Symantec Access Management

  • 1.  SPS - webservices VirtualHost

    Broadcom Employee
    Posted Mar 22, 2016 10:36 AM

    In my case, I have a Virtualhost(login.example.com) already which is up and running in Production. I have a requirement to enable Authn/Authz webservices in the same SPS instance with the same VIP (login.example.com). But I was forced to use a new VH(wslogin.example.com) while enabling the webservices.

     

    Is this mandatory to have a dedicated VirtualHost for webservice ? Can't I use an existing VH(login.example.com) for my webservice which was configured already ?



  • 2.  Re: SPS - webservices VirtualHost
    Best Answer

    Posted Mar 22, 2016 11:48 AM

    I think it is correct from a Security Standpoint to have a different end point for WebService Calls and regular HTTP requests. From the Secure Proxy Perspective, it is primarily a proxy. Hence the default VHs would serve only proxy functions. Combining the WS Calls in the same VH would create a lot of interference and possible performance issues within the single VH.

     

    From a functional standpoint, As long as different VHs share the same cookie domain, SMSession is passed to different VHs. Hence I think this is more cleaner and segregated role functions for each VH. Infact you’d see customers want clear segregation of traffic. Check the new SPS ERs that have been raised.

     

    I do agree from a deployment & operational maintenance perspective this is tad difficult, however the wider benefit of segregation of traffic does weigh-in heavily. Hence the design of running AuthAzWS on a VH of its own.

     

    Regards

     

    Hubert



  • 3.  Re: SPS - webservices VirtualHost

    Broadcom Employee
    Posted Mar 22, 2016 11:51 AM

    Thank You Hubert, it helps.

     

    Regards