Symantec Access Management

Hi Everyone,

I am discussiong with my client the use of the CA component ( CA Access Gateway) or the Apache reverse proxy Agent in our architecture.

It is clear that the CA component does not support the resource caching option.

Add to that, have you other concrete differences between those two options ?

Thanks for your time and your return.

Hi,

A traditional proxy server is located between a firewall and an internal network and provides caching of resources and security for the users on the internal network. Traditional proxy servers act as a proxy on behalf of a group of users for all resources on the Internet.

CA Access Gateway is not a traditional reverse proxy solution, because it does not provide resource caching. CA Access Gateway  serves as a single gateway for access to enterprise resources, regardless of the method of network access.

A set of configurable proxy rules determines how CA Access Gateway handles a user request. Users can access resources through multiple session schemes based on mapping between user agent types and virtual hosts. Requests can be routed to different destination servers based on the type of device being used to access the network.

SiteMinder provides solutions to many of these challenges, including authentication and authorization of users, and a complex engine for evaluating user entitlements. CA Access Gateway  further expands the benefits of core Policy Server and Web Agent functionality by providing a reverse proxy solution.

This reverse proxy solution adds the following capabilities:

Inter-operability with existing SiteMinder Web Agents
Cookieless single sign-on and sessions storage
Centralized configuration through proxy rules
Multiple options for maintaining sessions
Multiple device support

Please refer below link for more details on Apache reverse proxy and CA Access Gateway architecture

Introduction to the CA SiteMinder® SPS Architecture 

Thanks,

Sharan

Hi 

A few advantages come in my mind on CA Access Gateway:

CA Access Gateway can provide a few different options of authentication scheme, like basic, form, Integrated Windows Authentication, cookieless etc.
CA Access Gateway can support federation transaction, acting as federation gateway, like web agent option pack.
CA Access Gateway can support and protect soap Web Services.

There certainly could be more.

Thanks,

Hongxu Liu

CA Technologies

Thanks!

Is there any differences between installing the CA Access Gateway on Linux or Windows ?

Please refer below link for the installation steps on Linux and windows.

Install CA SiteMinder® SPS - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

Thanks,

Sharan

Thanks Sharan. I am already on this link. 

My question was not completed or well detailed.. sorry for that.

My question was about performances. 

We have not seen performance issues with respect to operating system for CA Access gateway. You need to choose the operating system based on the use case and the business requirement. 

Below are the Commonly Tuned Parameters on CA Access gateway which is applicable for both operating systems.

CA Access Gateway (formerly Secure Proxy Server): Commonly Tuned Parameters 

Thanks,

Sharan