Reverse Proxy Recommendations

[Laughing_Jackal]

We're working on our SCCM 2012 deployment, going from SCCM 2007. With SCCM 2007, we didn't take advantage of being able to manage clients who went off the network, besides the Cisco VPN. With SCCM 2012, we want to take full advantage of managing clients who are on the intranet, and then go on to the internet without connecting to VPN. We only have about 350 clients, with about 100 of them traveling offsite now and again. We are on a single domain, with no workgroup computers.

 

Before going much further with our migration, we want to ensure we have the infrastructure and security in place to handle internet based clients. Ideally, we'd put the MP, FBSP, and DP in the DMZ, routed through a reverse proxy. Our current sticking point is what reverse proxy to use, or maybe there's a better way to handle this all together? It seems like everywhere I've read, they mention using TMG and ISA, but we're not real excited to go that route if TMG will be unsupported. I've been reading about using IIS 7 with Application Request Routing (ARR), but wasn't sure if anyone around was using that? We don't really want to mess with separate domains or untrusted forests either.

 

I'd definitely appreciate any insight or experiences you all might have.

 

Thanks!

[kingbuzzo]

Have you looked into Direct Access?

[Laughing_Jackal]

Thanks for your response KingBuzzo!

 

It's funny you mention Direct Access, as that's what my search has been leading me to. I was looking at Direct Access through UAG for 2008 R2, but then read that Direct Access is easier to setup and manage for Server 2012.

 

Do you have any experience with Direct Access and SCCM 2012, or Server 2012? There doesn't seem to be a ton of information out there on DA for Server 2012, and definitely not a lot for DA Server 2012 mixed with SCCM 2012.

 

I just got access to a physical box to get this ball rolling, so I'm definitely getting ready to make a move on this sooner than later.