Thinking about best approaches for securing remote access (think road warriors) to SAP via the legacy thick "SAPGUI" client (let's assume the web client only isn't an option).
Ideally, I'd like the server components to stay isolated and SAPGUI packets can only reach it after the underlying client has gone through an initial round of authentication (including MFA), posture checking, etc. Sessions remembered for some period of time thereafter for convenience.
Today we can achieve the above with VPN (Pulse Secure), but one has to fire up a client manually first. This can continue to work, obviously, but I'd love to get to a more seamless approach, perhaps via a sort of transparent lite-client that is triggered with SAPGUI tries to make its initial connection.
Is something like Pulse Secure's SDP capable of doing this? Akamai EAA? What else should I be looking at? Our SAP environment sits in Azure so am thinking the access gateway could sit there...
I anticipate other workloads like this in the future and would appreciate a solution with some flexibility.
TIA
No comments:
Post a Comment