locked
Web Access Deployment RRS feed

  • Question

  • Do I need a proxy server for client web access? Thanks.

    Tuesday, July 15, 2008 3:09 PM

Answers

  • I assume you are refering to a reverse proxy (Such as ISA) as required by the Edge Server? This is not required for CWA. However if you want to take advantage of features such as SSO you will need to deploy ISA Server. The use of ISA also makes CWA more secure because you can use secure publishing opposed to just opening port 443 from the internet to your CWA server on the LAN. For full details see the CWA Plan and deploy guide located here:

     

    http://www.microsoft.com/downloads/details.aspx?FamilyID=62d61142-8ac1-4e56-afa9-e99801b703f6&DisplayLang=en

     

     

     

     

     

    Tuesday, July 15, 2008 6:43 PM
  • You only need one certificate for CWA

    make sure that you publish the CWA via the ISA Server then you only need one name in the certificate

    You can import the certificate into IIS and use the same certificate for MTLS

    Just make sure that your certificate has the correct name in the common name and or SAN list : the FQDN of your CWA Server

     

     

    Tuesday, July 15, 2008 11:09 PM

All replies

  •  

    The web client is just a web based client. You don't necessarily need a proxy for cwa itself. Can you provide more details on your deployment scenario? Are you wanting to expose CWA externally? or provide access inside your firewall?

    Tuesday, July 15, 2008 6:00 PM
  • Yes, I want to deploy CWA externally. I already have an OCS deployed on my network and I am about to install the web component on another server.

    Tuesday, July 15, 2008 6:04 PM
  • I assume you are refering to a reverse proxy (Such as ISA) as required by the Edge Server? This is not required for CWA. However if you want to take advantage of features such as SSO you will need to deploy ISA Server. The use of ISA also makes CWA more secure because you can use secure publishing opposed to just opening port 443 from the internet to your CWA server on the LAN. For full details see the CWA Plan and deploy guide located here:

     

    http://www.microsoft.com/downloads/details.aspx?FamilyID=62d61142-8ac1-4e56-afa9-e99801b703f6&DisplayLang=en

     

     

     

     

     

    Tuesday, July 15, 2008 6:43 PM
  • I have downloaded and am currently reading the deployment guide. Yes, I was referring to the reverse proxy for ISA. Thanks for answering my question. Now I am off to figure out how to deploy the MTLS and HTTPS certificates for CWA.

    Tuesday, July 15, 2008 6:56 PM
  • You only need one certificate for CWA

    make sure that you publish the CWA via the ISA Server then you only need one name in the certificate

    You can import the certificate into IIS and use the same certificate for MTLS

    Just make sure that your certificate has the correct name in the common name and or SAN list : the FQDN of your CWA Server

     

     

    Tuesday, July 15, 2008 11:09 PM