Office Communications Server 2007 uses a Web service managed by the Web Components Server role to allow users to join a Web conference session, and it uses Office Communicator 2007 to expand distribution groups (DGs) and download the Address Book when connecting externally. Office Communications Server 2007 also offers another server role, called Communicator Web Access, for users to sign in to Office Communications Server by using a browser.

Internal users can connect to both of these server roles directly. For remote users and anonymous users, these server roles must be accessible externally from the Internet. The recommended way to securely expose your Web Components server is through an HTTPS reverse proxy.

Users directly connect to the reverse proxy on a secure connection (HTTPS) by using a published URL. The reverse proxy then proxies the client request over another HTTPS connection to the Web Components or Communicator Web Access server through a private URL. This is shown in Figure 3-23.

Figure 3-23. HTTPS reverse proxy

The reverse proxy is deployed in the perimeter network, whereas the Web Components and Communicator Web Access servers are deployed on the internal network. Any reverse proxy can be used; however, only ISA Server 2006 has been tested by Microsoft. For more information on how to securely publish Web applications to the Internet by using ISA Server, see the TechNet article at https://www.microsoft.com/technet/isa/2006/secure_web_publishing.mspx.