Azure Application Proxy Connector Design


Diagram

Application Proxy

Below are the perquisites that need to be ready to deploy the Azure Application Proxy connector:

Servers Specifications and Internet Access

# of Server Core RAM HDD OS/Domain Internet Access
2 4 8 200 ·   Windows 2016 updated up to date & Joined to Domain with one NIC connect to LAN.

·   Domain Admin user required for the installation.

·   Azure Global Admin required for the installation.

·        Required. with No Authentication

 

·        Recommendation is to allow the connector anonymous access to the Internet destinations.

 

  • Server 2012 R2/2016 up to date
    • Domain Joined for SSO
    • Internet Explorer Enhanced Security is off.
  • Internet Explorer Enhanced Security is off
  • Server needs an HTTP/HTTPS connection to the applications that you are publishing.
  • Need internet Access
  • SSL inspection is disabled
  • Azure Connector will be downloaded to the server from Azure Portal
  • For internet Proxy
    • bypass on-premises outbound proxies.
  • use an outbound proxy to access Azure AD Application Proxy.
  • Connector Group: (publish applications on separate networks and locations.)
    • Default
  • additional settings.
    • Backend Application Timeout (Default)
      • If Long: application is slow to authenticate and connect.
    • Translate URLs in Headers (Default Yes)
      • If NO: app required the original host header in the authentication request.
    • Translate URLs in Application Body (Default: No)
      • Yes: hardcoded HTML links to other on-premises applications, and don’t use custom domains.

Design Summary:

  • One Azure application proxy connector server will be deployed in Main Site
  • One Azure Application proxy connector will be deployed in DR site with one connector group
Advertisements