Transcription
Delivering ModernApps with Zero TrustBILL CHURCHCTO - F5 GOVERNMENT SOLUTIONS
Better Value, Sooner,Safer, Happier- JON SMART – SOONER SAFER HAPPIER2 2020 F5
SecDevOps
- Gene Kim and External POV: The State of DevOpsNGINX Sprint 2020
Zero Trust DevSecOpsExecutive Order on Improving the Nations t of Defense (DOD) Zero Trust Reference Documents/Library/(U)ZT RA v1.1(U) Mar21.pdfNIST SP800-207 - Zero Trust ail/sp/800-207/finalNIST SP 800-206 - Annual Report 2018: NIST/ITL Cybersecurity p/800-206/finalNIST SP 800-204B - Attribute-based Access Control for Microservices-based Applications using a Service 00-204b/draftNIST SP 800-204A - Building Secure Microservices-based Applications Using Service-Mesh ail/sp/800-204a/finalNIST SP 800-204 - Security Strategies for Microservices-based Application p/800-204/final5 2020 F5
Today’s Architectures Are a Complex Patchwork of ToolsMONOLOTHIC APPSMgr.WebMICROSERVICES oSDNSCDNRPMSCUSTOMERSPMSKICSPMSSP9 2020 F5Mgr.AppSPCODEMgr.MS
Together F5 and NGINX Simplify Your EnvironmentNGINX ControllerF5 BIG IQMONOLOTHIC APPSMgr.NGINX PlusWeb serverWebNGINX UnitApp serverAppL7LBCODE10 2020 F5MICROSERVICES APPSSPMSNGINX PlusK8s ICSPMSKICSPMSNGINX PlusSidecar proxy SPMSNGINX PlusReverse proxyL4-7 LBAPI gatewayPer-app WAFWAFF5 BIG IPLocal L4-7 LBGlobal L4-7 LBSSL offloadAdvanced WAFAccess mgmt.L4 firewallSSL orchestrationAnti-DDoSBot detectionCGNATDNSShape & VolterraDNSDDoSWAFNGINX Plus CDNCUSTOMER
NGINX Plus Drives Use Case Consolidation{} ️ Software ADCAPI gateway highperformancereverse proxy,load balancing microservicesand modernapplicationrouting11 2020 F5WAF /Securitygateway SSL/TLS,backendprotection, rastructure automationintegration forrapid change portable stack forany platform Kubernetes,ingress, autoscalingCDN highperformancecaching proxy
NGINX in a Zero TrustArchitecture12 2020 F5
Logical Components of NIST Zero Trust ArchitecturePolicy EngineCDMSystemData ctivity Logs13 2020 F5SystemUntrustedPolicyEnforcementPoint (PEP)TrustedEnterpriseResourceSIEM System
NGINX Within NIST Zero Trust ArchitecturePolicy EngineIntegrable toMDMsCDMSystemFIPS HW/SW;integrable withHSMsIndustryComplianceIntegrable withthreat intel,Shape Device IDThreatIntelligencePolicyAdministrator14 2020 F5Activity LogsIntegrable withOpen PolicyAgentEnterprisePKITLS termination,Cert ess logsData tPoint (PEP)EnterpriseResourceIntegrable withmajor IDaaS(JWT, OIDC)Integrable withSIEM System SIEMs, F5 Cloud
F5 BIG IP Local L4-7 LB Global L4-7 LB SSL offload Advanced WAF Access mgmt. L4 firewall SSL orchestration Anti-DDoS Bot detection CGNAT NGINX Plus Reverse proxy L4-7 LB API gateway Per-app WAF NGINX Controller F5 BIG IQ NGINX Plus K8s IC NGINX Plus Sidecar proxy NGINX Plus Web server NGINX Unit Ap
