What capability should be recommended to access an unauthenticated co-premise web app from within Salesforce?

The capability that should be recommended to access an unauthenticated co-premise web app from within Salesforce is the Custom Web Tab. Custom Web Tabs allow you to embed external web applications directly within Salesforce. By using a Custom Web Tab, users can access different web applications or resources without needing to authenticate again, which is particularly beneficial for co-premise applications that do not require user credentials.

This method provides a seamless integration experience, allowing users to work within Salesforce while directly interacting with the external application. Since the co-premise web app is unauthenticated, there isn’t a need for complex authentication flows, making Custom Web Tabs an ideal choice in this scenario.

Other methods, such as Apex callouts and Lightning Connect, involve more complex integration patterns that typically require additional setup, such as handling authentication or using additional APIs, making them less suitable for accessing unauthenticated applications directly. Visualforce pages could display external sites, but they are meant for building user interfaces and do not provide the same straightforward access as a Custom Web Tab in this context.