There are three phases most computers use to protect access to sensitive operations, applications, and data:

• Identification is the process the computer or application uses to identify the user. This usually consists of a user name.
• Authentication is the process by which a computer or application attempts to confirm the user is who they say they are using passwords, tokens, SSL certificates, etc.
• Authorization is when the application or computer decides what the user may do

Managing authentication individually across your applications is costly. Top-level authentication enforcement consumes server cycles that could be used elsewhere. Configuring authentication for thousands of users is potentially error prone causing user frustration, lost productivity, lost revenue, or even unauthorized access. And, what happens when the authentication servers go down? For complete protection, authentication servers should be redundant and load balanced to guarantee authorized use.

F5's Advanced Client Authentication software module for use with the BIG-IP Local Traffic Manager provides client authentication of HTTP and other traffic types for a variety of authentication schemes, including LDAP, Radius, TACAS, SSL, and OCSP.

This paper describes how F5's Advanced Client Authentication module works to protect your application infrastructure while increasing your server capacity by offloading authentication processing.