Protecting Microsoft Applications with LoadMaster

Providing seamless, secure access to web applications for users is vital for many organizations. With more and more users accessing business applications via the web and from mobile devices, the expectation is that applications will be available for use from anywhere in the world and at any time.

When applications delivered via the web are built on the Microsoft technology stack, there will be a need to provide security and reverse proxy functionality to protect, deliver, and authenticate users accessing the applications. In the past, a common way to provide this functionality was to use Microsoft’s Threat Management Gateway (TMG). But TMG is now at the end of its life, with extended support ending on the 14th of April 2020.

Kemp LoadMaster installed with the Kemp Edge Security Pack (ESP) delivers a supported solution to replace TMG.  Installing Edge Security Pack on the same LoadMaster infrastructure that is already powering your user application experience means there are no other servers to deploy, and importantly, reduces the attack surface that cybercriminals can target. 

Security Challenges 

In addition to providing reverse proxy services for applications such as SharePoint and Exchange, LoadMaster with Edge Security Pack also delivers solutions to these application security challenges previously addressed by TMG: 

  • High Availability – using LoadMaster, an industry-leading application load balancer, delivers a premium application experience for users and clients. 
  • Pre-Authorization – checking with an authentication source (usually Microsoft Active Directory) if the user making a request has the access rights before passing the request on to the application servers with authorization already completed. 
  • Single Sign-On – linked with pre-authorization, once authorization is done single sign-on to multiple applications can be delivered for applications using the same login system such as Active Directory or another LDAP solution. 
  • Multi-Factor authorization – linked with pre-authorization, once authorization is done single sign-on to multiple applications can be delivered for applications using the same login system such as Active Directory or another LDAP solution. 
  • Activity Reporting – logging all access sessions and providing reports. 

How Edge Security Pack Helps 

Kemp LoadMaster with Edge Security Pack delivers direct, but more secure and function rich, replacements for all the TMG features outlined above. LoadMaster is the perfect fit for any organizations looking to replace TMG, plus the extra features that LoadMaster offers are available for no additional cost. Deploying LoadMaster with Edge Security Pack also opens the use of Kemp’s Web Application Firewall (WAF) solution. Like Edge Security Pack, the WAF option installs on existing LoadMaster infrastructure, so it’s simple to adopt. Relevant features of LoadMaster with Edge Security Pack and WAF are listed below: 

  • Reverse proxy functionality for Microsoft (and other) applications 
  • Industry-leading load balancing based on multiple algorithms 
  • User pre-authentication and policy enforcement based on Active Directory 
  • Single sign-on support 
  • Dual factor authentication support 
  • Comprehensive user activity monitoring and reporting 
  • Layer 7 application & packet contents-based load balancing 
  • Layer 4 transport layer-based load balancing 
  • TLS inspection 
  • TLS offloading 
  • Server health monitoring 
  • Real-time network monitoring 
  • WAN acceleration 
  • SNORT-based intrusion prevention 
  • Protection against the OWASP Top 10 vulnerabilities and more 
  • Outbound data loss prevention (DLP) 
  • Daily WAF rule updates from Trustwave to protect against emerging threats 
  • Custom rules based on each organization’s applications and needs  
  • Comprehensive access logging and reporting with integration into log analysis tools such as Splunk. 
  • Full LoadMaster with Edge Security Pack and WAF security features are listed at kemp.ax 

It should be noted that when LoadMaster is deployed with Kemp Metered Licensing, then as many virtual (or physical!) server instances running LoadMaster as required can be spun up. There is no additional charge for server licenses under Metered Licensing. So, LoadMaster instances running different functions such as load balancing, Edge Security Pack, and WAF can be separated or combined for various applications in any combinations needed to meet requirements.  

Conclusion 

Kemp LoadMaster with Edge Security Pack is the ideal TMG replacement for any organization that delivers web-based applications using the Microsoft technology stack, or applications built on other enterprise software stacks. Include Kemp WAF for a comprehensive, industry-leading application experience platform that will meet your needs today, while also growing as needs change over time. 

Alan O'Grady
Alan O'Grady

Alan O’Grady is an Ireland based Product Marketing Marketer working at Kemp. He has lived and worked in Europe, Asia and USA. Alan is customer focused, with data network and mobile experience gained at smaller managed service providers and larger telecoms operators such as Deutsche Telekom and Singtel.