F5 BIG-IQ

F5 and Venafi offer an out-of-the-box, tightly integrated solution that enables BIG-IQ to automate and orchestrate keys and certificates to secure machine identities across BIG-IPs and prevent certificate-related downtime and outages.
Business Outcomes
  • Accelerate innovation and increase scalability through tight access control

  • Streamline operations by avoiding bottlenecks

  • Increase security by properly identifying all machine identities

  • Prevent downtime and outages caused by expired certificates

Integration Features
  • Create, renew & revoke machine identities directly from the BIG-IQ interface

  • Fully automate certificate renewal and provisioning to BIG-IP

Solution Overview

IT Managers that manually oversee more than a few BIG-IPs—physical or virtual—are at risk of creating a bottleneck that constrains application deployment. In today’s world of cloud applications, it is not uncommon to be tasked with managing thousands of systems and all their requisite administrative functions. In such an environment, manual oversight and orchestration of an ever-growing stable of managed devices is untenable.

F5 BIG-IQ Centralized Management offers organizations complete lifecycle management for BIG-IP application services and devices—enabling them to provide the availability, performance, and security necessary to achieve digital transformation goals. With BIG-IQ, enterprises can orchestrate and inject automation into the process of assigning and managing TLS keys with the Venafi Platform, removing the complexity of TLS key and certificate usage. 

Integrating the Venafi Platform into BIG-IQ enables you to automate the life cycle of certificates and keys across BIG-IP devices, avoiding any potential bottlenecks and greatly reducing the risk of human error. F5 and Venafi help you protect machine identities with continuous discovery and monitoring so you can easily and efficiently maintain a secure environment.

How-it-works

Traditionally, every time a new key pair and a Certificate Signing Request (CSR) were generated, someone would have to download the CSR, get it signed by a CA, and upload the resulting certificate—a process that could take minutes, hours, or even days depending on the workflow (and expertise) that was in place. With the Venafi Platform, the download, sign, and upload processes are all replaced by API calls and automated processes that typically take a few seconds (depending on the CA).