To limit access to destination servers and provide a central entry point to the network, SPS can be placed in front of all destination servers in the enterprise. HTTP or HTTPS requests that come into the enterprise can be filtered through SPS, and forwarded to the appropriate destination server for fulfillment.
The following illustration shows how SPS handles all HTTP and HTTPS requests.
Destination servers that contain content do not require SiteMinder Web Agents. The only network element that resides behind the first firewall is SPS. All users must be authenticated and authorized by SiteMinder residing behind the second firewall. The destination servers provide content after SiteMinder and SPS verify user entitlements.
This deployment provides the following benefits:
SPS uses proxy rules defined in XML configuration files to establish how SPS handles requests. Proxy rules can be based on:
In addition, the conditions for proxy rules can be nested to create rules that incorporate multiple conditions.
All HTTP and HTTPS traffic passes through SPS. Based on the proxy rules established for SPS, requests are forwarded to the appropriate destination servers for fulfillment.
SPS uses the built-in web agent to communicate with SiteMinder and perform authentication and authorization of requests.
|
Copyright © 2013 CA.
All rights reserved.
|
|