Path-Based Multi-Homing - Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual

Set up the back-end Web servers.
Create three proxy services for these published DNS names.
To create a domain-based multi-homing proxy service, see
Proxy Service," on page

6.2.2 Path-Based Multi-Homing

Path-based multi-homing uses the same DNS name for all resources, but each resource or resource
group must have a unique path appended to the DNS name. For example, if the DNS name is
, you would append
test.com
, the Access Gateway resolves the URL to the sales resource group.
www.test.com/sales
4 illustrates this type of configuration.
Using a Domain Name with Path Elements
Figure 6-4
Access Gateway
DNS Names:
www.test.com
www.test.com/sales
www.test.com/apps
IP Address:
10.10.195.90:80
Path-based multi-homing has the following characteristics:
It is considered to be more secure than domain-based multi-homing, because some security
experts consider wildcard certificates less secure than a certificate with a specific hostname.
Each resource or group of resources must have a unique starting path.
JavaScript applications might not work as designed if they obscure the URL path. The Access
Gateway needs access to the URL path, and if it is obscured, the path cannot be resolved to the
correct back-end resource.
The protected resources for each path-based child come from the parent proxy service.
189, and select domain-based for the multi-homing type.
to . When the user enters the URL of
/sales test.com
Firewall
Section 6.2.4, "Creating a Second
1 2 3
test1.internal.com
test2.internal.com
test3.internal.com
4 5
sales4.internal.com
sales5.internal.com
6 7 8
apps6.internal.com
apps7.internal.com
apps8.internal.com
Protecting Multiple Resources 185
Figure 6-