Consider the following scenario: we have a company (contoso.com) with 2 geographic distinct sites - New York and London. There are a number of sites published under web.contoso.com - most are hosted on web servers located in New York but some are hosted in London. The only difference between these sites is the path used (eg https://web.contoso.com/products,https://web.contoso.com/research etc.). There are 2 standalone TMG servers that can do reverse proxying - one in New York and one in London. web.contoso.com is added as an entry in the public DNS as to point to the public IP of the TMG in New York. The company's internal link between New York and London is an expensive one and already congested. For the company's clients, it's important that for the pages they're browsing they always get to seehttps://web.contoso.com/..... in their browsers (as opposed to a sligtly different name such as https://london.web.contoso.com/...).
We now want to publish the Research site which is hosted on an IIS server in London, using the name https://web.contoso.com/researchand also keeping in mind the restrictions above. In order to avoid using the internal WAN link the TMG server in London could be used for publishing. However, since web.contoso.com is pointing to the TMG server located in New York, this would mean that the client will first reach the New York TMG, then get redirected to the London TMG, at which point he'll get to the Research site. I've somehow implemented this functionality using a simple publishing rule forAll Users on the New York TMG server so that requests for https://web.contoso.com/researchget sent to the public IP address of the London TMG server. On the London TMG server there's another rule for https://london.web.contoso.com/researchusing Forms Authentication. Since the Forms Authentication actually generates a 302 Redirect, it's the client itself that will talk to the 2nd TMG server, in effect achieving the request of not using the WAN link, and even better not using the New York's TMG own Internet link. The problem is that the URL gets rewritten (client sees https://london.web.contoso.com/research from the point he's offered the Forms Based authentication). Is there a way to achieve this as well ?
It would be ok for the TMG server in New York to use its own Internet connection to send requests over to the TMG in London, as well as the whole setup works. Please let me know what you think. Would it be possible, or would it need some additional mechanism (eg geoDNS) to make it work using TMG ?