I disagree with you on point 1, my data center is filled with products that do support authorization usually RADIUS or TACACS, but sometimes LDAP. In fact, I can’t think of any other product that does not have external authorization. But then, I believe myself to be a professional and I make security conscious choices.

I can see why RADIUS would lose in the development cycle and your point appears valid in this context. Let me make this point, if F5 can’t get the basic functions in place, how are they going to deliver the main functions ?

To put it differently, listening to customers when they SAY what they want, and failing to address fundamentals (or what they actually need) can lead to poor choices. Everyone says they want junk food, even when they know its the wrong choice.

Addiitonally, I have been asking for Radius authentication for years, and I am not alone. Check the forums for the ‘me too’ on my post. Which customers have you been listening to ?

Develop all the fancy features you like, but lets not forget fundamentals here. F5 has abrogated a primary security responsibility and it should be addressed.

I’ll give you that it’s inconvenient not to have Radius do it for you (and prior to my employment at F5 have ranted about this in data center devices and appliances in general – and storage in particular), but there are two simple facts:

(1) The data center is sadly filled with devices and appliances that still don’t support Radius, F5 is hardly unique in that sense.

(2) F5 does a very good job of listening to customers – that is one of the reasons I came to the company.

When customers are asked where development time should be spent, Radius always loses. It always loses because for most organizations it is a minor imposition and they can get bigger bang for their buck if we implement things like Powershell and Control Point. We give the customers what they want – asking them would be a waste of time if we didn’t listen.

That doesn’t make it less inconvenient – particularly on initial setup – but for most customers that inconvenience is a minimal part of overall configuration cost and effort. For those it isn’t, they get basic Radius configured, as Christian mentions.

Remember that this is not core functionality for these products – a differentiator definitely, but not generally a buy/no buy decision point.

Don.

BUT – I have gotten basic Radius working fine

also – F5 is a few years ahead of ace, i use ace’s too for virtualized customer infrastructures

The ACE is no competition for the F5 IMO, but i would really like to see F5 implement TACACS very soon