Friday, May 28, 2010

IIS 7 as a reverse proxy for OCS 2007 R2 Edge Services

I've been working on getting Edge Services setup in our OCS 2007 R2 environment.  I am using the single consolidated edge setup.

Initially the reverse proxy requirement was kind of a head-scratcher.  Most of Microsoft's documentation talks about using ISA (now rebranded to Threat Managment Gateway (TMG)) as the reverse proxy solution.  Since we don't currently have a ISA server, and I didn't really have any money to spend, I decided to try and get IIS 7 to work as a reverse proxy.

I first noticed that IIS 7 can act as a reverse proxy when I was working on some URL Rewriting.  I came accross this blog and number 7 caugh my attention.

Here's what I did to get IIS 7 to act as a reverse proxy for OCS 2007 R2 Edge Services:
  • Provisioned a Windows 2008 R2 server in DMZ (same as network as the consolidated edge server)
  • Added the IIS role
  • Installed the Application Request Routing module for IIS 7
  • Created a site in IIS for
  • Created a certificate for the site
  • Applied the certificate to the IIS site that I created for
  • Checked Enable Proxy under the Application Request Routing settings at the server level
    • Left all other settings on application request routing default
  • Added the URL Rewrite rule to the web.config of the site

                     https://ocs2007r2pool.internal.dom/{R:1}" />





IIS will then proxy http requests coming from to ocs2007r2pool.internal.dom which is the FQDN of our internal enterprise pool.

I hope others will find this useful.