• Jitendra Singh

Workspace ONE Internal and External traffic flow..


Workspac ONE comes with Two Options

1) SAAS based (User interface and Database are hosted and managed in Cloud, connectors will be hosted and managed by your administrators ,on your internal Network )

2) ON Prem solution ( All Components including User interface, Database and connectors will be hosted and managed on prem)

When a user requests workspace one services he will hit service url . How service will come to know if user is coming from internet or intranet. So it can send external requests to RSA connectors and internal requests to internal connectors.

We can configure the same using IDP (Identity providers) settings

It is really important to identify what is our internal network (trusted network)and which will be my external network that i need to send to verify using RSA.

We will discuss the same one by one

If Services is hosted in SAAS (Internet)

If my Workspace One is hosted in SAAS i will create two networks

1) Internal Network Or Trusted network : Which will contain all public ips that my organization is using for internet traffic for each location.

2) External Network : Rest all other traffic will be considered as external network.

In this case Internet traffic going from my office locations is considered as trusted and other internet traffic is considered as External traffic.

If my Workspace One is hosted on premise we will create two networks

1) internal Network Or Trusted Network : Which will contain all internal IP range that my organization is using

2) External Network : Rest all other traffic will be considered as external network.

We wil make sure that we identify and implement IDP such as way that non trusted traffice always have to land to RSA connectors.

Now lets see how to manage traffice using Identity Providers configurations , to achieve this we will create two Identity Providers as below :

Go to Identity and access management >> identity providers

Lets see configuration one by one, first internal Identity Provider :

We have selected Internal network and internal IDP hostname , IDP host have mentioned above is a VIP on load balancer which will have more than one connection behind this . Right now we only have one connector for internal connections but we can add more based on requirements . Based on user's ip details the traffice will be landing to internal VIP and taken care by internal connectors.

For External Identity provider we will add idp hostname as external public vip and keep our internet facing connectors behind this VIP , Please note we are using this IDP for external Traffice only.

So if user is coming from internal network, this request will be send to internal VIP and internal connectors behind the same will take careo of authentication.

And if user is coming from External network, this request will be send to public VIP and external connectors behind the same will take careo of authentication by Authentication medthode forced by administrator

This is how we will control traffice for Workspace ONE service using Network Defination, VIPs and Identity Provider configurations.

#workspaceone

123 views

Tel: +91-8879374285

 Bangalore INDIA 560076

© 2017-18 Xtra-V!rtual