We are setting up the relay of Browser ==> IISProxy ==> Web Dispatcher ==> Cluster. We plan to use Windows Integrated Authentication and terminate the SSL connection at the IIS. We are wondering how smoothly this will go as we have read differences in the order between IISProxy and WebDispatcher (in these forums) and have found nothing on the combination with SSL. I assume that the IISProxy will encrypt, authenticate, provide the cookie and then forward the request to the Web Dispatcher for further routing to the cluster.
Needless to say, has anyone done this successfully? Can anyone provide information, warnings, caveats, etc... so that we can decide to use the Web Dispatcher or another software-based NLB solution. We understand the technical benefits - especially in an SAP shop, but if there are richer features for authentication in latter releases we may consider putting it on hold and going with a known solution.
We have seen some appliances that can perform the SSL termination, 3rd party authentication, etc, etc,... are there any plans for the Web Dispatcher to be able to perform the authentication with windows (NTLM or Kerberos)?
All of the other features are grat and a breeze to work with however authentication on the MS domain is a must here and it may be the missing functionality.
Thanks and kind regards,
currently there is no plan to enhance web dispatcher into that direction. Instead we started to work together with network technology providers to offer the funtcionality of web dispatcher together with additional security and authentication stuff.
network is not our business, so there are no plans to boldly go into that direction. Because of that such combinations like authentication with wd are sometimes hard to do.
If you want a tip for the future I'd say, what you will see is boxes that have everything in there and two plugs for the internet and the sap network -everything else (firewalls, authentication, load balancing with automatic recognition of the sap cluster) would be in the box.