Non-Browser Service Publishing

There are some components available in your network that are specifically used for management and monitoring purposes that allows the collection of system data in a large organization such as system health, system inventory and system specification etc. A good example of this is Microsoft’s System Center Configuration Manager (SCCM). Those type of applications are not entirely web-based applications but it is running with some additional standalone components. These type of applications are not web applications that are used to publish as a web applica-tion in TAC. TAC provides specific publishing templates – Services (non-web browser) under web application category to publish such applications in a few clicks; you do not need to go through complex configuration.

As an example of publishing, this section will take you through publishing System Center Con-figuration Manager (SCCM). Microsoft System Center Configuration Manager (SCCM) is a Windows product that enables administrators to manage the deployment and security of devic-es and applications across an enterprise. SCCM is part of the Microsoft System Center systems management suite. SCCM integrated console enables management of remote control, patch management, software distribution, operating system deployment, network access protection and hardware and software inventory.

Before publishing client-service type applications, we recommended creating a new site with certificate-based authentication added to check client certificate and SSL certificate bridging to backend SCCM server as a best practice.

To publish SCCM, do the following:

1) In the TAC Configuration Manager, go to the Site and click Add under Applications.

2) In the add application wizard, select Service (non-browser) under Web category.

Image

3) Click Next.

4) Provide a name for the application and enter application type.

5) Click Next.

6) Select Server-type. Single application server or farm of application servers.

7) Click Next

8) Define the internal application server properties.

  • Address: Define the application server IP Address or the FQDN 
  • Port: Port number 
  • Check Use HTTPS (SSL) if you want to secure the connection from TAC gateway to backend server 
  • Public host name: Public host name that end users will use to connect to the application from the internet 
  • Select Custom Host Header if you need to pass Internal Host name of website as the HOST header to the web server and not public host name. When you publish an application in TAC using own host name template and other templates that internally are own host name template, by default, TAC passes public host name of the application as the HOST header when making request to backend web server. If you have multiple web applications bound to the same IP:Port, sometimes the backend web server won’t be able to map website using public host name. In that case, it needs to distinguish websites on the web server and Custom Host Header settings in TAC, replacing the public host header with the site’s own Host header value to map the request to the correct website on a backend web server. 

9) Click Next. 

10) Select authentication server for the application if the application uses Single Sign on (SSO).   

  1. Click Add under Single Sign On (SSO).  

Image 


This will open Authentication and Authorization window. 


  1. Select the Authentication Server from the configured servers. 
  1. Click Select. 


11) Select Pre-authentication type. 


12) Click Next.  


13) Under the security window, select Authorize All Users to authenticate all users.  

 

Note:  If you select the Authorize All Users checkbox, it will provide access to all valid users except users that have Deny Attribute set on Users and Device Management console. Please see Users and Device Management for more details. 


Image 

14) Under Security window, you can select the access policies that are defined for your infrastructure. You may use predefined access policy templates or you can define your own custom access policies. Before you define any access policies for an application, you have to create the policies. See Access Policy for more details.  


15) Click Next. 


16) Click Finish to complete the add application wizard.  


After publishing SCCM in the new site, make sure to make the service application as the default application in the portal. 


 Image