How to configure Contact Expert for using a reverse proxy

The CE agent application and server components assume that they reside on the same network. However, having the CE agent app deployed in remote environments – in an entirely separate, often and/or routed network – is a frequent and legitimate business scenario. Customers tend to resolve the connectivity issues this setup generates by setting up a point-to-point or site-to-site VPN service. While addressing the problem for very stable, high-bandwidth network connections, for example when an agent's home internet subscription is capable enough and is not over-utilized, it introduces extra encryption / compression that inherently decreases network efficiency (and is therefore not endorsed by Microsoft for use with Skype for Business, for example).

A more efficient solution would be to set up a reverse proxy based connectivity between the client and server components of CE where possible. Though this requires an extra component – the Reverse Proxy – placed in a DMZ between these, but it does not itself add an encrypting / compressing overhead, and more importantly it solves many similar connection issues as well. For example the same RP can also be used for the Microsoft telephony external/internal connectivity as well (assuming proper design and resource sizing/scoping was done).

The following sections explain the configurational changes that must be performed in the various CE components to use a reverse proxy.

This article does not cover reverse proxy specific configuration.

Geomant does not endorse any specific brand or version of reverse proxy at this time.

The following instructions will require CE services to be restarted, you should never perform these steps on an operational production system.

Step-by-step guide

Server side configuration

  1. Log on to CE portal and navigate to Infrastructure → General Infrastructure → Application Servers menu.
  2. Click Edit to modify your Application Server and change the Public Web FQDN field to the FQDN and port the reverse proxy was configured to provide to CE.
  3. Submit the change.
  4. Navigate to Operations → Agents → Agent Policy, click Edit for your resource and update every URL to use the https://[ExternalFQDN]/... format.
  5. Click Submit the changes.
  6. Perform a Batch Update.
  7. Log on to the CE Core Host server (e.g. using Remote Desktop Connection) or otherwise access the filesystem of the server and open the ACEReport.xml file for editing. The default path of this file is C:\Geomant\CE\Tomcat\conf\Catalina\localhost
  8. Modify the value tag of the AuthReferer parameter so that the URL points to the reverse proxy FQDN: https://[ExternalFQDN]/ACEAdmin/Admin
  9. Modify the value tag of the ReportReferer parameter so that the URL points to the reverse proxy FQDN + port: https://[ExternalFQDN:Port]/ACEReport
  10. Save the changes and close the file.
  11. Open the Tomcat server.xml file for editing. The default path of this file is C:\Geomant\CE\Tomcat\conf\

  12. Locate the <Service name="Catalina"> section within the XML schema, and the <Connector port="8080" ... parameter within and make sure this contains all the proxy and Tomcat scheme tags too:

    <Connector port="8080" protocol="HTTP/1.1" redirectPort="8443" proxyName="[ExternalFQDN]" proxyPort="[ExternalPort]" scheme="https" ... [rest of the parameter tags]

    You don't necessarily have to use the HTTPS (secure) protocol, but it is advised for security reasons.

  13. Save and close the file. Open the constant.asp file for editing. The default path of this file is C:\Geomant\CE\Admin\modules\constants.asp

  14. Edit the following constants so these would point to the RP external FQDN/port:

    EMAIL_APPL_URL="https://[ExternalFQDN:ExternalPort]/ACEEmail" REPORT_APPL_URL="https://[ExternalFQDN:ExternalPort]/ACEReport" SCRIPT_SIMULATION_URL="https://[ExternalFQDN:ExternalPort]/ACEAdmin/Scenario/csmm.asp?esessionid=&sessionid={sd_sessionid}&rid={sd_resourceid}&simulate=true"

  15. Save and close this file too.

  16. Launch the CE Server Manager tool and restart all components (or the entire CE Server Host computer).

Client side configuration

To modify an previously installed CE Agent Client:

  1. Log in to each CE Agent Client workstation with a login account of administrator privileges and locate and open the AgentClientApp.Config.xml file. The default path of this file is C:\Geomant\CE\Servers\AgentClientApp.Net\AgentClientApp.Config.xml

  2. Modify each URL parameter to point to the reverse proxy FQDN and port, for example:

    <ConfigParam name="GC_ADD_TASK_URL" ignore="no" value="https://[ExternalFQDN:ExternalPort][rest of the URL]" />

  3. Save and close the file.

  4. Launch the Windows registry editor utility and locate the CustomStateURL key to reflect the RP's FQDN and port value. This can be found within the registry hive of the most recent version of Office, for example:

    **HKLM\SOFTWARE\Policies\Microsoft\Office\15.0\Lync**

    or

    **HKLM\SOFTWARE\Policies\Microsoft\Office\16.0\Lync**

    etc.

    The CustomStateURL should look something like this: https://[ExternalFQDN:ExternalPort]/ClientAccessServer/ace_presence.xml

  5. Close the registry editor utility and log in to the Skype For Business Client application – do not launch the CE Agent Client application just yet. Check the available presence state values in the SfB/Lync Client, if you see the CE custom states, then you can log in to the CE Agent Client application.

Configuring the Installer of a new CE Agent Client deployment

  1. The Protocol setting should be SOAP.
  2. Tick (check) the secure communication check box.
  3. The CE Core Server FQDN should point to [ExternalFQDN:ExternalPort]
  4. The Web Services setting must point to [ExternalFQDN:ExternalPort]
Sorry, your browser does not support inline SVG. article updatedarticle updated6/23/2020 9:06:55 AM (UTC)6/23/2020 9:06:55 AM (UTC)