Reverse Proxy Deployment
Enhance the security of your deployment by leveraging a reverse proxy that authenticates SOTI ONE application requests destined for the SOTI Cloud Link Agent.
In this topology, the SOTI ONE application is configured to communicate with the reverse proxy as if it were the SOTI Cloud Link Agent. The reverse proxy provides validation of the client certificate presented by the SOTI ONE application in the request and then publishes the request along with an authentication token to the SOTI Cloud Link Agent. The SOTI Cloud Link Agent verifies the authentication token and then returns the requested information to the SOTI ONE application.
The following diagram illustrates SOTI Cloud Link Agent communication through a Reverse Proxy and outlines the authentication flow of this topology.
Network Requirements
Review the communication requirements between:
- The SOTI ONE application and the reverse proxy
- The reverse proxy and the SOTI Cloud Link Agent
- The SOTI Cloud Link Agent and enterprise services available to the SOTI ONE application
Bold text indicates required communication.
Protocol | Source | Port | Destination | Port |
---|---|---|---|---|
HTTPs | SOTI ONE application | 443 | Reverse Proxy | 443 |
HTTPs | Reverse Proxy | 443 | SOTI Cloud Link Agent Host | 443 |
LDAPs | SOTI Cloud Link Agent Host | 636 | AD | 636 |
HTTPs | SOTI Cloud Link Agent Host | 443 | ADCS | 443 |