend itself well to single-sign on capabilities, which over time was becoming an increasingly heated demand from users.  image

APPLICATION ACCESS CONTROL: AGENT

So next came agents on servers. These little daemons were deployed on every web or application server and enabled applications to directly talk to existing corporate application access control directories, which meant eliminating a lot of waste (and code) used to enable the “code in the app” solution. Generally these agents were deployed at the application server level and managed “above” the application, so every application deployed in that container could take advantage of the solution without hard-wiring the solution into the code. The problem was you still had something to manage on every server on which the application was deployed, and as more and more solutions picked up the “agent-based” model there began to be conflicts between them. If you weren’t careful about managing and synchronizing the access control configuration, you could also run into some real fun when you tried to scale out the solution.

APPLICATION ACCESS CONTROL: PROXY 

So it was that specialized proxies came into existence. These solutions were deployed in front of web and application servers, inline, and intercepted all requests as a means to apply application access control in a centralized manner. These worked much better than their distributed predecessors, and offered the attractive lower cost of maintenance but at a price: they were not cheap. That became evident when such solutions attempted to scale out. Because they didn’t scale out well – they were, after all, a solution focused on providing application access control, not scalability or high-performance – you needed many more of them to keep up with application and user growth.

But what else is there?

THE FOURTH OPTION

The fourth option is one we’re now beginning to see emerge in the market: unified application delivery enabled with application access control capabilities and integrated with existing enterprise identity and access management stores, such as Oracle Access Manager, via open, standards-based APIs.

Oracle Access Manager allows users of your applications or IT systems to log in once and gain access to a broad range of IT resources. Oracle Access Manager provides an identity management and access control system that is shared by all your applications. The result is a centralized and automated single sign-on (SSO) solution for managing who has access to what information across your entire IT infrastructure. Oracle Access Manager is available as a stand-alone product or as part of Oracle's award-winning Oracle Identity & Access Management Suite.

-- Oracle

image

The fourth option is an evolutionary step that combines the benefits of a traditional proxy with those of a more scalable, high-performance application delivery platform that mitigates the challenges that came with pure specialized proxy solutions. By enabling a unified application delivery controller, F5 BIG-IP, with the ability to apply application access policies inline the solution resolves neatly the problems that have previously plagued the integration of application security and applications since the first centralized identity management store was introduced.

A combined F5-Oracle solution works seamlessly because BIG-IP Access Policy Manager is fully integrated via BIG-IP’s open, standards based API, iControl. It allows what is an existing strategic point of control – the component responsible for scaling and delivering applications – to extend its performance and reliability to application access control, enabling not only OAM Single Sign-On (SSO) functionality for end-users but also providing the ability to apply other application delivery network functionality such as web application security and acceleration simultaneously on a single, unified platform. This reduces management costs and eases scalability concerns as applications can be easily virtualized and scaled without sacrificing security, access control, or performance. All application delivery functions become the responsibility of BIG-IP which leverages the granular, application access security provided by Oracle Access Manager.

Unlike a specialized proxy, this solution also enables scalability of Oracle Access Manager, which makes it easy to scale your application access control solution along with your applications. You get scalability, security, and centralized management in a single, integrated solution.

For more information on the F5-Oracle solution for fast, scalable, flexible application access control, you can check out these resources:

pdf-icon

 Solution Overview

pdf-icon Deployment Guide

video_icon DevCentral Video

 

THE ORACLE-F5 CONNECTION

oralogo_small F5 and Oracle have been partners for a long time and work jointly not only on integration between products but to provide best practices for deploying F5 and Oracle solutions together. You may have heard of a little trade show called Oracle OpenWorld 2010? F5 will be in attendance and we’ve got some new solutions to show you specifically around scaling a product you might also have heard of about: Oracle Database. So if you’re attending, stop by the booth (#1427, Moscone South) and check it out.


Related blogs & articles:

Follow me on Twitter    View Lori's profile on SlideShare  friendfeed icon_facebook

AddThis Feed Button Bookmark and Share

Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.

@ThingsExpo Stories
SYS-CON Events announced today that Yuasa System will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Yuasa System is introducing a multi-purpose endurance testing system for flexible displays, OLED devices, flexible substrates, flat cables, and films in smartphones, wearables, automobiles, and healthcare.
SYS-CON Events announced today that CAST Software will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CAST was founded more than 25 years ago to make the invisible visible. Built around the idea that even the best analytics on the market still leave blind spots for technical teams looking to deliver better software and prevent outages, CAST provides the software intelligence that matter ...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japanese Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ruby Development Inc. builds new services in short period of time and provides a continuous support of those services based on Ruby on Rails. For more information, please visit https://github.com/RubyDevInc.
SYS-CON Events announced today that Evatronix will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Evatronix SA offers comprehensive solutions in the design and implementation of electronic systems, in CAD / CAM deployment, and also is a designer and manufacturer of advanced 3D scanners for professional applications.
As businesses evolve, they need technology that is simple to help them succeed today and flexible enough to help them build for tomorrow. Chrome is fit for the workplace of the future — providing a secure, consistent user experience across a range of devices that can be used anywhere. In her session at 21st Cloud Expo, Vidya Nagarajan, a Senior Product Manager at Google, will take a look at various options as to how ChromeOS can be leveraged to interact with people on the devices, and formats th...
SYS-CON Events announced today that Taica will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Taica manufacturers Alpha-GEL brand silicone components and materials, which maintain outstanding performance over a wide temperature range -40C to +200C. For more information, visit http://www.taica.co.jp/english/.
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...
SYS-CON Events announced today that TidalScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale is the leading provider of Software-Defined Servers that bring flexibility to modern data centers by right-sizing servers on the fly to fit any data set or workload. TidalScale’s award-winning inverse hypervisor technology combines multiple commodity servers (including their ass...
As popularity of the smart home is growing and continues to go mainstream, technological factors play a greater role. The IoT protocol houses the interoperability battery consumption, security, and configuration of a smart home device, and it can be difficult for companies to choose the right kind for their product. For both DIY and professionally installed smart homes, developers need to consider each of these elements for their product to be successful in the market and current smart homes.
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, will lead you through the exciting evolution of the cloud. He'll look at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering ...
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.