Choose between an agent or gateway deployment
Deploy PingAccess using Agents, as a Gateway (or reverse proxy), or using a combination of both. Before choosing a deployment, understand the pros and cons of each deployment scenario and determine how they impact your strategy.
Gateway
Pros:
-
Fewer number of deployed components that require maintenance
-
Independent of target application platform
-
No impact on web or app server processing and performance
-
Works with existing security token types, such as creating third party Web Access Management (WAM) tokens
Cons:
-
Requires networking changes
-
Requires strategy for securing direct access to backend web or app servers (network routing or service level authentication)
-
Depending on the application, might require content/request/response rewriting
-
Another layer that requires HA/DR planning
Agents
Pros:
-
No networking or server level authentication changes required
-
Tight integration with web server handling requests
-
Scales with application
Cons:
-
High cost of ownership when many agent instances are deployed, although should be upgradable or patchable independently of PingAccess policy server
-
Policy evaluation is cached, and although periodically flushed or re-evaluated (for new sessions, updates to session token, etc.) , isn’t as "real time" as proxy
-
Tight dependency on web server version and platform