APM :: Access to Resources w/No Webtop or Network Access
Stupid question (humor me please). Is it possible to create an access policy that allows access to resource(s), but without accessing them through a webtop or through a Network Access VPN?
As an example, the user has a mobile device with custom applications on it. The user accesses a URL (abstracted from them within the app) which points to the F5 APM. The APM fires-off an iRule which connects to our MDM via its API to validate that the phone's UUID is valid, the phone has recently checked in, and as far as the MDM is concerned, the phone is in compliance. Once that decision tree is passed, the F5 pulls the local client certificate, validates that it is signed by our internal CA (and is not revoked), and then allows the connection inbound.
I can do all of the above already - so I know that part works...
... but how can I then provide access to resources without a webtop or through Network Access VPN? I don't know if that is even possible, but my guess would be I would have to allow access to a resource based on URI at that point, and have some level of rewriting to get the request to the server it needs to go. Is there something built-in for this? Or am I looking at another custom iRule?
The reason for this is that I do not want to have the user presented a webtop, or have the phone connected to the network. I want it completely abstracted so that when they fire-up X custom app (written in house), that it's calls to the back-end web server(s) is completely abstracted from them and it is authenticated by APM in the process.
I may just be out of my mind... but it happens.