IIS & Enfold Proxy
This page mainly applies when you are running Enfold Proxy (EP) with Enfold Server (ES).
Here is a diagram that shows how Internet Information Services (IIS) interacts with Enfold Proxy (EP) Enfold Server (ES) and Active Directory (AD). Enfold Server is a commercial version of Plone which includes special features to allow NTLM authentication through Active Directory. Instructions about how to configure NTLM authentication are available with Enfold Server. (You need to choose an authentication profile for "Trusted Proxy" in Enfold's plasma product).
Enfold Proxy is not actually involved with providing authentication; EP's main job is to translate URLs from Enfold Server/Plone and to arrange for cached copies of web resources to be available so IIS doesn't have to keep requesting them from Enfold Server/Plone.
Several things are worth pointing out about this diagram.
In two cases (2b and 4b), Enfold Proxy is returning cached content.
If you are running a generic version of Plone instead of Enfold Server, you will be using cookie-based authentication (which takes place mainly in Plone). Therefore, separate requests would have to go to Plone (specifically for cookies-based login). These arrows are not shown here.
The main goal of Enfold Proxy is to reduce the number of 4A,5 and 6 requests and instead to use as many 2b and 4b requests as possible.