1
00:00:07,010 --> 00:00:13,970
The Web application proxy organizations can provide selective access to applications running on servers

2
00:00:13,970 --> 00:00:19,550
inside the organization to users located outside of the organization.

3
00:00:20,660 --> 00:00:25,610
The process to make the application extremely available is known as public.

4
00:00:26,210 --> 00:00:33,860
Unlike traditional virtual private network or VPN solutions, users can access only the applications

5
00:00:33,860 --> 00:00:40,070
that you publish through a web application proxy server dependent on support from the application.

6
00:00:40,460 --> 00:00:47,870
Access to these applications can be from essentially an enterprise, including mobile devices.

7
00:00:48,320 --> 00:00:50,750
In addition to publish and federation services.

8
00:00:51,020 --> 00:00:59,150
The Republication Proxies server is widely used to publish browser applications such as those for SharePoint

9
00:00:59,240 --> 00:01:08,270
Exchange and Remote Desktop Gateway and to other custom line of business or LLB applications.

10
00:01:09,440 --> 00:01:16,760
In fact, it is also possible to publish to the background services that are consumed by non browser

11
00:01:17,000 --> 00:01:17,870
applications.

12
00:01:18,530 --> 00:01:26,180
Some alerts about configuring your rail sounds or certificates for each application that your publisher

13
00:01:26,180 --> 00:01:31,100
must configure an external URL and an internal storage URL.

14
00:01:31,760 --> 00:01:38,210
External users access the application by using the external URL.

15
00:01:39,200 --> 00:01:45,890
The Web Application Process Server uses the internal server URL to access the application on behalf

16
00:01:45,890 --> 00:01:47,390
of external users.

17
00:01:48,230 --> 00:01:56,660
If you use split DNS, it is common to have the same value for both the external URL and the internal

18
00:01:56,660 --> 00:01:57,180
server.

19
00:01:58,640 --> 00:02:06,830
Some applications experience errors when the external URL and the internal server URL differ.

20
00:02:07,550 --> 00:02:17,510
When the external URL and the background server URL differ only the hostname in the general change of

21
00:02:18,830 --> 00:02:21,500
the path to the application remains the same.

22
00:02:21,920 --> 00:02:31,730
For example, if the external URL for an application is issued to press server 1.8. com slash app one,

23
00:02:32,180 --> 00:02:42,440
you can not have an external url for as st-pierre's extra nat .8. com slash application one.

24
00:02:43,400 --> 00:02:50,150
When you define the external URL, you also need to select a certificate that contains the hostname

25
00:02:50,150 --> 00:02:51,440
and the external URL.

26
00:02:52,100 --> 00:02:55,070
This certificate must be installed on the local server.

27
00:02:55,640 --> 00:03:03,590
However, it does not need to match the certificate used on the back server hosting the application.

28
00:03:06,400 --> 00:03:13,390
You can have one certificate for each hostname used on the web application proxies server or a single

29
00:03:13,390 --> 00:03:14,170
certificate.

30
00:03:14,440 --> 00:03:20,230
There's multiple names, some words about publish in SharePoint Services.

31
00:03:21,070 --> 00:03:28,060
You can publish a SharePoint site through a Web Application Proxies server, while the SharePoint scientists

32
00:03:28,060 --> 00:03:32,950
configured for claims based authentication or AWOL.

33
00:03:33,790 --> 00:03:42,250
If you prefer to use the files for authentication, you must configure a relying party by using one

34
00:03:42,250 --> 00:03:43,270
of these methods.

35
00:03:43,930 --> 00:03:44,410
You can.

36
00:03:45,970 --> 00:03:54,670
If the SharePoint site uses claims based authentication, use the out relying party trust wizard to

37
00:03:54,670 --> 00:03:57,640
configure the rely on part of trust for the application.

38
00:03:58,300 --> 00:04:02,070
And if the SharePoint site uses AWOL.

39
00:04:02,560 --> 00:04:09,460
Use the out known claims based Rampart part trust wizard to configure the underlying part of trust for

40
00:04:09,460 --> 00:04:10,300
the application.

41
00:04:10,750 --> 00:04:19,030
If you want to use RWA with a claims based web application, you must deploy the Kerberos key distribution

42
00:04:19,030 --> 00:04:21,790
center to the domain controllers in the domain.

43
00:04:22,660 --> 00:04:28,510
Please note that to authenticate the users by using RWA, you must join the.

44
00:04:29,660 --> 00:04:36,800
Web application server to the demand to provide RWA access to web publication proxies.

45
00:04:36,800 --> 00:04:46,520
Server must be able to provide the impersonation of users to the published application.

