This deployment guide intends to provide alternatives to the Portal Access feature.¶
BIG-IP APM version 15.1 or later is expected to follow the instructions provided below.
As BIG-IP APM’s Portal Access was designed to allow access from the internet to application created to operate within a company’s intranet, there are several limitations to that feature which may require using a different approach as modern web applications become more complex and are increasingly designed to be published externally.
Please refer to BIG-IP APM Compatibility matrix for further details: https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-clientcompatmatrix-15-1-0.html
Portal Access fully rewrites internal web applications (HTML, Javascript, CSS) and presents them as a mangled path originating from a single Virtual Server (ex: “https://bigip-apm.company.com/f5-w-XXXXXX/application/index.html”).
While this approach has its limits, it also provides the following practical advantages:
All back-end web applications share the same SSL certificate attached to a single Portal Access Virtual Server.
No new DNS entries to register.
Web applications that encompass multiple hosts or servers are still transparently rewritten and published.
In this document, it is assumed that the back-end web application is a modern application, designed to be externally published (ie: it is either self-contained with only relative links or it possess a mechanism to correctly render its links to the correct front-end hostname).
Additionally, in this alternative application deployment method, a dedicated DNS entry and SSL certificate matching that DNS entry will be required as the application will reside in its own FQDN from the client browser’s perspective (Noted “<client-side-fqdn>” later in this document).