Article 10063: Deploying
TASKE Web Applications behind a Microsoft Internet Security & Acceleration
(ISA) Server 2000
| Products: |
TASKE Contact
version 8.5 |
|
TASKE Reporter
version 8.5 |
|
TASKE Essential
version 1.0 |
| Applications: |
All web applications |
| Telephone
systems: |
All |
Summary
This article explains how to deploy TASKE web applications with
Microsoft®
Internet Security & Acceleration Server (ISA) 2000 firewall
technology. The necessary tasks for completing this deployment
are:
Note: this article does not attempt to document Microsoft
products, but acts as a guide for deploying TASKE web applications
behind
the Microsoft Internet Security & Acceleration Server 2000.
For detailed instructions refer to the Microsoft
online documentation for the ISA server or
the Microsoft
Windows 2000 Server online documentation for DNS on
the Microsoft web site. Additional links throughout this document
display specific
topics in the ISA Server or Windows 2000 Server online documentation
that provide detailed instructions on the current task.
Also included in this article are:
Requirements
-
Microsoft Internet Security & Acceleration Server (ISA
Server) installed on the computer acting as the firewall
-
the domain name system (DNS) service running on a computer
within the network
-
an external DNS source
-
the IP address or computer name of the TASKE web server computer
System Architecture for Deploying TASKE Web Applications behind
an ISA Server
The following diagram illustrates the system architecture for
deploying TASKE web applications behind an ISA Server.
Configuring DNS Entries
Both external and internal DNS entries are required for TASKE
web applications.
For external web clients, the external DNS entry allows
the
URL for the TASKE web application to resolve to the external IP
address on the ISA server. For internal web clients, the Internal
DNS entry allows the URL for the TASKE web application
to resolve to the IP address of the TASKE web server computer.
Choosing the DNS Name
The DNS name is the URL to the TASKE web application,
such as site.yourdomain.com, and is included in the host
record for both the internal and external DNS entries. When the
DNS name is used
to
browse to a TASKE web application, the DNS entry recognizes the
name and resolves this name to the appropriate IP address.
Setting Up the External and Internal DNS Entries
The business itself may be hosting the external DNS server or
it may be an independent service provider (ISP). In either case,
the
external DNS server must have a host record that resolves the
DNS name for the TASKE web application (site.yourdomain.com)
to the IP address on the external network interface card
(NIC) of the ISA server.
Similarly, the internal DNS server must have a host record
that resolves the DNS name for the TASKE web
application (site.yourdomain.com) to the IP
address of the TASKE web server computer.
Changing the L1 Address
The L1 address for the TASKE web application
must be changed to the DNS name for the web application in the
Windows registry. To do this, open the Windows Registry Editor and
browse to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\TASKE Technology\ACD ToolBox\8.5\Network
Open the L1addr entry for this key and enter the DNS
name for the web application in the Value data field.
The DNS name should appear as follows:
site.yourdomian.com
Configuring the ISA Server
The first part of this configuration involves configuring the
ISA Server to allow TASKE web desktop clients to access the
web server
computer with HTTP requests. The second part involves configuring
the ISA server to allow the TASKE web application JavaTM applets
to connect via TCP/IP and receive real-time updates.
Configuring the ISA Server to Allow TASKE Web Clients to Send
HTTP Requests
Perform the following steps in the ISA Management application on
the ISA Server computer.
- Create
a destination set
A destination is a pointer to one or more computers, an IP
address or range of IP addresses, or one or more DNS entries.
The purpose of a destination set is to identify the paths clients
use to access resources at the destination. For further information
on destination sets, refer to Configuring
destination sets.
When adding destinations to the web application destination
set, the destinations must match existing resources on the firewall.
For
instance, if http://site.yourdomain.com is the intended
address clients will use to access the TASKE web application
and this DNS entry links
to
IP address 100.200.10.20, then the destination set must include:
- site.yourdomain.com
- 100.200.10.20
- Create
a web publishing rule
Web publishing rules provide the steps the ISA Server follows
when receiving and responding to HTTP requests. Refer to Web
publishing rules for further information.
- Configure
the destination set for the web publishing rule
To configure the TASKE web application destination set
web publishing rule:
- In the This rule applies to drop-down list, select
Selected destination set on the Destinations tab.
- In the Name drop-down list, select the name of the
destination set created in Step 1.
- Define
the action for the web publishing rule
To configure the action for the TASKE web application web
publishing rule:
- Select Redirect the request to this internal Web server.
- In Destination site input the IP address of the
TASKE web server computer.
- Configure
the ISA Server to accept incoming web requests
The ISA Server needs to know which ports and IP addresses to
use for incoming requests. Complete this step to identify the
applicable ports and IP addresses. For further information,
refer to Configuring
incoming Web request properties.
Configuring the ISA Server to Allow TASKE Applets to Connect
and Receive Real-Time Updates
Perform the following steps in the ISA Management application on
the ISA Server computer.
- Create
the protocol definitions
The ISA Server requires both an inbound and an outbound protocol
definition. The steps for creating these protocol definitions
are identical except for the direction of the traffic flow.
For further information, refer to Configuring
protocol definitions.
When defining the TASKE web application protocol definitions
use the following settings:
- Port number: 5051
- Protocol type: TCP
- Direction: Inbound for the first protocol definition,
Outbound for the second.
- Add
a server publishing rule
The server publishing rule publishes the port used for real-time
updates to the Internet. For further information, refer to Server
publishing rules.
- Define
the action for the server publishing rule
The action for the server publishing rule routes incoming
requests to the appropriate location. Use the following settings
when
defining the TASKE web application server publishing rule action:
- IP address of internal server: TASKE web server computer
IP address
- External IP address on ISA Server: this is the IP address
of the external NIC in the ISA Server
- Mapped server protocol: select the inbound protocol definition
created in step 1 of this section
|
Print