Register Login 
 
 

Please use the links on the top right of the page to register and log onto SmartAccessCentral in order to post in the forums.

epa factory complete banner.gif
You are not authorized to post a reply.
Author
  Messages Sort:
MichaelWayneHarwood

Intermediate Member
Intermediate Member
User Online: User is Offline
Posted:30/03/2006 5:49 PM

Hey all,

My company is about to go live with an architecture that utilizes the Advanced Access Controls v4.2 (CAG) for a variety of functions and I was thinking it might be a Good Thing to see if what we are doing is a reasonable use of the technology.  Our company desires to have a central "gateway to services" for our customers - they would need only to log in once and whatever resources you have access to are presented to you automagically.  Our customers need access to a variety of resources including published Citrix apps, direct access to file shares, and a variety of internal web services (a Plone portal, a web based ticketing system, etc).

In theory AAC seems like a perfect fit.  Using Active Directory groups and a judicious use of AAC policies we have configured AAC to direct users to different home pages based on their group membership.  Some users go straight to the Plone portal and others receive AAC's NUI which dynamically builds a list of allowed resources. 

We have 2 Citrix Access Gateway appliances (CAG) exposed to the internet through a hardware based load balancer and configured to be "AAC Integrated".  We are not using the Access client - everything being presented to the user is via AAC's web functionality whether it be the NUI or a page passed through the AAC proxy.

The AAC does an excellent job in it's role of gatekeeper, and it's been nice to be able to utilize passing credentials form AAC to websites and effect single signon for many of our secured websites.  It's also very useful to be able to move away from the need of exposing so many web servers to the internet.

The downside has been a lack of generally available knowledge and expertise (no offense to anyone here).  When we have issues with performance there is very little information out there as to what exactly is going on in the background on the AAC servers, the CAG appliances, etc that will help us isolate bottlenecks.  Performance in general has been "acceptable", but not really great. 

Although our implementation seems to us to be reasonable we haven't heard of anyone else using the technology in exactly this way, but I would be surprised if we were the only ones doing this.  I would love to hear comments and opinions from anyone and everyone, so please don't be shy.

Feel free to post here on this forum or email me directly at mharwood@abacus-us.com..

Thanks!

 
You are not authorized to post a reply.


ActiveForums 3.0
  Home|Forums|Editorials|EPA Packages|Snippets
Copyright (c) 2009 SmartAccessCentral Terms Of Use Privacy Statement