Not protected application reference architecture
The not, or none, protected application Access Gateway really isn't an protected architecture at all, as it represents a baseline or a starting point after an application is integrated with Access Gateway but before any steps are taking to significantly deny direct access to the backing protected web resource.
In this architecture, a single application, referred to as protected web resource, is served to requesting clients using Access Gateway. All URLs (Access Gateway and the backing protected web resource) are typically resolvable using a single DNS server and accessible to all.
This architecture meets the following requirements:
- No specialized configuration.
- URLs (Access Gateway and application) are entered into DNS but no further action is taken.
- Can be used as a baseline for testing and development.
Benefits and drawbacks
In this architecture, external clients can access the application directly if they know the internal URL/IP. Likewise internal network clients can also access the application directly. Represented by neither dotted access path being blocked.
|External URL used by clients to access Access Gateway on behalf of the protected web resource.
DNS server providing DNS resolution for both the external URL and the internal (protected web resource
|Access Gateway cluster, located in the DMZ is used to provide access to applications used by external internet clients.
Typically hosted in a virtual environment such as Amazon Web Services, MS Azure, Oracle OCI or something similar. See Manage Access Gateway deployment.
Internal URL, represented by protected web resource in Access Gateway.
|Protected web resource (application)