We already knew before 2012 R2 came out that we were going to use Work Folders in a trial later in the year. As soon as the ISO dropped we began organizing our server environment to handle Work Folders synchronization. Of course the biggest part of this is allowing synchronization from home, so reverse proxying a remote access solution was a must.
We use UAG 2010 and while Microsoft may have a wizard in the upcoming SP4, unfortunately is not available yet for early adopters. Here are the steps we used to make it work.
Prerequisites
Before you start it is best to use split-brain DNS for a smooth and speed workfolders experience. Create a new DNS record on your internal DNS servers using the external DNS FQDN with a low time-to-live, maybe 15 minutes, point this to your internal workfolders server IP. Then create the same DNS record on DNS servers authoritive for your external records and point this to your UAG trunk.
The records will resolve something like:
Internal: workfolders.consoto.info 192.168.1.1 (Internal Work Folders server)
External: workfolders.consoto.info 180.0.0.1 (External UAG Trunk)
Step by Step
1. Open UAG and take an existing trunk (or create a new trunk) that has Trunk authentication disabled. The trunk we used had a wildcard certificate and it worked perfectly.
2. Add a new application.
3. Select "Other Web Application (application specific hostname)", click OK.
4. Name the application "workspaces" and application type "workspaces", click OK.
5. Select "Configure an application server", click OK.
6. In "addresses" enter your workspaces URL, we are using split-brain DNS so the internal and external address will be the same.
For paths enter "/sync/1.0/" as this is the only part of the Work Spaces server that the reverse proxy needs to forward.
In public hostname enter workspaces, you will need to create the corresponding external A record (or CNAME record for existing trunks), click OK.
7. Leave "use SSO" unticked, click OK.
8. Un-tick "add a portal and toolbar link", click OK.
9. Leave "Authorize all users" ticked, click OK.
10. Click finish to create the application.
11. Now we must make some modifications to the URL set, to do this click "Configure trunk settings" under the trunk.
12. Click the URL set tab and find the "workfolders_Rule1" rule. The rule already will show the URL of "/sync/1.0/.*", we need to modify the methods.
The default methods are POST and GET, add in DELETE, PUT and HEAD.
Click OK to save the settings.
13. Click the "workfolders" application and select edit.
14. Select the Web Settings tab and click "Allow POST requests without a content-type header", then click OK to accept the changes.
15. Save your changes and activate your configuration
No comments:
Post a Comment