Reverse Proxy

Owned by Mike Murphy
Last updated: Jul 29, 2015

Internet connected agents can communicate to the Arellia Management Server AMS through a properly configured Reverse Proxy by using Windows Application Request Routing 3.0 and URL Rewrite.

Server Configuration

  1. Setup a new server or modify an existing server to be in the DMZ.
  2. Download Web Platform Installer.
  3. Install IIS Application Request Routing 3.
  4. Create an empty folder under C:\inetpub\ named AmsProxy.
  5. Open IIS Manager and right-click Sites and select Add Web Site.
  6. Name the site AmsProxy and set the Physical Path to the folder under C:\inetpub\ named AmsProxy.
  7. Change the binding to HTTPS.
  8. Use the default port of 443. (Note: If there are other applications using port 443 on this server, such as Symantec CEM, then set the AmsProxy to use a different port, such as 45593. If you use a port other than 443, make sure to add the appropriate firewall rule.)
  9. Select a certificate for the binding to use and Click OK.



  10. Select the server node in the left hand navigation pane in IIS Manager.
  11. Open Application Request Routing from the middle pane.
  12. Select Server Proxy Settings in the right hand actions pane
  13. In the Application Request Routing pane, select Enable Proxy and deselect Enable disk cache.

  14. Select Apply under the actions pane and then select URL Rewrite.
  15. Select Add Rule(s) on the actions pane and then under Incoming rules select Blank rule. 
  16. Name the rule AmsProxy.
  17. In the Edit Inbound Rule window, do the following steps:
    1. Under Match URL from the Requested URL menu, choose Matches the Pattern.
    2. From the Using menu, choose Wildcards.
    3. From the Pattern menu, choose Ams/Agent/*. 
    4. Select Ignore case.
       
    5. Under Conditions, from the Logical Grouping menu, choose Match All.
    6. Add a condition for {HTTPS}: Matches the pattern: on.
      1. (optional) You can also add a {SERVER_PORT} condition and set it to the port number configured in step 8.
    7. Under Action, from the Action Type menu, choose Rewrite.  
    8. Under Action Properties, in the Rewrite URL field, type the URL https://server.example.com/Ams/Agent/{R:1}
    9. Select Append query string.
    10. Select Stop processing of subsequent rules.
    11. In the Actions pane, click Apply.
       

Now your internet-connected agents will be able to communicate with the AMS through https://external-name.domain.com:45593/Ams/ or https://external-name.server.com/Ams/, depending on the port you chose.

Make sure that the server that is acting as the reverse proxy for the AMS trusts the certificate that the AMS is using for the HTTPS binding. If it does not, the proxy will return a 500.21 Gateway error.

Agent Configuration

When you set up the Arellia Agent, make sure that the BaseURL has been set to the DMZ Server Address by following the steps in Setting the Arellia Management Server Address.

Important

The AMS is not able to push tasks to agents when the agents are not connected to the same network as the server. However, the internet connected clients will automatically pull the tasks from the server on a scheduled interval.