SSL Bridging

The final methodology, which is the preferred scenario, is to use SSL Bridging. In this case, the client’s SSL tunnels at the reverse proxy as in an offloading scenario, but the reverse proxy then opens a second HTTPS connection back to the internal resource. This ensures that the entire transmission is encrypted from end to end.

There is also some added flexibility in this case, in that a reverse proxy can redirect that second connection to a port other than 443 back on the internal resource without the client’s knowledge. As far as the client knows, it still has a connection on port 443 to the internal resource, even though the reverse proxy might bridge this connection to port 4443 on the internal Front End pool. Figure 31.10 ...

Get Microsoft® Lync® Server 2013 Unleashed Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.