Offloading Remote Authentication for Servers

Most computers use Identification-Authentication-Authorization to protect access to sensitive operations, applications, and data. However, managing authentication individually across applications is costly and top-level authentication enforcement consumes server cycles that could be used elsewhere. Also, configuring authentication for thousands of users is potentially error prone causing user frustration, lost productivity, lost revenue, or even unauthorized access. This paper introduces F5's Advanced Client Authentication software module for use with the BIG-IP Local Traffic Manager that provides client authentication of HTTP and other traffic types for a variety of authentication schemes, including LDAP, Radius, TACAS, SSL, and OCSP. This authentication framework gives the flexibility to use the authentication scheme that best fits user needs, with the ability to quickly change and deploy new authentication schemes as required. This design not only stops unwanted traffic before it reaches the servers and applications, but it also reduces TCO by centralizing application authentication to a single authentication cache to reduce administrative burden, latency, and minimize configuration errors. It also increases server capacity by offloading authentication processing, including authentication of SSL certificates and reduces test and development efforts for web applications because the entire authentication is done at the BIG-IP. Using the BIG-IP, can thus, also load balance authentication servers to continuously protect network and application infrastructure.