UPDATED: Added more information on permissions.
It is pretty common policy to seperate data servers from web servers. Microsoft may be making headway with making IIS more secure, but IT departments commonly forbid having the two on the same production server.
Microsoft has provided us with a very simple tool to use in this situation. They call it the Analysis Services Data Pump. This ISAPI extension has existed (I think) since SQL 2000, but I recall it had a different name. It is a dll hosted by IIS that takes server requests on HTTP and forwards the requests to the Analysis Server. The server responds to the dll with results and the results are forwarded back to the requestor. Here is the link to the article that explains how to set it all up: http://www.microsoft.com/technet/prodtechnol/sql/2005/httpasws.mspx.
The only thing I would add is that the article has a lot of different directories they reference: D:\tmp\isapi and C:\InetPut\wwwroot and C:\wwwroot. All of these should be the same place. I don’t see any reason that you couldn’t just create a virtual directory in IIS that points directly to %InstallPath%\OLAP.2\OLAP\bin\isapi so that you don’t have to make another copy of the dll. The only reason I can think to make a copy is that it would isolate you from being affected by an update to SQL server if you didn’t want the file to be updated without you testing it. I still don’t know if this is enough of a reason to make a copy. Don’t forget that if you don’t copy into the wwwroot directory, you’ll need to make sure your access permissions are correct. Anything that goes in the wwwroot folder, IUSR automatically has access to it. If you don’t put it in there, (and you use anonymous access) you’ll have to give IUSR permission to the folder where it is.
I just set it up and it works great and was very easy to do. If you work in an environment where port access requests are difficult and a web server already has HTTP ports open, this might be a good solution.