View Complete Thread
  • Using AAR/ Rewrite for connection from vendor to us

    Jun 27, 2019 09:04 PM|Huy.Le|LINK

    We are hosting an environment comprised of a medical software that needs to connect to another 3rd party add-on's server that they are hosting. 

    It would communicate in this order: 

    1. 1. Vendor IP  ----( Request: for authentication token) ---- > Our authentication server (server 1)
    2. 2. Vendor IP  <----(Response: Authentication token sent) ---- Our authentication server (server 1)
    3. 3. Vendor IP  ----(Response: Authentication token sent) ----> Our WEB Server (server 2)
    4. 4. Vendor IP  <----(Response: Authentication token sent) ---- Our WEB Server (server 2)

    After much consulting for best security practices, the vendor suggested configuring a reverse proxy server in our DMZ.

    I've gone through much documentation for this, most of the documentation appears to suggest the reverse proxy talking from one server to another one server or using actual sites as opposed to IP addresses. My question is, can this be configured through reverse proxy IIS? 

    There seems be many different guides for this, and for now, I've followed the Skype for Business protocol for reverse proxy and awaiting to test it, I'm just not sure if AAR/Rewrite will route the traffic correctly.

    Currently in the DMZ server IIS, i have this configured: 

    Server Farms (configured with server IP addresses, not URLs)

         - Server Farm 1: Authentication Server 

         - Server Farm 2: Web Server 

    DMZ Server level ARR: 

          - Proxy not enabled

    DMZ Server level URL Rewrite: 

          - Auth Server_loadbalance_SSL

                    - Conditions: matches the pattern for the IP of Vendor

                    - Action Type: Route to Server Farm

          - Web Server_loadbalance_SSL

                    - Conditions: matches the pattern for the IP of Vendor

                    - Action Type: Route to Server Farm

          

    Any suggestions (or just knowing if this is going to work at all) would be greatly appreciated. 

    Thank you.