Web Application Proxy (WAP) Remote Access Gateway Proxy for Web - - PowerPoint PPT Presentation

1

Web Application Proxy (WAP) Remote Access Gateway Proxy for Web Applications

If you’re WAPpy and you know it….

UAG ? WAP ? eGov ?

2

3

Topics

• Why the County invested in WAP
• Capabilities provided by WAP
• Services delivered via WAP
• Next Up

This presentation will share:

4

Vision

• Support e-government initiatives
• Provide self-service for Residents and Partners
• Single Sign-On for County services
• Maintain users, application access, and data privacy
• Create a user friendly, highly available robust solution
• Enhanced employee mobility access

5

Core Technologies

• Microsoft Web Application Proxy (WAP)
• Active Directory Federation Services (AD FS)
• Microsoft Identity Manager (FIM)

6

WAP Use Cases

• E-Government – access for residents and business

partners to published web applications along with enabling self-service capabilities

• Employee Access – streamlined access to web based

services

• Enable mobility – Any Device, Any Where, Any Time
• Smart Phones, Home PC’s, Tablets
• Does not alter HTML to preserve formatting

7

What is WAP?

WAP is a Windows Server role that provides a Reverse Proxy Gateway for web applications located within an organization’s enterprise network that allows users on any device to access web applications from the internet and/or outside the enterprise network.

• WAP is for publishing web pages / applications
• WAP does not work with thick clients
• WAP provides authentication capabilities to enhance

security and support single sign-on

• WAP currently only supports https

8

So Long UAG…

UAG

Active-Passive More servers Stateful Shorter support life

WAP

Active-Active Fewer servers Stateless Longer support Better health check

9

WAP

High level representation of WAP User devices including desktop, tablet, smart phone, windows, non-windows.

10 10

WAP CAPABILITIES

Business Desires

Access applications from any where, any device (Windows and non-MS) Single Sign-On experience

IT Desires

Securely publish applications Control access per application, user, device, location No change on device (clientless)

11 11

Employee Access

12 12

eGov Access

13 13

14 14

WAP Authentication Flexibility

Methods:

• Claims Aware with Entitlements
• Claims Aware w/o Entitlements
• Kerberos Delegation
• Forms Based Authorization
• Pass-Through Authorization

Domains Configured:

• HCGG
• HCSO
• HCLIB
• EGOV

15 15

High Level Project Info

• Partnered with Microsoft Consulting Services
• Built non-production and production WAP and AD FS
• Migrated Services hosted on MS Unified Access Gateway
• Internal (Employee) SharePoint
• Extranet (Hennplace) SharePoint
• Human Services Housing Key
• Migrated services hosted on VPN appliance
• Web Mail (Outlook Web Access - OWA)
• Active-Sync (mobile device email sync)

16 16

Build Pattern

Repeatable Design Pattern  Consistent Firewall and Load-Balancing Configurations  Application slides into mostly pre-built infrastructure for faster delivery of solutions  High Availability baked-In  Authentication source is secure

17 17

WAP Upcoming Apps

• Enterprise Contracting
• Library Patron
• Sentence to Serve
• GIS
• Homestead

18 18

Onboarding

Onboarding Process Flow Diagram: https://dept.hennepin.us/it/Projects/WAP/Shared%20Documents/WAP%20Onboarding %2002_2015.vsdx?Web=1 Application Onboarding Guide: https://dept.hennepin.us/it/Projects/WAP/_layouts/15/WopiFrame.aspx?sourcedoc=/it/ Projects/WAP/Shared%20Documents/WAP%20Application%20Onboarding%202015_ 02.docx&action=default&DefaultItemOpen=1

19 19

Onboarding Requests

HC Connect - IT Service Catalog Business and Application Services

20 20

Questions / Comments?