The use of a reverse proxy server for enabling remote access

External users (ie, users who are outside the firewall of the organization) log into Office Communicator Web Access (2007 R2 release) by pointing their Web browsers to a virtual server created especially for them. It is possible for external users direct access to Office Communicator Web Access server. However, this is not recommended for security reasons. However, it is strongly recommended that external users first go through a reverse proxy server.

A reverse proxy server is a computer that runs a proxy server such as Microsoft Internet Security and Acceleration Server (ISA). The reverse proxy server is located inside the perimeter network (also known as demilitarized zone, or DMZ), a network between the internal network and the Internet business. When an external user tries to connect to a virtual server Office Communicator Web Access, DNS (Domain Name System) automatically directs the request to the reverse proxy server. The reverse proxy server then forwards the service request to the Office Communicator Web Access server. The process is completely transparent to end users. In their case, the reverse proxy server is a server Office Communicator Web Access.

Using a single point of access allows administrators to determine who can and can not connect to your servers, but also to control the content that users can access. By "masking" the server name using reverse proxy, you can also change the hardware or the host names without affecting your customers. Users continue to access the same URL, regardless of the computer behind the proxy server.

Office Communicator Web Access is compatible with most reverse proxy servers available on the market. In other words, you can use virtually any software reverse proxy, with one exception. If you have opted for SSO, you must use Microsoft Internet Security and Acceleration (ISA) Server 2006 with SSO (Single Sign On) enabled on the Web listener.

Whatever the reverse proxy server used, it is recommended that the server is a member of the working group and not a domain member approved internally. This provides an additional level of security. If the integrity of the reverse proxy server is compromised, the attacker will only have access to the server and not the internal network.

For performance reasons, it is recommended to install any other software on the reverse proxy. However, the computer that acts as a reverse proxy server for Communicator Web Access can also be used as a reverse proxy server for other applications (eg, Outlook Web Access).

Insofar as the configuration differs depending reverse proxy servers, this document does not address in detail the procedure for installing a reverse proxy server. For more information, see the documentation for your The New Daily Proxies.