For previous CRM IFDs I have placed the CRM Front End server in the DMZ along with an ADFS Proxy and allowed access from the Domain Controller to the CRM Front End through the firewall.
This is obviously a security vulnerability. For a new install on Windows Server 2012 R2 I was wondering the following:
My question is would the use of the new Windows Server Web Application Proxy (WAP) that acts as both an ADFS Proxy and reverse web proxy allow access to the CRM Front End if the WAP was in the DMZ and the Front end was behind the firewall?
Additionally does the WAP server need to be domain joined? (This is the reason we had to tunnel through the firewall in the first instance).
From this documentation: http://technet.microsoft.com/en-us/library/dn383650.aspx it would appear the answer is that this approach would work however I've not had any experience of using the WAP before.