46
00:04:47,060 --> 00:04:54,560
This impersonation is called Kerberos Constraint Delegation and the application should be configured

47
00:04:54,560 --> 00:04:56,600
to support impersonation.

48
00:04:57,410 --> 00:05:03,440
You should configure the web application proxies server for delegation to the service principal names

49
00:05:04,070 --> 00:05:06,890
as spans of the back end users.

50
00:05:09,500 --> 00:05:17,330
Now, if you can figure your SharePoint site by using alternate access mappings or hostnames hosted

51
00:05:17,330 --> 00:05:25,940
named site collections, you can publish your application with different external and back sorry URLs.

52
00:05:26,870 --> 00:05:34,520
However, if your SharePoint site is not configured by using alternate access mapping or host named

53
00:05:34,520 --> 00:05:40,340
side collections, the external and backend server URLs must be the same.

54
00:05:42,500 --> 00:05:45,380
Know some words about publish and exchange services.

55
00:05:46,370 --> 00:05:53,870
Exchange Server provides multiple services for administrators and users, including Outlook Web App

56
00:05:54,380 --> 00:05:56,330
Exchange Control Panel.

57
00:05:57,970 --> 00:06:07,600
Outlook and Irreverent Exchange ActiveSync These services are independent with different URLs and different

58
00:06:07,600 --> 00:06:09,460
authentication configurations.

59
00:06:10,480 --> 00:06:18,250
Let's review the following options login services that you can publish through the Web Application Proxy

60
00:06:18,270 --> 00:06:22,960
and the supported proof authentication type for these services.

61
00:06:24,810 --> 00:06:33,030
First Services Outlook Web app the supported person to kitchen types for the services ADA first use

62
00:06:33,140 --> 00:06:41,550
non claimed non claims based authentication pass through and their first use and claims based authentication

63
00:06:41,550 --> 00:06:45,060
for issuance or 2013.

64
00:06:47,800 --> 00:06:50,260
The Next Services exchange control panel.

65
00:06:51,550 --> 00:06:59,080
And supported person to person type is passed through outlook anywhere person to kitchen type pass through

66
00:06:59,080 --> 00:07:06,340
as well and to exchange ActiveSync pass through for the outlook and aware of service to function correctly,

67
00:07:06,340 --> 00:07:15,010
you need to publish three URLs the auto discovery URL, the external hostname of the exchange server

68
00:07:15,630 --> 00:07:27,190
that is the URL that outlook clients access and the internal of Q the end of the exchange server instance

69
00:07:28,270 --> 00:07:38,290
to publish outlook by about by using w l you must use the and non claims based for one party trust wizard

70
00:07:38,590 --> 00:07:41,830
to configure the Reliant Portal Trust for the application.

71
00:07:42,910 --> 00:07:50,380
Please note that to allow users to authenticate by using RWA, you must join the web application proxies

72
00:07:50,380 --> 00:07:59,260
server to the domain and to provide RWA access, you should configure the application on the web application

73
00:07:59,260 --> 00:08:04,000
proxies server to support Kerberos constrained delegation.

74
00:08:04,450 --> 00:08:13,810
You should also register as p m for the service account of the web service and configure the Web Application

75
00:08:13,810 --> 00:08:21,160
Proxies server for delegation to the SBN of the background servers in a highly available exchange environment.

76
00:08:21,460 --> 00:08:24,220
This should to use an alternate service account.

77
00:08:25,360 --> 00:08:30,310
Note some words about publishing remote desktop gateway services.

78
00:08:31,540 --> 00:08:40,900
Some organizations provide access to our DB Gateway services from the Internet directly to the Gateway

79
00:08:40,910 --> 00:08:41,470
Server.

80
00:08:42,220 --> 00:08:49,660
However, you might consider publishing R&amp;D Gateway services through the Web Application Proxy.

81
00:08:49,930 --> 00:08:59,500
If you want to restrict access to your R&amp;D gateway and add authentication for remote users when planning

82
00:08:59,500 --> 00:09:07,210
your deployment, you have two options for publishing are D Gateway Services through the Web Application

83
00:09:07,210 --> 00:09:13,450
Proxy Option one Publishing the application by using pass for authentication.

84
00:09:13,960 --> 00:09:22,270
This provides a single point of entry into your remote desktop environment, and option two is publishing

85
00:09:22,270 --> 00:09:25,090
the application by using pre authentication.

86
00:09:25,630 --> 00:09:32,290
Similarly to the way that your publisher claims based application is, use the app to rely on Portal

87
00:09:32,290 --> 00:09:35,190
Trust Wizard to create a manual.

88
00:09:35,220 --> 00:09:39,770
Rely on part two Trust to the Audit Gateway of your data.