About publishing Web servers
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
When publishing Web servers, Forefront TMG uses Web publishing rules to allow or deny access to internal Web applications, based on access policies. You can restrict access to specified users, computers, or networks, require user authentication, and inspect the traffic between clients and the publishing servers.
Note
- You can configure Forefront TMG to cache Web content and to respond to user requests from the cache, without forwarding the requests to the published Web server. For more information, see Planning to cache Web content.
- When you publish a farm of Web servers that perform the same role, or host the same content, you can enable high availability for inbound access by configuring Forefront TMG to control the load balancing among the servers in the farm. For information, see About Web publishing load balancing.
- For information about authentication, see About authentication in Web publishing.
The following sections provide information to help you plan for Web server publishing:
Supported Web publishing scenarios
About Web listeners
Supported Web publishing scenarios
Forefront TMG supports the following Web publishing scenarios:
Publishing Web servers over HTTP—Publish a single Web site or load balancer, multiple Web sites, or a server farm over HTTP. For details, see Publishing Web Servers over HTTP.
Publishing Web servers over HTTPS—Publish a single Web site or load balancer, multiple Web sites, or a server farm over HTTPS. For details, see Publishing Web Servers over HTTPS.
Note
When publishing over HTTPS, a server certificate must first be installed on the Forefront TMG computer, to authenticate Forefront TMG to the client computer. For details, see Planning for server certificates.
Redirecting HTTP to HTTPS, and vice versa—You can publish Web servers so that the connection between client computers and the Forefront TMG server uses one protocol, while the connection between the Forefront TMG server and the published Web servers uses the other. For example, you can connect to client computers over HTTPS, and establish an HTTP connection between the Forefront TMG server and the published Web server or servers.
Note
In a scenario in which the connection between the published servers and the Forefront TMG server is over HTTPS and the connection between client servers and the Forefront TMG server is over HTTP, if the published servers use cookies that hold sensitive data, mark these cookies as secure.
Outlook Web Access publishing—Outlook Web Access is the Exchange mail service that allows users to access their Exchange mailbox from a Web browser. There are two versions of Outlook Web Access:
Outlook Web Access Light—Supports accessibility features for users who are blind or have low vision, and runs on most Web browsers. It provides a simplified user interface and reduced feature set compared with Outlook Web Access Premium.
Outlook Web Access Premium—Requires Microsoft Internet Explorer 6 or later versions, and provides features that are currently not available in the Light version, such as Unified Messaging and the ability to check spelling.
For publishing details, see Configuring Outlook Web Access Publishing.
Outlook Mobile Access publishing—Outlook Mobile Access is the Microsoft Exchange Server 2003 mobile browse solution (supported only for Outlook Web Access 2003). It generates HTML, xHTML, and cHTML markup for display on mobile devices that are on the approved device list. For publishing details, see Configuring Outlook Mobile Access Publishing.
ActiveSync publishing— Exchange ActiveSync is a Microsoft Exchange synchronization protocol that is optimized to work together with high-latency and low-bandwidth networks. The protocol, based on HTTP and XML, lets devices, such as browser-enabled cellular telephones or Microsoft Windows Mobile powered devices, access an organization's information on a server that is running Microsoft Exchange. Exchange ActiveSync enables mobile device users to access their e-mail, calendar, contacts, and tasks, and to continue to access this information while they are working offline. For publishing details, see Configuring ActiveSync Publishing.
SharePoint publishing— Microsoft SharePoint Products and Technologies provide a host of features and functionalities for Collaboration, Portal, Search, Enterprise Content Management, Forms Driven Business Process, and Business Intelligence. For publishing details, see Configuring SharePoint publishing.
Note
Forefront TMG is compatible with the Alternate Access Mappings feature of SharePoint Products and Technologies.
About Web listeners
Each Forefront TMG Web publishing rule is assigned a Web listener. The Web listener “listens” for incoming connections on the defined networks or IP addresses and ports. It also defines the number of concurrent client connections that are allowed on the connection, and the authentication method that is used if authentication is required.
Note
A Web listener can be used by more than one Web publishing rule.