Publishing Office Web App Server using Forefront TMG.

This is not a post on how to install Office Web App Server in your environment. For a walkthrough of the installation process, check out this blog post by Terence Luk: http://terenceluk.blogspot.no/2012/11/deploying-office-web-apps-server-for.html

So, Publishing Office Web Apps using Forefront TMG:
If you would like to securely publish Office Web Apps to the internet in a Lync environment, you can use a number of solutions. A widely used method is to do this with Microsoft Forefront TMG server, as this solution often is used in connection with Lync web services.

The procedure is to generate a new web publishing rule pointing towards the Office Web App server internal web URL(recommend using the same URL internally as for public publishing eq. https://OfficeWebApps.domain.com in public and internal DNS). The listener would be the same as for Lync web services, and the Office Web Apps URL should be registered with the public IP address of the Forefront TMG server used by the Lync listener.

You would also have to update the excisting SAN certificate used by Lync or create a New Public SSL certificate containing the SAN for the Office Web Apps server(eq. officewebapps.domain.com) and install this certificate on the Office Web Apps Server and the reverse proxy used for internet publishing(the TMG Server).

To test the publishing of the Office Web App server, go to the published URL from an external client and verify that the page displays the XML-output.

TMG_RuleTest_OfficeWebApp
Error Message when testing Office Web Apps Publishing rule.

If you try testing the Web Publishing Rule from the TMG server, you might experience a “test failed” as shown in this picture.
Even though it seems like the rule won’t work, if you try testing from the internet with the published URL and are able to get the XML-output, you’re good to go.

The test from the TMG server fails because there are no content present in the Virtual web Directory of the Web App server.