Unprotected application reference architecture

The unprotected application architecture is a baseline or starting point after an application is integrated with Access Gateway. It's the state before any configuration to deny direct access to the back-end protected web resource has been made.
In this architecture, a single application, referred to as a protected web resource, is served to requesting clients using Access Gateway. All URLs (Access Gateway and the back-end protected web resource) are typically resolvable using a single DNS server and are accessible to all.
This architecture meets the following requirements:

  • No specialized configuration is required.
  • URLs (Access Gateway and application) are entered into DNS but no further action is taken.
  • It can be used as a baseline for testing and development.

Benefits and drawbacks

Benefits Drawbacks
  • Simple installation
  • Baseline for testing, proof of concept
  • Little or no protecting for direct access to protected web resource
  • Protected web resource reachable from the external internet by name or IP
  • Protected web resource reachable from the internal internet by name or IP

Architecture

In this architecture, external clients can access the application directly if they know the internal URL/IP. Likewise internal network clients can also access the application directly. Represented by neither dotted access path being blocked.

Components

Location

Component Description
External internet External URL External URL used by clients to access Access Gateway on behalf of the protected web resource.

DNS

DNS server providing DNS resolution for both the external URL and the internal (protected web resource

DMZ Access Gateway The Access Gateway cluster provides access to applications used by external internet clients. It's housed in the DMZ.
It's typically hosted in a virtual environment such as Amazon Web Services, Microsoft Azure, Oracle OCI, or similar. See Manage Access Gateway deployment.
Internal network

Internal URL

The Internal URL, represented by the protected web resource in Access Gateway.

Application The protected web resource, also referred to as the application.

Related topics

Common Access Gateway flows

DNS use

High availability

Access Gateway deployment prerequisites