Back to all videos

KASM Workspaces Integration with F5 BIG-IP Access Policy Manager (APM)

By F5 DevCentral Community

Network SecurityApplication DeliveryVirtualization InfrastructureCloud Access
Share:

Key Concepts

  • Chasm Workspaces: A platform for delivering applications to users.
  • F5 BIG-IP Access Policy Manager (APM): A security solution for controlling access to applications.
  • Virtual Server: A representation of a service on the F5 BIG-IP, acting as the entry point for user traffic.
  • Pool: A group of servers that provide a service.
  • HTTP Monitor: A health check mechanism to verify the availability of servers in a pool.
  • Source Address Translation (SAT): A network address translation technique used to map source IP addresses.
  • SSL Decryption: The process of decrypting SSL/TLS traffic on the F5 BIG-IP for inspection and policy enforcement.
  • HTTP Profile: Configuration settings for handling HTTP traffic on the F5 BIG-IP.
  • SSL Profile (Client/Server): Configuration settings for handling SSL/TLS encryption/decryption on the F5 BIG-IP.

Integrating Chasm Workspaces with F5 BIG-IP Access Policy Manager

This demonstration details the manual configuration of an integration between Chasm Workspaces and an F5 BIG-IP Access Policy Manager (APM) using a virtual server approach, referencing a related article focusing on FAST templates. The goal is to enable secure access to Chasm-hosted applications through the F5 BIG-IP.

1. Health Monitoring Configuration

The initial step involves creating an HTTP monitor to assess the health of the Chasm server.

  • Monitor Name: "HTTP"
  • Type: HTTP
  • HTTP Request: Defined based on Chasm’s health check requirements.
  • Expected Response: "OK"
  • Reverse: Enabled.

This monitor is crucial for ensuring traffic is only directed to healthy Chasm servers.

2. Pool Creation & Member Addition

A pool named "chasm pool" is created to group the Chasm server(s).

  • Health Monitor: The previously created "HTTP" monitor is assigned to the pool.
  • Member Server: The Chasm server’s IP address (10.1.20.23) is added as a member of the pool. This IP address was confirmed within the Chasm dashboard.

The pool acts as a logical grouping for load balancing and failover purposes.

3. Virtual Server Configuration

A virtual server, named "Chasm virtual server," is configured to act as the entry point for user traffic.

  • Type: Standard
  • Destination: An IP address is specified for the listener on the BIG-IP.
  • Port: 443 (HTTPS)
  • Source Address Translation (SAT): Set to "Auto Map" to handle address translation between the client and the Chasm server.
  • Default Pool: The "chasm pool" is assigned as the default pool for the virtual server. The successful health check is indicated by a green status.

This virtual server receives incoming requests and directs them to the Chasm server(s) within the designated pool.

4. Chasm Workspace Setup

The demonstration highlights the Chasm Workspace environment.

  • Infrastructure: A zone is configured within Chasm, utilizing default settings.
  • Workspaces: A workspace is configured containing four applications. Users logging into the Chasm workspace are presented with a dashboard allowing them to launch these applications.

The Chasm workspace provides the application delivery platform that the F5 BIG-IP is securing access to.

5. Testing the Integration

The integration is tested by connecting to the Chasm workspace through the F5 BIG-IP.

  • User Login: The demonstration uses "user 2" to log into the Chasm workspace.
  • Application Launch: Firefox is launched from within the Chasm workspace.
  • Verification: Traffic originating from the browser within Chasm is routed through the F5 BIG-IP, as evidenced by the destination being f5.com, but running on the Chasm server.

This confirms that the F5 BIG-IP is successfully intercepting and forwarding traffic to the Chasm server.

6. Enabling SSL Decryption

To gain full control over authentication and policy enforcement, SSL decryption is enabled on the F5 BIG-IP.

  • HTTP Profile: Set to HTTP.
  • Server Side HTTP Profile: Also set to HTTP.
  • SSL Profiles: Client and Server SSL profiles are added to the virtual server.

This allows the F5 BIG-IP to decrypt incoming SSL traffic, inspect it, and apply security policies before forwarding it to the Chasm server.

Synthesis/Conclusion

This demonstration provides a step-by-step guide to integrating Chasm Workspaces with F5 BIG-IP APM using a virtual server configuration. The key takeaways are the importance of configuring a health monitor, creating a pool with the Chasm server as a member, and setting up a virtual server with appropriate source address translation and SSL decryption settings. This integration allows organizations to leverage the security features of the F5 BIG-IP to protect access to applications delivered through Chasm Workspaces, providing centralized control over authentication, authorization, and policy enforcement. The manual configuration approach detailed here offers flexibility and control, although the referenced article suggests FAST templates as an alternative method.

Chat with this Video

AI-Powered

Hi! I can answer questions about this video "KASM Workspaces Integration with F5 BIG-IP Access Policy Manager (APM)". What would you like to know?

Chat is based on the transcript of this video and may not be 100% accurate.

Related Videos

Ready to summarize another video?

Summarize YouTube Video