ISA Server: Difference between revisions
Matt Gibson (talk | contribs) mNo edit summary |
Matt Gibson (talk | contribs) No edit summary |
||
| Line 7: | Line 7: | ||
'''Internal DNS''' | '''Internal DNS''' | ||
This is something that needs to be set up in your DNS manager like active directory. Once that is done you will need to set up an exception on the ISA's proxy screen so that http://moodle.yourorganisation.ac.uk is not routed through the proxy. | This is something that needs to be set up in your DNS manager like active directory. Once that is done you will need to set up an exception on the ISA's proxy screen so that http://moodle.yourorganisation.ac.uk is not routed through the proxy. | ||
*better instructions needed here on how to | *better instructions needed here on how to make an exception | ||
''' | ''' | ||
External''' | External''' | ||
Once you can access moodle OK using http://moodle.yourorganisation.ac.uk from an internal machine, you need to sort out your external DNS. Find out the IP which resolves to the external interface of the ISA server (a good way to do this is to browse to www.whatsmyip.net from an internal machine), then set up http://moodle.yourorganisation.ac.uk as a subdomain pointing to that IP with your hosting provider (there may be a web interface for you to do this, companies vary) | Once you can access moodle OK using http://moodle.yourorganisation.ac.uk from an internal machine, you need to sort out your external DNS. Find out the IP which resolves to the external interface of the ISA server (a good way to do this is to browse to www.whatsmyip.net from an internal machine), then set up http://moodle.yourorganisation.ac.uk as a subdomain pointing to that IP with your hosting provider (there may be a web interface for you to do this, companies vary) | ||
Note that the IP address bound to the external interface of the ISA is not necessarily the IP as seen from the wider internet - you may be behind another firewall if you are getting your internet from a consortium e.g. LGfL | Note that the IP address bound to the external interface of the ISA is not necessarily the IP as seen from the wider internet - you may be behind another firewall if you are getting your internet from a consortium e.g. LGfL | ||
Once that is done and you have allowed time for the Internet's DNS cache's to update (can be up to 24hrs) you should be able to type http://moodle.yourorganisation.ac.uk and get some sort of server error message from the ISA. This will also show up in the ISA's event logs | Once that is done and you have allowed time for the Internet's DNS cache's to update (can be up to 24hrs) you should be able to type http://moodle.yourorganisation.ac.uk and get some sort of server error message from the ISA. This will also show up in the ISA's event logs. If you don't know how to get to the logs, look here: http://www.isaserver.org/tutorials/userinfo.html | ||
The next step is to run the web publishing wizard on the ISA and enter the details of the machine moodle is running on. It should be possible to follow the tutorial here http://www.isaserver.org/tutorials/ISA-2006-Firewall-Web-Publishing-Rules.html or here http://www.isaserver.org/tutorials/Publishing-Multiple-Non-SSL-Web-Sites-Single-IP-Address-using-ISA-Firewalls.html | The next step is to run the web publishing wizard on the ISA and enter the details of the machine moodle is running on. It should be possible to follow the tutorial here http://www.isaserver.org/tutorials/ISA-2006-Firewall-Web-Publishing-Rules.html or here http://www.isaserver.org/tutorials/Publishing-Multiple-Non-SSL-Web-Sites-Single-IP-Address-using-ISA-Firewalls.html | ||
| Line 21: | Line 20: | ||
If you want to use SSL, you use SSL bridging. This means that the link between the remote host and the ISA is encrypted, but the link from the ISA to the internal machine need not be (saves on processing). You will need to generate a Certificate to bind to the Listener using IIS and then configure the SSL bridging. Instructions here: http://www.isaserver.org/tutorials/Configuring_SSL_Bridging.html | If you want to use SSL, you use SSL bridging. This means that the link between the remote host and the ISA is encrypted, but the link from the ISA to the internal machine need not be (saves on processing). You will need to generate a Certificate to bind to the Listener using IIS and then configure the SSL bridging. Instructions here: http://www.isaserver.org/tutorials/Configuring_SSL_Bridging.html | ||
If you are already using port 443 for something else e.g. publishing your exchange server using forms based authentication so people can access outlook over the web, you will have a headache... TBC | |||
References: | References: | ||
Revision as of 16:02, 31 October 2006
ISA Server (Internet, Security and Acceleration Server) from Microsoft can act as a both a proxy server and an application layer firewall. Many organisations use it as the main gateway connecting their internal network to the outside world.
If you wish to install Moodle behind an ISA server e.g. to make it available to the outside world rather than just inside your organisation, you will need to have administrator acces to the machine that ISA server that runs on. Windows server comes with IIS, but you can use Apache quite happily.
Your best bet for doing this is to use split DNS so that from inside your network, typing the URL e.g. http://moodle.yourorganisation.ac.uk will resolve to an internal IP e.g. 192.168.2.34, but from the wider internet it will resolve to the external interface of the ISA Server, which will then forward the request to the internal machine.
Internal DNS This is something that needs to be set up in your DNS manager like active directory. Once that is done you will need to set up an exception on the ISA's proxy screen so that http://moodle.yourorganisation.ac.uk is not routed through the proxy.
- better instructions needed here on how to make an exception
External Once you can access moodle OK using http://moodle.yourorganisation.ac.uk from an internal machine, you need to sort out your external DNS. Find out the IP which resolves to the external interface of the ISA server (a good way to do this is to browse to www.whatsmyip.net from an internal machine), then set up http://moodle.yourorganisation.ac.uk as a subdomain pointing to that IP with your hosting provider (there may be a web interface for you to do this, companies vary)
Note that the IP address bound to the external interface of the ISA is not necessarily the IP as seen from the wider internet - you may be behind another firewall if you are getting your internet from a consortium e.g. LGfL Once that is done and you have allowed time for the Internet's DNS cache's to update (can be up to 24hrs) you should be able to type http://moodle.yourorganisation.ac.uk and get some sort of server error message from the ISA. This will also show up in the ISA's event logs. If you don't know how to get to the logs, look here: http://www.isaserver.org/tutorials/userinfo.html
The next step is to run the web publishing wizard on the ISA and enter the details of the machine moodle is running on. It should be possible to follow the tutorial here http://www.isaserver.org/tutorials/ISA-2006-Firewall-Web-Publishing-Rules.html or here http://www.isaserver.org/tutorials/Publishing-Multiple-Non-SSL-Web-Sites-Single-IP-Address-using-ISA-Firewalls.html
Once that's done, you should be able to access from outside. If there is still an error, check the ISA Server's logs to find more information.
If you want to use SSL, you use SSL bridging. This means that the link between the remote host and the ISA is encrypted, but the link from the ISA to the internal machine need not be (saves on processing). You will need to generate a Certificate to bind to the Listener using IIS and then configure the SSL bridging. Instructions here: http://www.isaserver.org/tutorials/Configuring_SSL_Bridging.html
If you are already using port 443 for something else e.g. publishing your exchange server using forms based authentication so people can access outlook over the web, you will have a headache... TBC
References: www.isaserver.org
