Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2009-10-12
This topic describes how you can use Microsoft Internet Security and Acceleration (ISA) Server 2006 with Outlook Anywhere. We recommend that you use ISA Server 2006 for all available client access methods in Microsoft Exchange Server 2010. When you publish Outlook Anywhere client access with ISA Server 2006, communications from the Outlook clients located on the Internet to the ISA Server computer and from the ISA Server computer to the Client Access server are encrypted using Secure Sockets Layer (SSL).
In many organizations, users need to have access to their mailbox when they're away from the office. Outlook Anywhere ensures that users can interact with their Exchange information from any location. To support this client access method, specific paths must be published on the ISA Server computer.
Looking for management tasks related to Outlook Anywhere? See Managing Outlook Anywhere.
Contents
Exchange 2010 Services Used with ISA Server 2006
ISA Server 2006 Features for Outlook Anywhere Client Access
ISA Server 2006 Deployment Options for Outlook Anywhere
How to Deploy ISA Server 2006 for Outlook Anywhere
Exchange 2010 Services Used with ISA Server 2006
The following table lists the Exchange services that are supported by ISA Server 2006 for Exchange 2010 and used by Outlook Anywhere clients.
Exchange 2010 services used with ISA Server 2006
Feature | Path | Description |
---|---|---|
Outlook Anywhere |
/rpc/* |
Internet-based access to an Exchange deployment by using RPC over HTTP or RPC over HTTPS. |
Unified Messaging |
/unifiedmessaging/* |
Exchange 2010 Unified Messaging puts all e-mail, voice mail, and fax messages into one Exchange 2010 mailbox that can be accessed from a variety of devices. |
Offline Address Book |
/OAB/* |
An offline address book (OAB) is a copy of an address book that's been downloaded so that an Outlook user can access address book information while disconnected from the server. |
Exchange Web Services |
/ews/* |
This virtual directory is used for the Autodiscover service and the Availability service to provide free/busy information. |
Autodiscover |
/Autodiscover/* |
The Autodiscover service provides access to Exchange features for Microsoft Office Outlook 2007 clients that are connected to your Exchange messaging environment. |
ISA Server 2006 Features for Outlook Anywhere Client Access
The following table describes several of the benefits of using ISA Server 2006 to protect client access to your Exchange deployment using Outlook Anywhere.
ISA Server 2006 features for Outlook Anywhere
Feature | Description | More information |
---|---|---|
Exchange server locations are hidden |
When you publish an application through ISA Server, you're protecting the server from direct external access because the name and IP address of the server can't be accessed by the user. The user accesses the ISA Server computer. This computer forwards the request to the server according to the conditions of the server publishing rule. |
|
SSL Bridging and Inspection |
SSL bridging protects against attacks that are hidden in SSL-encrypted connections. For SSL-enabled Web applications, after ISA Server receives the client's request, ISA Server decrypts it, inspects it, and ends the SSL connection with the client computer. The Web publishing rules determine how ISA Server communicates the request for the object to the published Web server. If the secure Web publishing rule is configured to forward the request by using secure HTTP (HTTPS), ISA Server initiates a new SSL connection with the published server. Because the ISA Server computer is now an SSL client, it requires the published Web server to respond with a server-side certificate. |
ISA Server 2006 Deployment Options for Outlook Anywhere
Before you deploy ISA Server 2006 to help secure communication from Outlook Anywhere clients on the Internet to Exchange Client Access servers, you must verify that you've correctly configured your Exchange deployment to support Outlook Anywhere clients. You will then run the Exchange Publishing Rule wizard to provide Outlook Anywhere access to your Exchange deployment.
Install a Server Certificate for ISA Server 2006
To enable an encrypted channel by using SSL between the client computer and the ISA Server computer, you must install a server certificate on the ISA Server computer. This certificate should be issued by a public certification authority (CA) because it will be accessed by users on the Internet. If a private CA is used, the root CA certificate from the private CA must be installed on any computer that must create an encrypted channel (HTTPS) to the ISA Server computer.
For more information about how to install a server certificate on ISA Server 2006, see Publishing Exchange Server 2007 with ISA Server 2006.
How to Deploy ISA Server 2006 for Outlook Anywhere
You can run the Exchange Publishing Rule wizard to provide Outlook Anywhere access to your Exchange deployment by following these steps:
- Create a server farm (optional) When
you have more than one Exchange Client Access server, you can use
ISA Server to provide load balancing for these servers. The server
farm properties determine the following:
- Servers that are included in the farm
- Connectivity verification method that ISA Server will use to
verify that the servers are functioning
- Servers that are included in the farm
- Create a Web listener When you create a
Web publishing rule, you must specify a Web listener to use. The
Web listener properties determine the following:
- IP addresses and ports on the specified networks that the ISA
Server computer uses to listen for Web requests (HTTP or HTTPS)
- Server certificates to use with IP addresses
- Authentication method to use
- Number of concurrent connections that are allowed
- Single sign-on (SSO) settings
- IP addresses and ports on the specified networks that the ISA
Server computer uses to listen for Web requests (HTTP or HTTPS)
- Create an Exchange Web client access publishing
rule When you publish an internal Exchange
2010 Client Access server through ISA Server 2006, you protect the
Web server from direct external access because the name and IP
address of the server can't be accessed by the user. The user
accesses the ISA Server computer. The ISA Server computer forwards
the request to the internal Web server according to the conditions
of your Web server publishing rule. An Exchange Web client access
publishing rule is a Web publishing rule that contains default
settings appropriate to Exchange client access.
For more information about how to use the Exchange Publishing Rule wizard, see Publishing Exchange Server 2007 with ISA Server 2006.