- What is EAA — Overview & Purpose
- EAA Architecture & Components
- Key Features
- Supported Application Types & Use Cases
- Getting Started — Initial Setup
- Managing Applications, Identity & Access
- Client Access, EAA Client & Device Posture
- Connectors — Deployment & Configuration
- Security & Zero Trust
- Audit, Logging, Monitoring & SIEM
- Administration & Maintenance
- REST API, CLI & Automation
Enterprise Application Access (EAA) is a Zero Trust Network Access (ZTNA) solution that provides secure, identity-based, application-specific access to internal enterprise applications without VPNs or network exposure.
- Eliminates traditional VPN attack surface
- Prevents lateral movement inside the network
- Gives application-only access instead of network tunnels
- Integrates with enterprise identity providers
- Enforces device posture before granting access
- Works smoothly for hybrid/remote workforce
EAA follows Zero Trust:
Never Trust, Always Verify.
EAA has three primary architectural units:
Handles user traffic securely and efficiently between users → EAA Cloud → Enterprise Connector → Application.
Where admins configure:
- Applications
- Directories
- Identity providers (IdPs)
- Access policies
- Device posture rules
- Connector management
A secure outbound-only appliance/VM/container that connects internal applications to EAA Cloud without opening inbound firewall ports.
- Outbound TLS (443) only
- No inbound firewall rules
- No direct exposure of internal apps
- Highly available using connector pools
Access via browser without VPN.
For RDP, SSH, VNC, legacy TCP/UDP, thick clients.
EAA can act as IdP for:
- Office 365
- Salesforce
- ServiceNow
- Atlassian Suite
- GitHub …and more.
Validate:
- OS version
- Firewall status
- Antivirus status
- Disk encryption
- Patch compliance
- Security products
Conditions based on:
- Identity
- Groups
- Device posture
- Time windows
- Geo/location
- Risk score
Complete access/usage logs.
Easily add connectors, applications, and user groups.
- Web/HTTP(S)
- SaaS via SAML
- Remote protocols: RDP, SSH, VNC
- Custom TCP/UDP
- Thick client apps
- Bookmark apps (URL shortcuts)
- Secure remote workforce access
- Contractor/third-party isolated access
- Replacement for traditional VPNs
- Secure legacy private apps
- Zero Trust transformation initiatives
- Secure access to cloud workloads
- Akamai Control Center admin access
- Deployment plan for at least one Connector
- Identity provider (IdP) available to integrate
- Cloud Directory
- Active Directory
- LDAP
- AD-LDS
- Azure AD / Okta / Ping (via SAML)
- Add directory
- Define attribute mappings
- Synchronize users/groups
- Configure access roles
- Enable MFA (optional but recommended)
- VMware ESXi
- Hyper-V
- KVM / OpenStack
- AWS EC2
- Azure VM
- GCP
- Docker container
- Outbound HTTPS (port 443)
- Static or DHCP IP
- DNS reachable
- Define internal hostname
- Assign connector
- Configure TLS (optional)
- Create access policy
- Deploy
- Configure SAML metadata
- Upload certificates
- Map attributes
- Test SSO flow
- Create Client Access Application
- Map internal port/hostname
- Publish via EAA Client
Access rules can include conditions such as:
- User / Group
- Device posture profile
- Geo-location
- Time of day
- MFA requirement
- Risk score
EAA supports logical AND/OR policy chaining for fine-grained control.
Users log in through browser portal.
Users install EAA Client:
- Windows
- macOS
- Linux
Client creates a secure tunnel for TCP/UDP apps.
- App definitions
- URL rewriting
- Header injection
- Load balancing
- Path mapping
- Internal host routing
- TLS certificates
- Health status
- Deployment versions & rollback
- Multiple IdPs supported
- Flexible attribute mapping
- Directory overlays
- Role-based administrative access
- Policy-based group assignment
- Intercepts DNS requests to protected app
- Creates loopback mapping
- Routes traffic through secure tunnel
- Supports TCP/UDP legacy apps
- Antivirus installed?
- Firewall active?
- OS version minimum?
- Disk encryption?
- USB blocked?
- Custom scripts for posture?
Access is allowed only if posture meets policy.
- Resolve internal hostnames
- Route traffic to app servers
- Encrypt outbound flow
- Load balance between multiple connectors
- Connector pools
- Automatic failover
- Pool-based assignment
- Deploy minimum two connectors per location
- Separate web and client access connectors if needed
- Enable monitoring via portal
EAA implements Zero Trust in four layers:
- Identity verification
- Device posture verification
- Context verification (location, time, risk)
- Application-specific least-privilege access
- Apps hidden from internet
- No inbound firewall ports
- No lateral movement
- No network-level access
- Reduced credential misuse risk
- Strong compliance & audit trails
- Access logs
- Admin logs
- Connector logs
- Authentication logs
- Device posture logs
- Application event logs
Export logs via API to:
- Splunk
- QRadar
- Azure Sentinel
- Elastic
- ArcSight
- Chronicle
- Update connectors
- Rotate certificates
- Monitor health
- Review audit logs
- Manage user access
- Tune policies
- Enable MFA or strengthen posture rules
- Export configuration
- Maintain version history
- Rollback to safe version
EAA supports:
To automate:
- App creation
- Policy updates
- Directory sync
- Connector monitoring
- Manage apps
- Pull logs
- Automate deployments
Can integrate with:
- Terraform
- Ansible
- CI/CD pipelines