Miele now deploys solutions from F5 in two areas: as a reverse proxy and web application firewall, which provides additional protection of web applications. They offer flexible options for integration into existing systems, current features, and system management from a single source.
As business-to-consumer (B2C) shops for consumers are a popular target for cyber-attacks, Miele decided to increase the safety by means of an additional web application firewall. The reason being that the existing components for the integration and protection of web applications were no longer able to meet current and future requirements.
The new reverse proxy should integrate a range of business-to-business (B2B) applications for partners. This includes a pre-authentication vis-à-vis multiple Active Directory domain in combination with single sign-on (i.e. a uniform sign-on process).
A holistic solution comprising three modules
“F5 convinced us with an integrated solution consisting of high-performance modules,” explains Michael Hüttenhölscher, Head of Data Center Infrastructure at Miele & Cie. KG. “It includes the BIG-IP Local Traffic Manager, Access Policy Manager, and Application Security Manager. There is no other solution that is so flexible and well-integrated into complex web application scenarios.”
The BIG-IP Local Traffic Manager (LTM) enables a far-reaching comprehension of the application data traffic in the network, as well as the control over how to handle it. It transforms the volume of network traffic into a logically aggregated data streams, then makes intelligent decisions to ensure the correct destinations based on server performance, security, and availability.
As BIG-IP LTM is a complete proxy in the network, it is possible to analyse and manage inbound and outbound data traffic. From the underlying load balancing to complex traffic management, it offers granular control over the application data traffic based on the client, server, or application status. It was particularly crucial to Miele that LTM is delivered with the iRule scripting feature. It ensures maximum flexibility when integrating different web applications in a portal.
Users of online shops expect easy access, anytime and anywhere, to the applications and data they need – regardless of whether these resources are located in a data centre, the cloud, a SaaS or a hybrid environment. The BIG-IP Access Policy Manager (APM) secures, simplifies and protects user access to applications and data in a context-sensitive manner. It thereby provides a highly scalable access gateway. APM integrates almost perfectly in the Active Directory of Miele. It also offers all functions required for the desired SAML-based authentication.
Potential threats to applications and data are constantly on the increase. They need to be identified and averted without compromising application performance. The BIG-IP Application Security Manager (ASM) provides protection against sophisticated, complex threats with a security efficiency rate of 99.89 percent. At the same time, the application performance is maintained by way of the SSL application swapping and the prevention of caching of malicious content.
“As a web application firewall, ASM integrates well into our overall solution,” adds Marco Horner, Head of Network Infrastructure. “On the one hand, it reduces complexity; on the other hand, it enables detailed control of the data flow with the help of the LTM iRules.”
Step-by-step implementation
As an IT service provider for the implementation, Miele chose Telonic GmbH from Cologne. Since their founding in 1979, they have strived for the utmost level of quality, reliability, ease of management, and ability to future-proof their installations at companies and organisations in a wide range of industries. Independent of sales volume and staff size, clients of the 24/7 support include global corporations and SMBs. Together with Miele, Telonic took part in the basic implementation of the BIG-IP. Furthermore, the service provider trained Miele staff members in working with LTM and ASM.
“The previous reverse proxy was gradually migrated.” relates Michael Hüttenhölscher. “LTM and APM thereby proved to be extremely flexible modules, but they require a bit more complex handling. In contrast, the configuration and activation of ASM was a simple, easily-managed iterative process. After going live, the entire solution worked reliably and without unpleasant surprises right from the first day.”
Numerous advantages
At Miele, F5 proved to be a flexible and future-proof “all-in-one” solution for integrating and protecting web applications with a highly-efficient application firewall.
“The interaction with customers and partners is increasingly reliant on web-based applications,” explains Fritz Fronemann, Service Responsible for Web Infrastructure. “Some applications do not expeditiously receive relevant patches. In this case, the web application firewall offers a viable auxiliary solution. It also staves off the intrusion attack traffic from the applications. This has significantly increased our level of security.”
BIG-IP also integrates web applications in a supremely flexible way. Today, there are around 20 different B2B web applications integrated into a portal application. Miele now uses one login to APM, whereby all applications receive a corresponding token for single sign-on. However, the applications respond distinctively to different HTTP headers and LTM can compensate for these differences. In addition, APM can integrate different Active Directory domains, even if they do not present trust certificates.
“On top of that we get stable around-the-clock service and system management from a single source,” adds Fritz Fronemann. “This way our administrators benefit from the good manageability and easy maintenance. Consequently, our IT management BIG-IP represents a reliable and scalable platform for the future.”
www.miele.com
www.f5.com