Single Host Access for access applications
Enables accessing multiple access applications using a single fully qualified domain name (FQDN).
When you configure an access application, you had to provide a unique external FQDN (Fully qualified domain name) for each internal hostname. For example, if you wanted to access these three applications app1, app2, and app3 using Akamai domain as the external hostname, you had to configure three unique external hostnames.
Prerequisites (ION/DSA or Proxy)
Organizations should use ION/DSA or an equivalent proxy in front of EAA. The proxy will need to do the re-directs.
Application URL patterns
Organizations that have a large set of applications follow these URL patterns to identify them. They may use a FQDN-based (fully qualified domain name) or a URL path-based approach.
- CRM App - https://crm.acme.com/
- Payroll App - https://payroll.acme.com/
- HRMS App - https://hr.acme.com/
- CRM App - https://acme.com/crm
- Payroll App - https://acme.com/payroll
- HRMS App - https://acme.com/hr
EAA cloud, an identity aware proxy, was supporting the FQDN-based approach. If an organization was using a URL path-based approach, they had to re-factor all the applications, test and validate the changes, notify the users of the changes, before uptaking a migration to EAA cloud for enabling zero trust access. This causes additional resource, budget, and time overhead for organizations.
EAA (Enterprise Application Access) only supported the FQDN-based approach. With ION/DSA and the Single Host / Multiple Apps feature which is under Controlled Availability, EAA will also support the URL path-based approach. This feature enables organizations to retain their existing application URL patterns, move to a modern EAA cloud, without requiring IT to refactor existing applications. The combination of EAA and ION/DSA gives organizations a complete solution through which they can deliver a superior digital experience, optimize performance through acceleration and enable secure remote access using zero trust principles.
When you configure an access application in EAA, you have to provide a unique external
FQDN (Fully qualified domain name) for each internal hostname. For example, if you
wanted to access these three applications
app1, app2, and
app3 using Akamai domain as the external hostname, you had to configure
three unique external host names.
|Internal Hostname||External Hostname|
With single host access, you can configure a single FQDN, and access all the access applications with a unique URL path for each application, after they are added to the application group. Single host access feature does not work with RDP, SSH access applications.
If the organization URL is https://yourcompany.com, you can set yourcompany.com as the single host access FQDN, add these three applications to a single application group, and configure the URL paths. Then you will be able to access these three access applications using the modified external hostname:
|Internal Hostname||URL path||Modified External Hostname|
This enables EAA to do an automatic redirect to all of the modified external hostnames, allowing the user to access all the three applications from EAA cloud after you SSO to the login portal. The IT administrator can expose a single host and route the end-users based on the URL path. This provides ease of use and improves productivity for an organization.
- Add the single host FQDN as the property hostname. For this example, it is yourcompany.com.
- Configure rules based on path
matching, for each EAA application. For this example, you should configure these
Application Name Rule in ION app1 If path matches /app1/* app2 If path matches /app2/* app3 If path matches /app3/*
- Configure the Origin Server
Hostname in the Origin Server. It
is the application URL inside EAA. For this example, you should configure these
three origin server hostnames:
Application Name Origin Server Hostname in ION app1 https://app1-yourcompany-com.go.akamai-access.com app2 https://app2-yourcompany-com.go.akamai-access.com app3 https://app3-yourcompany-com.go.akamai-access.com
- Set the Forward Host Header to Origin Host in the Origin Server.
Now, when ION receives a request from the end-user’s browser to access an application using the modified hostname, ION knows what rules to follow, and where to forward to the EAA cloud service. EAA does the URL rewrites to provide access to the correct application in the data center.
For more details, see ION documentation.