Application Offloading And Http(S) Bookmarks Overview; Benefits Of Http(S) Bookmarks; Benefits Of Application Offloading; Supported Platforms - SonicWALL SMA 400 Administration Manual

A domain in the Secure Mobile Access environment is a mechanism that enables authentication of users attempting to access the network being serviced
by the SMA/SRA appliance. Domain types include the Secure Mobile Access internal LocalDomain, and the external platforms Microsoft Active
Directory, LDAP, and RADIUS. Often, only one domain suffices to provide authentication to your organization, although a larger organization might
require distributed domains to handle multiple nodes or collections of users attempting to access applications through the portal.

Application Offloading and HTTP(S) Bookmarks Overview

SMA/SRA appliances use HTTP(S) bookmarks and application offloading to provide access to web-based applications running on servers within the
intranet. This includes SharePoint 2007 and the enhanced versions of commonly-used Web mail interfaces, such as Microsoft OWA Premium and Domino
Web Access 8.0.1, 8.5.1, and 8.5.2. SharePoint 2010 is supported with application offloading, but not with HTTP(S) bookmarks. SharePoint 2013 is
supported with application offloading. Note that third-party modules that are not proxy friendly might not be supported by SharePoint.
Both application offloading and HTTP(S) bookmarks use an HTTP(S) reverse proxy. A reverse proxy is a proxy server that is deployed between a
remote user outside an intranet and a target Web server within the intranet. The reverse proxy intercepts and forwards packets that originate from outside
the intranet. An HTTP(S) reverse proxy specifically intercepts HTTP(S) requests and responses.
Application Offloading provides secure access to both internal and publicly hosted Web applications. An application offloading host is created as a special-
purpose portal with an associated virtual host acting as a proxy for the backend Web application.
Unlike HTTP(S) bookmarks, access to offloaded applications is not limited to remote users. The administrator can enforce strong authentication and
access policies for specific users or groups. For instance, in an organization certain guest users might need Two-factor or Client Certificate authentication
to access Outlook Web Access (OWA), but are not allowed to access OWA public folders. If authentication is enabled, multiple layers of advanced
authentication features such as One Time Password, Two-factor Authentication, Client Certificate Authentication and Single Sign-On can be applied on
top of each other for the offloaded host.
The offloaded application portal must be configured as a virtual host with a suitable Secure Mobile Access domain. It is possible to disable authentication
and access policy enforcement for such an offloaded host.
Web transactions can be centrally monitored by viewing the logs. In addition, Web Application Firewall can protect offloaded application hosts from any
unexpected intrusion, such as Cross-site scripting or SQL Injection.
Access to offloaded Web applications happens seamlessly as URLs in the proxied page are not rewritten in the manner used by HTTP or HTTPS
bookmarks.

Benefits of HTTP(S) Bookmarks

By using HTTP(S) bookmarks, users can access the full-featured versions of SharePoint 2007, Microsoft OWA Premium, and Domino Web Access
8.0.1, 8.5.1, and 8.5.2 Web mail interfaces. These interfaces are easier to use and provide more enhanced features than their basic counterparts.

Benefits of Application Offloading

An offloaded Web application has the following advantages over configuring the Web application as an HTTP(S) bookmark in Secure Mobile Access:
• No URL rewriting is necessary, thereby improving throughput significantly.
• The functionality of the original Web application is retained almost completely, while an HTTP(S) bookmark is a best-effort solution.
• Application offloading extends Secure Mobile Access security features to publicly hosted Web sites.
Application offloading can be used in any of the following scenarios:
• To function as an SSL offloader and add HTTPS support to the offloaded Web application, using SSL acceleration of the SMA/SRA appliance.
• In conjunction with the Web Application Firewall subscription service to provide the offloaded Web application continuous protection from
malicious Web attacks.
• To add strong or stacked authentication to the offloaded Web application, including Two-factor authentication, One Time Passwords and Client
Certificate authentication.
• To control granular access to the offloaded Web application using global, group or user based access policies.
• To support Web applications not currently supported by HTTP/HTTPS bookmarks. Application Offloading does not require URL rewriting,
thereby delivering complete application functionality without compromising throughput.
• To authenticate ActiveSync Application Offloading technology that delivers Web applications using Virtual Hosting and Reverse Proxy. ActiveSync
authentication does not require URL rewriting in order to deliver the Web applications seamlessly. As an example, the ActiveSync protocol is used
by a mobile phone's email client to synchronize with an Exchange server, as explained in

Supported Platforms

Appliance Platforms
Application Offloading and HTTP(S) bookmarks are supported on all the SMA/SRA appliances that support the Secure Mobile Access 8.6 release:
• SMA 400
• SMA 200
• SRA 4600
• SRA 1600
• SMA 500v Virtual Appliance
HTTP Versions
HTTP(S) bookmarks and application offloading portals support both HTTP/1.0 and HTTP/1.1.
ActiveSync Authentication.