Single Host Access for access applications

Enables accessing multiple access applications using a single fully qualified domain name (FQDN).

Note: This feature requires a special feature key. Please contact support at 1-877-4-AKATEC or support@akamai.com, or contact your account team.

When you configure an access application, you had to provide a unique external FQDN (Fully qualified domain name) for each internal hostname. For example, if you wanted to access these three applications app1, app2, and app3 using Akamai domain as the external hostname, you had to configure three unique external hostnames.

Prerequisites (ION/DSA or Proxy)

Organizations should use ION/DSA or an equivalent proxy in front of EAA. The proxy will need to do the re-directs.

Application URL patterns

Organizations that have a large set of applications follow these URL patterns to identify them. They may use a FQDN-based (fully qualified domain name) or a URL path-based approach.

Most organizations use a fully qualified domain name (FQDN) to identify applications, for example:
  • CRM App - https://crm.acme.com/
  • Payroll App - https://payroll.acme.com/
  • HRMS App - https://hr.acme.com/
Other organizations use a URL path to identify applications, for example:
  • CRM App - https://acme.com/crm
  • Payroll App - https://acme.com/payroll
  • HRMS App - https://acme.com/hr

EAA cloud, an identity aware proxy, was supporting the FQDN-based approach. If an organization was using a URL path-based approach, they had to re-factor all the applications, test and validate the changes, notify the users of the changes, before uptaking a migration to EAA cloud for enabling zero trust access. This causes additional resource, budget, and time overhead for organizations.

EAA (Enterprise Application Access) only supported the FQDN-based approach. With ION/DSA and the Single Host / Multiple Apps feature which is under Controlled Availability, EAA will also support the URL path-based approach. This feature enables organizations to retain their existing application URL patterns, move to a modern EAA cloud, without requiring IT to refactor existing applications. The combination of EAA and ION/DSA gives organizations a complete solution through which they can deliver a superior digital experience, optimize performance through acceleration and enable secure remote access using zero trust principles.

When you configure an access application in EAA, you have to provide a unique external FQDN (Fully qualified domain name) for each internal hostname. For example, if you wanted to access these three applications app1, app2, and app3 using Akamai domain as the external hostname, you had to configure three unique external host names.

Internal Hostname External Hostname
http://app1.yourcompany.com http://app1-yourcompany-com.go.akamai-access.com
http://app2.yourcompany.com http://app2-yourcompany-com.go.akamai-access.com
http://app3.yourcompany.com http://app3-yourcompany-com.go.akamai-access.com

With single host access, you can configure a single FQDN, and access all the access applications with a unique URL path for each application, after they are added to the application group. Single host access feature does not work with RDP, SSH access applications.

If the organization URL is https://yourcompany.com, you can set yourcompany.com as the single host access FQDN, add these three applications to a single application group, and configure the URL paths. Then you will be able to access these three access applications using the modified external hostname:

Internal Hostname URL path Modified External Hostname
http://app1.yourcompany.com /app1 http://yourcompany.com/app1
http://app2.yourcompany.com /app2 http://yourcompany.com/app2
http://app3.yourcompany.com /app3 http://yourcompany.com/app3

This enables EAA to do an automatic redirect to all of the modified external hostnames, allowing the user to access all the three applications from EAA cloud after you SSO to the login portal. The IT administrator can expose a single host and route the end-users based on the URL path. This provides ease of use and improves productivity for an organization.

Note: If you have a proxy server like ION, you will need to configure these in ION:
  1. Add the single host FQDN as the property hostname. For this example, it is yourcompany.com.
  2. Configure rules based on path matching, for each EAA application. For this example, you should configure these three rules:
    Application Name Rule in ION
    app1 If path matches /app1/*
    app2 If path matches /app2/*
    app3 If path matches /app3/*
  3. Configure the Origin Server Hostname in the Origin Server. It is the application URL inside EAA. For this example, you should configure these three origin server hostnames:
    Application Name Origin Server Hostname in ION
    app1 https://app1-yourcompany-com.go.akamai-access.com
    app2 https://app2-yourcompany-com.go.akamai-access.com
    app3 https://app3-yourcompany-com.go.akamai-access.com
  4. Set the Forward Host Header to Origin Host in the Origin Server.

Now, when ION receives a request from the end-user’s browser to access an application using the modified hostname, ION knows what rules to follow, and where to forward to the EAA cloud service. EAA does the URL rewrites to provide access to the correct application in the data center.

For more details, see ION documentation.