Call a Specialist Today! 800-886-5369

Application Access Management (AAM): Authentication Offload Solution

The Need for Edge Authentication

Organizations typically run many Web and business applications—often including Oracle, SAP, and Exchange—according to their business needs. In many cases, these organizations must provide endusers and employees access to these applications over the Internet. This brings up a potential security concern for IT teams. Stringent network design and enhanced security policies are needed to provide secure access to these assets over the Internet.

Enterprises use authentication to protect network resources from unauthorized access. Authentication is used to determine whether access should be granted to each individual end-user. Sample use cases include:

AAM Deployment 01

A10's Application Access Management (AAM) solution, available on the A10 Thunder Series and AX Series ADCs, is a set of services for optimizing and enforcing Authentication and Authorization for client-server traffic

Figure 1 shows how the AAM solution can be seamlessly integrated into your existing application infrastructure. The AAM provides enhanced protection and server efficiency by o oading authentication processing from AAA servers.

Authentication Offloa

Authentication processing adds overhead, and when multiple servers are involved, management complexity also increases. Authentication servers also can be vulnerable to attacks.

With A10's AAM solution, the A10 device acts as an edge authentication point for web services. A10 customers can o oad the burden of authentication processing to the A10 device, thereby increasing server e ciency and adding an extra layer of protection for web servers. AAM also o ers Online Certi cate Status Protocol (OCSP), which enables seamless sign-on for BYOD and similar devices using certificate based authentication.

The AAM solution provides centralized management of authentication for web servers. For example, an IT team can use AAM to require authentication to a previously internal-only wiki or Web site when accessed by external users. AAM serves as central authentication point for the external users. AAM eliminates the need to maintain separate authentication points on each Web server.

Optimization and Enhanced Security

Managing multiple authentication points for various application servers can be a daunting task and increases network complexity. Setting up a client authentication scheme for each application may require costly and time consuming custom development work. AAM provides centralized access policy management. Consolidation of multiple authentication points reduces interoperability and integration issues. The A10 device adds an extra layer of security by providing pre-authentication functionality for business-critical Web server applications (such as Oracle Financials). Pre-authentication enables secure access to internal systems without the need to change multiple con gurations in the existing infrastructure.

AAM also offers a Kerberos Single Sign-On (SSO) security solution that allows non-Kerberos end-users to access services protected by your Kerberos realm, with a single login. End-users do not need to log in again for subsequent requests until the session expires.

Basic HTTP Authentication

Basic HTTP authentication uses a simple HTTP request to challenge clients for their access credentials (typically, username and password). In detail:

Online Certificate Status Protocol (OCSP)

OCSP allows the A10 device to determine the revocation state of a submitted client certificate.

If the status is "good", the client is permitted to access the resources configured on the server.

Sample Deployment

This diagram shows some of the available options when deploying AAM.

AAM Deployment 02 AAM Deployment 03


AAM offers a flexible choice of authentication schemes, seamless integration of authentication services, and enhanced security. A10 requires no licensing for AAM on A10 Thunder and AX Series ADCs, offering an exceptional value.