Web Application Proxy (WAP) Remote Access Gateway Proxy for Web Applications 1
If you’re WAPpy and you know it…. UAG ? WAP ? eGov ? 2
Topics This • Why the County invested in WAP presentation will share: • Capabilities provided by WAP • Services delivered via WAP • Next Up 3
Vision • Support e-government initiatives • Provide self-service for Residents and Partners • Single Sign-On for County services • Maintain users, application access, and data privacy • Create a user friendly, highly available robust solution • Enhanced employee mobility access 4
Core Technologies • Microsoft Web Application Proxy (WAP) • Active Directory Federation Services (AD FS) • Microsoft Identity Manager (FIM) 5
WAP Use Cases • E-Government – access for residents and business partners to published web applications along with enabling self-service capabilities • Employee Access – streamlined access to web based services • Enable mobility – Any Device, Any Where, Any Time • Smart Phones, Home PC’s, Tablets • Does not alter HTML to preserve formatting 6
What is WAP? WAP is a Windows Server role that provides a Reverse Proxy Gateway for web applications located within an organization’s enterprise network that allows users on any device to access web applications from the internet and/or outside the enterprise network. • WAP is for publishing web pages / applications • WAP does not work with thick clients • WAP provides authentication capabilities to enhance security and support single sign-on • WAP currently only supports https 7
So Long UAG… UAG WAP Active-Active Active-Passive Fewer servers More servers Stateless Stateful Longer support Shorter support life Better health check 8
WAP High level representation of WAP User devices including desktop, tablet, smart phone, windows, non-windows. 9
WAP CAPABILITIES Business Desires IT Desires Securely publish Access applications applications from any where, any Control access per device (Windows and non-MS) application, user, Single Sign-On device, location No change on device experience (clientless) 10 10
Employee Access 11 11
eGov Access 12 12
13 13
WAP Authentication Flexibility Methods: • Claims Aware with Entitlements • Claims Aware w/o Entitlements • Kerberos Delegation • Forms Based Authorization • Pass-Through Authorization Domains Configured: • HCGG • HCSO • HCLIB • EGOV 14 14
High Level Project Info • Partnered with Microsoft Consulting Services • Built non-production and production WAP and AD FS • Migrated Services hosted on MS Unified Access Gateway • Internal (Employee) SharePoint • Extranet (Hennplace) SharePoint • Human Services Housing Key • Migrated services hosted on VPN appliance • Web Mail (Outlook Web Access - OWA) • Active-Sync (mobile device email sync) 15 15
Build Pattern Repeatable Design Pattern Consistent Firewall and Load-Balancing Configurations Application slides into mostly pre-built infrastructure for faster delivery of solutions High Availability baked-In Authentication source is secure 16 16
WAP Upcoming Apps • Enterprise Contracting • Library Patron • Sentence to Serve • GIS • Homestead 17 17
Onboarding Onboarding Process Flow Diagram: https://dept.hennepin.us/it/Projects/WAP/Shared%20Documents/WAP%20Onboarding %2002_2015.vsdx?Web=1 Application Onboarding Guide: https://dept.hennepin.us/it/Projects/WAP/_layouts/15/WopiFrame.aspx?sourcedoc=/it/ Projects/WAP/Shared%20Documents/WAP%20Application%20Onboarding%202015_ 02.docx&action=default&DefaultItemOpen=1 18 18
Onboarding Requests HC Connect - IT Service Catalog Business and Application Services 19 19
Questions / Comments? 20 20
Recommend
More recommend