Azure Application Proxy

Ignition
1

I need to make Perspective accessable on the internet and am thinking of setting it up through Microsofts Azure Application Proxy as described here:

The benefits of the Application proxy are:

  1. Increased security over just exposing an ignition port directly.
  2. I can expose just one project on the gateway without any of the other project accessable, by mapping only the project url: https://mysite.com:8043/data/perspective/client/myproject/

The Application Proxy is essentially a reverse proxy with a few more features.
The project is already configured with ssl and an identity provider.
I currently use a VPN but this change is to make it more accessable to many of the mobile users.

I’m looking for advice on:

  1. Will this work?
  2. Is this a valid and secure solution?
  3. Has anyone done this before and what are the pitfalls?

Any advice appreciated.

2

Looking to use this myself. Although I have not attempted to make it work just yet, I am fairly confident it would.
I found this video below illustrates the user management side of things really well:

If you have any success I would like to hear.

3

Thanks neill. I’m going to give it a go in a week or two. I’ll let you know how it goes.

4

How’d it go? Interested about doing this in the future. Currently going the VPN route.

5

I never got it working as it relies on the IT dept. and they are understaffed and have too many projects of their own to help. I still want to do this, but it’ll have to wait for the moment.

6

I successfully got Ignition Perspective working via the Azure App Proxy. We have tested via the Android Mobile app.
The key was I had to toggle the authentication option to pass-thru.

7

Hi!
I am trying this as well but in ios.
Is the pass-thru in Ignition or in Azure?
/Erik

8

Although toggling the authentication option to pass-thru worked, it actually opens this application up to the world. I DO NOT RECOMMEND THIS SETTING. We have reverted back to Azure Active Directory Pre Authentication which adds the layer of Security required for us to expose this MES to the Internet allowing Mobile Devices to use the App have not been able to get this to work.