Skip to main content

Windows Server 2012 R2 Web Application Proxy

As Microsoft tightens their revision and update cycle, it can be increasingly challenging to stay on top the new features and capabilities available with each new version of Windows Server (not to mention Windows 8, Exchange, Lync, and so on). It seems like Windows Server 2012 was released just yesterday, and in fact it was only just over a year ago.

And, barely 13 months after Server 2012 was released, along comes Server 2012 R2, with its own raft of improvements. Many people probably haven’t even installed Server 2012 yet, why move to R2? Here’s one feature that is well worth a look:

Web Application Proxy

When Threat Management Gateway was shown the door, Microsoft left everyone wondering how to accommodate the reverse proxy requirements of their core services, specifically Lync. With the release of Server 2012 R2, we no longer need to wonder. Web Application Proxy is baked into Server 2012 R2’s Remote Access role. It provides reverse proxy capabilities for any HTTPS service (it doesn’t support HTTP), and offers the ability to authenticate traffic at the edge, just like TMG.

It also supports Server Name Indication (SNI) which means that you can run multiple disparate services on the same IP/Port combination, and you don’t even need all the names in the same certificate. This can be a huge advantage for those facing IP address limitations.

The Web Application Proxy feature requires a working Server 2012 R2 ADFS implementation, even if edge authentication isn’t required, but that’s probably a service worth installing, especially since Server 2012 R2 supports ADFS on domain controllers.

Web Application Proxy is part of the Remote Access role, including DirectAccess, which can (as of Server 2012) be installed using only HTTPS.

All together, Server 2012 R2 Remote Access can provide always on connectivity to client PCs via DirectAccess, and reverse proxy services for any and all HTTPS services, including Lync and Exchange, on one server, using only one IP address. It’s definitely worth a look.

Shane Skriletz, PEI

Leave a Reply