Really Quick - How it Works
Securing your application with Enterprise Application Access is made easy with an Enterprise Connector that connects to your application server and dials out to the Enterprise Application Access service on TCP Port 443, commonly open for outbound communication on most company’s firewalls.
The Connector is a complete virtual appliance created uniquely for use with to your account on the Enterprise Application Access service. The Connector installs in your virtual environment and automatically configures itself, getting an IP address from your DHCP server, and connecting out to pull additional configuration from the service.
Your users on the Internet will connect to the Enterprise Application Access service through a URL they enter in their browser, provide their credentials, and gain access to your applications. In the diagram above, the users will enter the URL https://first-test-app.go.sohacloud.net to access your application running on private IP 192.168.1.195.
Before You Start
The rest of this article will guide you through the steps to getting your first application running. Before starting, make sure you have the following three items:
- An account on the Enterprise Application Access service. If you don’t have an account, contact your sales representative.
- The private IP address, or fully qualified domain name, of a Web-based application you want to use.
- Credentials to install and run the Connector in your VMware, AWS, or other virtual environment.
Step 1: Create and Install an Enterprise Connector
Login to your Enterprise Application Access account by navigating your browser to https://manage.sohacloud.net and entering your email and password. Click Connectors in the top menu bar, then click the ADD CONNECTORS button.
On the next screen, give your new Connector a name, and an optional description. The package type you select will correspond to the virtual environment on which you will be installing the Cloudlet. For our example, we’ll choose VMware. After clicking read the text in the dialog box that pops up, then click ok .
When your Connector is ready, download it by clicking the button on the Connector card. Once you have downloaded the Connector, install it into your virtual environment as you would any other virtual machine. Specific instructions for installing Connectors in various environments can be found below:
Once the Connector is running in your virtual environment, go back to the Connector configuration card and verify that the Connector has checked in - this may take a few moments. Click the Click here to approve button and wait for the status to change to "Cloudlet is running".
If your Connector has failed to check in after 5 minutes, it may have encountered a problem getting its DHCP configuration or connecting outbound through your firewall. For troubleshooting help CLICK HERE or contact Akamai Technical Support at 1-877-4-AKATEC to open a support case.
Step 2: Create a New Application in Soha Cloud
As a first step to experience the Enterprise Application Access' capabilities, pick a simple Web application that you can access through your browser when on your local area network. For example, try Jira, Jenkins, Confluence, or Nagios.
Jump the Gun: Non-web based applications can be accessed via RDP, VNC, or SSH.
In the Enterprise Application Access management portal, and click Applications in the top menu bar, then click the button.
In the dialog box that appears enter a name for your application, an optional description. Leave HTTP as the application type for your Web application, and Custom HTTP as the application profile. Click the Create App and Configure button.
That's it! You have created your first application. Now you need to configure a few key access parameters on the application’s General Settings page.
NOTE: You’ll find most of the settings have an icon to the right – hovering your mouse over this icon will give you an explanation of the setting.
Configure your application server’s private IP address or fully qualified domain name, and whether your server runs HTTPS or HTTP. In our example, the application server runs HTTPS with a private IP address of 192.168.2.195. For HTTPS the default IP port 443 is automatically entered, but you may need to include a suffix (e.g., /login) if your app doesn’t normally redirect you to the login page.
To keep it easy, check the radio button next to “Use Akamai Domain” and enter an external hostname for the application.
In our example, the complete external URL your users will enter into their browsers to access this application will be “https://first-test-app.go.sohacloud.net”. Because you are using an Akamai domain “akamai-access.com” you don’t need to configure certificates or your DNS.
Jump the Gun: Configure Soha to use your company domain instead of sohacloud.net.
Finally, associate the Connector you created in Step 1 with your application. Scroll down the page until you reach the Location section and click the ADD/REMOVE CONNECTOR button. Select the Connector you created and click Done. You'll see the Connector name you selected now associated with the application. Click the button to go to the next step.
Step 3: Set up Authentication
In the Authentication tab under your application name you'll see there are no directories assigned. To assign a directory, click the Assign Directory button.
In the window that open up, click on the "Cloud Directory" card.
For every new account, the service creates a default "Cloud Directory" that holds the credentials of all administrators in your account, and any additional users or groups you want to set up. To authorize user access to the application, you need to assign groups from the Cloud Directory. Do that by clicking the Assign Groups link as shown below.
In the window that opens up, click Select All, then Done.
Right now, your account credentials are probably the only ones in the directory so you will be the only one that has access to the First_Test_App application. If you want to find out how to add additional users to the directory, CLICK HERE.
To finish up, click the button at the bottom of the page. Click twice more in the same spot on the and buttons.
Step 4: Deploy the Application
When you have completed all configurations correctly you will be presented with a button labeled Click to Deploy Application on the DEPLOYMENT tab. Click this button to begin deploying the application for operational access. If you see APPLICATION STATUS: APP NOT READY, correct the items listed on the screen and try again.
The deployment process might take 3~5 minutes during which you will see the progress on the screen. When the deployment is complete you will see the following screen:
Step 5: Give it a Try
To try accessing your application through the Enterprise Application Access service, open a browser window on any device that has Internet connectivity and is not connected to your internal network. This will save some aggravation if there are additional configuration steps required in your network to reach outside applications, for example, Firewall or Secure Web Gateway configurations.
Enter the External URL of the application you created. In the above example this would be https://first-test-app.go.sohacloud.net. You will arrive at a login screen like the one below. Login with the same username and password you used to access http://manage.sohacloud.net(this works because you assigned the same default Cloud Directory to the app that the management portal uses for admins).
That's it! You're accessing your application from the Internet fully secured by Enterprise Application Access.