When securing a service here at the Church, there are two basic approaches depending on your application requirements. You can utilize User based authentication via WAM, or perform authentication using an Application account via LDAP. If the service you are hitting needs user specific information in order to determine correct authorization then you should use User based authentication. However, if the services can be generally exposed to another application, you can access them using an Application account. Regardless of the approach, the request should go out through the F5s in order to take advantage of any load balancing, and then come back into the service requested. Also, the request will be sent via SSL and then terminated on the back-end before reaching the requested service.