Enterprise Application Access: Quick Start

Document created by Ashwin Thyagarajan Employee on Dec 20, 2016
Version 1Show Document
  • View in full screen mode

Enterprise Application Access is the easiest way to secure and deliver your applications running behind your firewall or in the public cloud. This article will put you on the fast track to getting your first application up and running through the Enterprise Application Access service.

 

 Contents

  • Really Quick - How it Works
  • Before You Start
  • Step 1: Create a Cloudlet
  • Step 2: Create an Application
  • Step 3: Set up Authentication
  • Step 4: Deploy the Application
  • Step 5: Give it a try

 

Procedure

 

Really Quick - How it Works

Securing your application with Enterprise Application Access is made easy with an Enterprise Connector that connects to your application server and dials out to the Enterprise Application Access service on TCP Port 443, commonly open for outbound communication on most company’s firewalls.  

 

 

The Connector is a complete virtual appliance created uniquely for use with to your account on the Enterprise Application Access service. The Connector installs in your virtual environment and automatically configures itself, getting an IP address from your DHCP server, and connecting out to pull additional configuration from the service.

 

Your users on the Internet will connect to the Enterprise Application Access service through a URL they enter in their browser, provide their credentials, and gain access to your applications.  In the diagram above, the users will enter the URL https://first-test-app.go.sohacloud.net  to access your application running on private IP 192.168.1.195.

 

Before You Start

The rest of this article will guide you through the steps to getting your first application running. Before starting, make sure you have the following three items:

  1. An account on the Enterprise Application Access service. If you don’t have an account, contact your sales representative.
  2. The private IP address, or fully qualified domain name, of a Web-based application you want to use.
  3. Credentials to install and run the Connector in your VMware, AWS, or other virtual environment.

 

Step 1: Create and Install an Enterprise Connector

Login to your Enterprise Application Access account by navigating your browser to https://manage.sohacloud.net and entering your email and password.  Click Connectors in the top menu bar, then click the ADD CONNECTORS button.

 

 

On the next screen, give your new Connector a name, and an optional description. The package type you select will correspond to the virtual environment on which you will be installing the Cloudlet. For our example, we’ll choose VMware. After clicking   read the text in the dialog box that pops up, then click ok .

 

 

When your Connector is ready, download it by clicking the   button on the Connector card.  Once you have downloaded the Connector, install it into your virtual environment as you would any other virtual machine.  Specific instructions for installing Connectors in various environments can be found below:

Once the Connector is running in your virtual environment, go back to the Connector configuration card and verify that the Connector has checked in - this may take a few moments.  Click the Click here to approve button and wait for the status to change to "Cloudlet is running".

 

 

If your Connector has failed to check in after 5 minutes, it may have encountered a problem getting its DHCP configuration or connecting outbound through your firewall.  For troubleshooting help CLICK HERE or contact Akamai Technical Support at 1-877-4-AKATEC to open a support case.

 

Step 2: Create a New Application in Soha Cloud

As a first step to experience the Enterprise Application Access' capabilities, pick a simple Web application that you can access through your browser when on your local area network. For example, try Jira, Jenkins, Confluence, or Nagios.

 

 

   Jump the Gun: Non-web based applications can be accessed via RDPVNC, or SSH

In the Enterprise Application Access management portal, and click Applications in the top menu bar, then click the  button.

 

 

In the dialog box that appears enter a name for your application, an optional description. Leave HTTP as the application type for your Web application, and Custom HTTP as the application profile. Click the Create App and Configure button.

 

 

That's it! You have created your first application. Now you need to configure a few key access parameters on the application’s General Settings page.

 

NOTE: You’ll find most of the settings have an   icon to the right – hovering your mouse over this icon will give you an explanation of the setting.

 

Configure your application server’s private IP address or fully qualified domain name, and whether your server runs HTTPS or HTTP. In our example, the application server runs HTTPS with a private IP address of 192.168.2.195. For HTTPS the default IP port 443 is automatically entered, but you may need to include a suffix (e.g., /login) if your app doesn’t normally redirect you to the login page.

 

 

To keep it easy, check the radio button next to “Use Akamai Domain” and enter an external hostname for the application.

 

 

In our example, the complete external URL your users will enter into their browsers to access this application will be “https://first-test-app.go.sohacloud.net”. Because you are using an Akamai domain “akamai-access.com” you don’t need to configure certificates or your DNS.

 

 

   Jump the Gun: Configure Soha to use your company domain instead of sohacloud.net.

Finally, associate the Connector you created in Step 1 with your application.  Scroll down the page until you reach the Location section and click the ADD/REMOVE CONNECTOR button.  Select the Connector you created and click Done.  You'll see the Connector name you selected now associated with the application. Click the  button to go to the next step.

 

Step 3: Set up Authentication

In the Authentication tab under your application name you'll see there are no directories assigned.  To assign a directory, click the Assign Directory button.

 

 

In the window that open up, click on the "Cloud Directory" card. 

 

 

For every new account, the service creates a default "Cloud Directory" that holds the credentials of all administrators in your account, and any additional users or groups you want to set up.  To authorize user access to the application, you need to assign groups from the Cloud Directory.  Do that by clicking the Assign Groups link as shown below.

 

 

   Jump the Gun: Enable Multi-Factor Authentication for greater security.

 

In the window that opens up, click Select All, then Done.

 

 

Right now, your account credentials are probably the only ones in the directory so you will be the only one that has access to the First_Test_App application.  If you want to find out how to add additional users to the directory, CLICK HERE.

 

 

  Jump the Gun: Use your Active Directory or SAML provider to authenticate users.

To finish up, click the   button at the bottom of the page.  Click twice more in the same spot on the  and   buttons. 

 

 

Step 4: Deploy the Application

When you have completed all configurations correctly you will be presented with a button labeled Click to Deploy Application on the DEPLOYMENT tab.  Click this button to begin deploying the application for operational access.  If you see APPLICATION STATUS: APP NOT READY, correct the items listed on the screen and try again. 

 

  

The deployment process might take 3~5 minutes during which you will see the progress on the screen. When the deployment is complete you will see the following screen:

 

 

 

Step 5: Give it a Try

To try accessing your application through the Enterprise Application Access service, open a browser window on any device that has Internet connectivity and is not connected to your internal network.  This will save some aggravation if there are additional configuration steps required in your network to reach outside applications, for example, Firewall or Secure Web Gateway configurations.

Enter the External URL of the application you created.  In the above example this would be https://first-test-app.go.sohacloud.net.  You will arrive at a login screen like the one below.  Login with the same username and password you used to access http://manage.sohacloud.net(this works because you assigned the same default Cloud Directory to the app that the management portal uses for admins).

 

 

That's it!  You're accessing your application from the Internet fully secured by Enterprise Application Access. 

Attachments

    Outcomes