Web Application Centralizing Proxy

Summary

Protecting people and the environment is the focus of this client’s daily operations. One of their software systems consists of a suite of legacy enterprise applications that support key functions in pipeline risk management. To better serve stakeholders, the client decided to move the entire suite of twelve applications behind an application proxy. CSNW was tasked with architecting and implementing the proxy as well as updating and extending the legacy applications to work in the new environment. This helped bring the system up to modern industry best practices and paved the way for it to more efficiently comply with future IT policy directives.

Goal

To meet their own rigorous standards of service delivery to stakeholders, our client specified an aggressive ninety-day timeline for this project. Synergistically, another goal was to avoid any user-impacting changes, specifically in the area of authentication. These enterprise applications are in daily use across the country by hundreds of employees tasked with a mission that is essential to the daily lives of Americans; the transition could not disrupt their work. Finally, all security measures needed to remain fully functional for proxied data.

Work Performed

There were three categories of technical work in this project: (1) Architecting and building the application proxy, (2) upgrading and extending each of the applications, as needed, to enable them to function properly behind the proxy, and (3) planning, testing, and scheduling a cut-over process and implementing the cut-over.

Per our standard practice of utilizing existing technology when possible, the proxy architecture was based on an existing module currently used by one of the suite’s applications. This module had been extensively tested and had already passed security assessments and evaluations. Re-using it as the core of the proxy minimized the risk of introducing new vulnerabilities and decreased the total effort required, which served the compressed timeline. To set the stage for no user-impact, we catalogued an extensive test suite of URLs, enabling accurate pre- and post-migration tests.

Our client’s critical safety mission was highly motivating during the next stages, particularly given the timeline. To accommodate it, we analyzed each of the twelve enterprise applications and then split them into two groups, which allowed two teams to work on them in parallel. We selected cut-over dates for each application based on traffic expectations, scheduling each one for periods of minimal impact for stakeholders. After incremental testing and infrastructure review, CSNW successfully deployed the proxy and updated the suite of applications.

Results

Outcomes include:

1. The system realized reduced security vulnerability and threat exposure, which additionally saves the client infrastructure hosting costs over time.
2. Future system improvements and integration with the client’s other systems are both enabled with the incorporation of a configurable proxy architecture.
3. Malicious file and path filtering is improved.
4. A consolidated source for reviewing server log files was provided.
5. Options for orderly migration as applications reach end-of-life are greatly enhanced with the new front-end proxy architecture.