Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2008-11-13

This topic describes how you can use Microsoft Internet Security and Acceleration (ISA) Server 2006 with Microsoft Outlook Anywhere.  

When you publish Outlook Anywhere client access with ISA Server 2006, communications from the Outlook clients located on the Internet to the ISA Server computer and from the ISA Server computer to the Client Access server are encrypted by using Secure Sockets Layer (SSL).

In many organizations, users must have mailbox access when they are not in the office. Outlook Anywhere ensures that users can interact with their Exchange information from any location. To support this client access method, specific paths must be published on the ISA Server computer.

The following table lists the Exchange services that are supported by ISA Server 2006 for Exchange 2007 and used by Outlook Anywhere clients.

Exchange 2007 services used with ISA Server 2006

Feature Path Description

Outlook Anywhere

/rpc/*

Internet based access to an Exchange deployment by using RPC over HTTP or RPC over HTTPS.

Unified Messaging

/unifiedmessaging/*

Exchange 2007 Unified Messaging puts all e-mail, voice, and fax messages into one Exchange 2007 mailbox that can be accessed from a variety of devices.

Offline Address Book

/OAB/*

An offline address book (OAB) is a copy of an address book that has been downloaded so that an Outlook user can access address book information while disconnected from the server.

Exchange Web Services

/ews/*

This virtual directory is used for the Autodiscover service and the availability service to provide free/busy information.

Autodiscover

/Autodiscover/*

The Autodiscover service provides access to Microsoft Exchange features for Microsoft Office Outlook 2007 clients that are connected to your Microsoft Exchange messaging environment.

ISA Server 2006 Features for Outlook Anywhere Client Access

The following table describes several of the benefits of using ISA Server 2006 to protect Outlook Anywhere–based client access to your Exchange deployment.

ISA Server 2006 features for Outlook Anywhere

Feature Description More information

Exchange server locations are hidden

When you publish an application through ISA Server, you are protecting the server from direct external access because the name and IP address of the server cannot be accessed by the user. The user accesses the ISA Server computer. This computer forwards the request to the server according to the conditions of the server publishing rule.

Publishing Exchange Server 2007 with ISA Server 2006

SSL Bridging and Inspection

SSL bridging protects against attacks that are hidden in SSL-encrypted connections. For SSL-enabled Web applications, after ISA Server receives the client's request, ISA Server decrypts it, inspects it, and ends the SSL connection with the client computer. The Web publishing rules determine how ISA Server communicates the request for the object to the published Web server. If the secure Web publishing rule is configured to forward the request by using secure HTTP (HTTPS), ISA Server initiates a new SSL connection with the published server. Because the ISA Server computer is now an SSL client, it requires the published Web server to respond with a server-side certificate.

Best Practices for Performance in ISA Server 2006

ISA Server 2006 Deployment Options for Outlook Anywhere

Before you deploy ISA Server 2006 to help secure communication from Outlook Anywhere clients on the Internet to Exchange Client Access servers, you must verify that you have correctly configured your Exchange deployment to support Outlook Anywhere clients. For more information, see Deploying Outlook Anywhere. You will then run the Exchange Publishing Rule Wizard to provide Outlook Anywhere access to your Exchange deployment.

Install a Server Certificate for ISA Server 2006

To enable an encrypted channel by using SSL between the client computer and the ISA Server computer, you must install a server certificate on the ISA Server computer. This certificate should be issued by a public certification authority (CA) because it will be accessed by users on the Internet. If a private CA is used, the root CA certificate from the private CA must be installed on any computer that has to create an encrypted channel (HTTPS) to the ISA Server computer.

For more information about how to install a server certificate on ISA Server 2006, see Publishing Exchange Server 2007 with ISA Server 2006.

How to Deploy ISA Server 2006 for Outlook Anywhere

You can run the Exchange Publishing Rule Wizard to provide Outlook Anywhere access to your Exchange deployment by following these steps:

  1. Create a server farm (optional)   When you have more than one Exchange Client Access server, you can use ISA Server to provide load balancing for these servers. The server farm properties determine the following:

    • Servers that are included in the farm

    • Connectivity verification method that ISA Server will use to verify that the servers are functioning

  2. Create a Web listener   When you create a Web publishing rule, you must specify a Web listener to use. The Web listener properties determine the following:

    • IP addresses and ports on the specified networks that the ISA Server computer uses to listen for Web requests (HTTP or HTTPS)

    • Server certificates to use with IP addresses

    • Authentication method to use

    • Number of concurrent connections that are allowed

    • Single sign on (SSO) settings

  3. Create an Exchange Web client access publishing rule   When you publish an internal Exchange 2007 Client Access server through ISA Server 2006, you protect the Web server from direct external access because the name and IP address of the server cannot be accessed by the user. The user accesses the ISA Server computer. The ISA Server computer forwards the request to the internal Web server according to the conditions of your Web server publishing rule. An Exchange Web client access publishing rule is a Web publishing rule that contains default settings appropriate to Exchange client access.

For more information about how to use the Exchange Publishing Rule Wizard, see Publishing Exchange Server 2007 with ISA Server 2006.

For More Information