Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-08-24
Microsoft Internet Security and Acceleration (ISA) Server 2006 and Microsoft Exchange Server 2007 are designed to work together to provide a more secure messaging environment.
ISA Server 2006 and Exchange 2007
ISA Server acts as an advanced firewall that controls Internet-based traffic between multiple networks that are connected to it through its multi-networking feature. When you deploy ISA Server 2006 for Exchange 2007, ISA Server handles all client requests for Exchange information. This includes incoming and outgoing Internet communication.
Benefits of Using ISA Server 2006 with Exchange 2007
New features for ISA Server 2006 are designed specifically to enhance functionality for Exchange 2007. Table 1 describes these features.
Table 1 New features for ISA Server 2006 and Exchange 2007
Feature | Description | How To |
---|---|---|
Web Publishing Load Balancing |
ISA Server 2006 balances the request from the client to an array of published servers. This eliminates the need to deploy Network Load Balancing (NLB) on the published array. |
Web load balancing features are automatically implemented when you publish Outlook Web Access and Outlook Anywhere. Outlook Web Access automatically selects a rule by using cookie-based load balancing. With cookie-based load balancing, all requests related to the same session (the same unique cookie provided by the server in each response) are forwarded to the same server. Outlook Anywhere uses source-IP based load balancing. With source-IP based load balancing, all requests from the same client (source) IP address are forwarded to the same server. Other Exchange services and features such as Exchange ActiveSync must use cookie-based load balancing. This also includes the Exchange services such as the offline address book and the Availability service. |
Link Translation |
Some published Web sites may include references to internal names of computers. Because only the ISA Server 2006 firewall and external namespaces are available to external clients, these references appear as broken links. ISA Server 2006 includes a link translation feature that you can use to create a dictionary of definitions for internal computer names that map to publicly known names. |
ISA Server 2006 implements link translation automatically when you configure Web publishing for Outlook Web Access. |
Secure Sockets Layer (SSL) Bridging Support |
For authenticated and encrypted client access, ISA Server 2006 provides end-to-end security and application layer filtering by using SSL-to-SSL bridging. This means that encrypted data is inspected before it reaches the Exchange server. The ISA Server 2006 firewall decrypts the SSL stream, performs stateful inspection, and then re-encrypts the data and forwards it to the published Web server. Stateful inspection is a firewall architecture that works at the network layer. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection tracks each connection traversing all interfaces of the firewall and makes sure they are valid. |
ISA Server 2006 implements SSL Bridging Support automatically when you configure Web publishing for Outlook Web Access. |
In addition to the features listed in Table 1, ISA Server 2006 is designed to work specifically with the client access methods that you can use with Exchange 2007.
New Exchange Publishing Rule Wizard
When you deploy ISA Server 2006, you use the New Publishing Rule Wizard on the firewall policy tasks to help you with the settings that must be configured to allow access for the following features:
- Outlook Web Access When you deploy ISA
Server 2006 for Outlook Web Access, you use the New
Exchange Publishing Rule Wizard that is on the Firewall Policy
tasks. This new wizard shows the specific settings that must be
configured to allow for client access by
using Outlook Web Access. For more information
about how to configure ISA Server 2006 to use
Outlook Web Access, see Using ISA Server 2006
with Outlook Web Access.
- Exchange ActiveSync When you deploy ISA
Server 2006 for Exchange ActiveSync, you use the New Exchange
Publishing Rule Wizard on the Firewall Policy tasks. This new
wizard shows you the specific settings that must be configured to
allow for Exchange ActiveSync access. Follow the instructions
in the New Exchange Publishing Rule Wizard for ISA Server 2006 to
configure your Exchange deployment to use
Exchange ActiveSync.
- Outlook Anywhere When you deploy ISA
Server 2006 for Outlook Anywhere, you use the New Exchange
Publishing Rule Wizard on the Firewall Policy tasks. This new
wizard shows you the specific settings that must be configured to
allow for Outlook Anywhere access. Follow the instructions in the
New Exchange Publishing Rule Wizard for ISA Server 2006 to
configure your Exchange deployment to use Outlook Anywhere.
- POP3 and IMAP4 Access When you deploy
ISA Server 2006 for POP3 and IMAP4 access to Exchange 2007,
you use the New Exchange Publishing Rule Wizard on the Firewall
Policy tasks. This new wizard shows you the specific settings that
must be configured to allow for POP3 and IMAP4 access. Follow
the instructions in the New Exchange Publishing Rule Wizard for ISA
Server 2006 to configure your Exchange deployment to use POP3 and
IMAP4.