This article describes how you can setup a proxy server on an existing Microsoft IIS Server in your company to tunnel the ShoreTel Communicator for iPhone App calls to your internal ShoreTel server. ShoreTel was so kind to document this with Apache, but not with IIS. If you do not like to run Apache as an extra instance in your company only for the ShoreTel App you can follow this document and save your time as this solution is really easy to implement.
Installation
- Download Helicon APE (free - for up to 3 sites)
- Install it on your IIS gateway server that is accessible from the Internet or via VPN
- Start up the Helicon Ape Manager
- Right click on the site you'd like to use for the proxy server tunneling and Enable Helicon Ape
- Now select IIS Web Sites
- On the right side you see the file "C:\Program Files\Helicon\Ape\httpd.conf" listed
- Scroll down to the bottom and append below proxy configuration to the file. The IP address 192.0.2.1 is your ShoreTel PBX and must be accessible from your IIS proxy server.
<VirtualHost *:443>
RewriteEngine on
## Proxy rules for ShoreTel iPhone App
# NOTE the rewrite rules have a proxy redirect
RewriteRule ^/theme/(.+)$ /director2/theme/$1 [P]
RewriteRule ^/yui_2.7.0/(.+)$ /director2/yui_2.7.0/$1 [P]
RewriteRule ^/js/(.+)$ /director2/js/$1 [P]
ProxyPass /authenticate/ http://192.0.2.1/
ProxyPassReverse /authenticate/ http://192.0.2.1/
ProxyPass /cas/ http://192.0.2.1:5447/
ProxyPassReverse /cas/ http://192.0.2.1:5447/
ProxyPass /director2/ http://192.0.2.1:5449/
ProxyPassReverse /director2/ http://192.0.2.1:5449/
</VirtualHost>
- Now your are finished. I have configured the virtual host with port 443 to force SSL connections (recommended) and to secure the username and password required for login. You can change this if you are running under other ports or don't have SSL certificate (not recommended).
- Configure the iPhone app with your public server address and the Client User ID and Client Password of an mobile access enabled user. Try out that everything works... Login with users having Active Directory Integration enabled works with DOMAIN\username and the domain password.
NOTE: Make sure your mobile access enabled users set a secure password for their Communicator. It's not forced by ShoreTel, but user should be aware that their mailbox and your ShoreTel system is accessible with this password and the default ShoreTel password is no secure option here.