0

0

Previous Installments:

• Part 1 - Secure Publishing of the OpsMgr 2007 Web Console to the Internet

• Part 2 - Branding the Web Console in Operations Manager 2007

In part 1 we configured our Web Console for forms authentication and installed an SSL certificate to support authentication across the Internet. In part 2, we branded the console with our corporate logo. In part 3, we're going to publish our Web Console through ISA 2004 so it is fully accessible from the Internet.

Steps below assume:

• SSL Certificate: An SSL certificate with a publicly routable DNS name is installed on the Web Console web site.
• Public DNS Entry: A DNS entry on your public DNS server for the FQDN on the certificate and a public IP address has been created.

If you've not completed either of these steps, you should complete these tasks before proceeding.

To publish the URL:

Open ISA 2004 Console. Right click Firewall Policy and select New --> Web Server Publishing Rule.

Settings on your Web Server Publishing Rule should appear as follows:

Tab \ Setting

1. General: Enabled should be selected.
2. Action: Action to take = Allow
3. From: Anywhere
4. To: FQDN of your Web Console. (When you ping this name from the ISA Server, it should resolve to the INTERNAL IP assigned to the Web Console web site.). Select the 'Forward original header' checkbox. Select the radio button 'Requests appear to come from original'.
5. Traffic: Rule applies to the following protocols: HTTP, HTTPS
6. Link Translation: Select 'Replace absolute links in web pages'.
7. Users: All Users group should be in the list.
8. Listener: Listener should contain the public IP in your DNS record, and be configured to listen on the same ports designated on the Bridging tab.
9. Bridging: The Web Server radio button should be selected. The Redirect Request to SSL Portcheckbox should be selected, and the appropriate listening TCP port on the Web Console web site (443 by default) listed in the text box provided.
10. Paths: /*
11. Public Name: This rule applies to requests for the following web sites: Click Add and enter the FQDN on the SSL certificate you installed on the Web Console web site (if you have an equivalent internal DNS entry) or the internal IP address of the Web Console.

NOTE: Since we only want SSL to be used, and with forms authentication enabled you really do not need to publish HTTP.

You’re done. Now you should be able to access your Web Console

In Part 4, we'll look at how to modify the Alert view link in your notifications to reflect the publicly reachable FQDN in the link to the alert.