Setting up Reverse Proxy rules for use with Mobile Management

book

Article ID: 180846

calendar_today

Updated On:

Products

Mobile Management

Issue/Introduction

 

Resolution

In some environments, setting up a reverse proxy is preferred over putting a Mobile Management Site Server and SCEP Server in the DMZ, for increased security.  There are different programs that can offer this functionality, on multiple operating systems.  The general way to do this would be:

  1. Set up a rule on the proxy server to forward requests for servername.fqdn/certsrv/* to the SCEP Server.
  2. Set up a default/catch-all rule to forward any other request to the Mobile Management Site Server

If the reverse proxy is also handling other (non-MMS) related traffic, step 2 can be refined down to the specific sub-folders in IIS on the Mobile Management Site Server, such as /MobileEnrollment, /MobileManagement, and so forth.