PingAccess

Choose between an agent or gateway deployment

Deploy PingAccess using Agents, as a Gateway (or reverse proxy), or using a combination of both. Before choosing a deployment, understand the pros and cons of each deployment scenario and determine how they impact your strategy.

Gateway

Pros:

  • Fewer number of deployed components that require maintenance

  • Independent of target application platform

  • No impact on web or app server processing and performance

  • Works with existing security token types, such as creating third party Web Access Management (WAM) tokens

Cons:

  • Requires networking changes

  • Requires strategy for securing direct access to backend web or app servers (network routing or service level authentication)

  • Depending on the application, might require content/request/response rewriting

  • Another layer that requires HA/DR planning

Agents

Pros:

  • No networking or server level authentication changes required

  • Tight integration with web server handling requests

  • Scales with application

Cons:

  • High cost of ownership when many agent instances are deployed, although should be upgradable or patchable independently of PingAccess policy server

  • Policy evaluation is cached, and although periodically flushed or re-evaluated (for new sessions, updates to session token, etc.) , isn’t as "real time" as proxy

  • Tight dependency on web server version and platform