Has anyone ever publish Windchill url to the internet using Microsoft's ISA server? I know about the Apache reverse proxy option, but IT prefers using ISA. I would think it is straight forward, but you can never tell. Oh and the certificate name is different from the server name.
I have done reverse proxy implementation with Citrix and Cisco gateways with Windchill and I believe the reverse proxy setup of ISA is similar to those gateways. But ISA is a product that was retired many years ago. So it doesn't make a lot of sense to use this product, more over most of the settings in ISA are build for SharePoint or .NET based sites.
These are the steps which I followed.
If it is an existing Windchill server and if you are okay using the the same URL for accessing Windchill, then you can configure your gateway to do the authentication (I assume you are using AD to manage users). Once the authentication is done, the gateway can set remote_user variable and header, and route the traffic to Windchill Apache. The gateway should be configured to persistent cookies. Also ensure that the client headers are reset to prevent spoofing. Once authentication is done, the gateway should act like a switch and shouldn't rewrite any URLs.
If the desired public access URL is different from your current Windchill server URL, say your desired external URL is pdmlink.company.com and certificate is *.company.com, then you will have to follow the rehost process to rename your Windchill application to pdmlink.company.com. You can create a c entry in your internal DNS to route all internal users directly to Windchill server instead of proxy when they use pdmlink.company.com. You cannot have external and internal user access with different URLs because all internal links within Windchill are based on the value of a property and we cannot have multiple values for this property based on client IPs.
Hope it helps
Binesh Kumar
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
