Users need access to more than just company data from their mobile devices. They also need access to their company’s internal web applications, such as line-of-business (LOB) applications. Providing simple, secure access to these applications from any device and from any location can be a huge IT challenge.
Web Application Proxy is a new feature in Windows Server 2012 R2 that simplifies the process of making internal web applications available to authorized users on any devices outside the corporate network. You install the feature as a Remote Access role service in Windows Server 2012 R2. (And for all of this to work, you need to place the server on which this role service is installed in a secure location accessible from the Internet.)
Give controlled access to corporate resources
Unlike a VPN, Web Application Proxy allows selective access to internal web-based applications. The process of making a select web application available to external users is known as “publishing.” Users from outside the company enter the published web application URL in a browser and are directed to the Web Application Proxy at the edge of the company network. If the published web application has been configured to require pre-authentication through Active Directory Federation Services (AD FS), the Web Application Proxy requires users to enter their credentials at the network edge. Otherwise, the Web Application Proxy simply forwards the request directly to the application server for authentication. In either case, depending on the users’ access permissions, users are then granted or denied access to desired web applications located within the corporate network.
Web Application Proxy provides the following additional benefits:
- Web Application Proxy provides access to web applications from any device with a browser (not just devices based on Windows).
- IT can control access so that only permitted web applications are visible to each user.
- Web Application Proxy can be configured to allow direct access to applications or to forward requests to AD FS for authentication.
- Through AD FS, applications published in Web Application Proxy can be configured to require multifactor authentication specifically for registered devices, unregistered devices, devices on the intranet, or external devices.
- Users do not need to install any additional software on their devices to access published applications.
- Web Application Proxy replaces the AD FS proxy (Federation Service Proxy role service) available in previous versions of Windows Server. This means that Web Application Proxy listens to AD FS requests from the Internet and forwards those requests to an internal AD FS server.
For more information on mobile-friendly features in Windows 8.1 and Windows Server 2012 R2, check out our white paper Windows Device Management Goes Mobile on Intel.com.