Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2008-11-13
This topic describes how you can use Microsoft Internet Security and Acceleration (ISA) Server 2006 with Microsoft Outlook Anywhere.
When you publish Outlook Anywhere client access with ISA Server 2006, communications from the Outlook clients located on the Internet to the ISA Server computer and from the ISA Server computer to the Client Access server are encrypted by using Secure Sockets Layer (SSL).
In many organizations, users must have mailbox access when they are not in the office. Outlook Anywhere ensures that users can interact with their Exchange information from any location. To support this client access method, specific paths must be published on the ISA Server computer.
The following table lists the Exchange services that are supported by ISA Server 2006 for Exchange 2007 and used by Outlook Anywhere clients.
Exchange 2007 services used with ISA Server 2006
Feature | Path | Description |
---|---|---|
Outlook Anywhere |
/rpc/* |
Internet based access to an Exchange deployment by using RPC over HTTP or RPC over HTTPS. |
Unified Messaging |
/unifiedmessaging/* |
Exchange 2007 Unified Messaging puts all e-mail, voice, and fax messages into one Exchange 2007 mailbox that can be accessed from a variety of devices. |
Offline Address Book |
/OAB/* |
An offline address book (OAB) is a copy of an address book that has been downloaded so that an Outlook user can access address book information while disconnected from the server. |
Exchange Web Services |
/ews/* |
This virtual directory is used for the Autodiscover service and the availability service to provide free/busy information. |
Autodiscover |
/Autodiscover/* |
The Autodiscover service provides access to Microsoft Exchange features for Microsoft Office Outlook 2007 clients that are connected to your Microsoft Exchange messaging environment. |
ISA Server 2006 Features for Outlook Anywhere Client Access
The following table describes several of the benefits of using ISA Server 2006 to protect Outlook Anywhere–based client access to your Exchange deployment.
ISA Server 2006 features for Outlook Anywhere
Feature | Description | More information |
---|---|---|
Exchange server locations are hidden |
When you publish an application through ISA Server, you are protecting the server from direct external access because the name and IP address of the server cannot be accessed by the user. The user accesses the ISA Server computer. This computer forwards the request to the server according to the conditions of the server publishing rule. |
|
SSL Bridging and Inspection |
SSL bridging protects against attacks that are hidden in SSL-encrypted connections. For SSL-enabled Web applications, after ISA Server receives the client's request, ISA Server decrypts it, inspects it, and ends the SSL connection with the client computer. The Web publishing rules determine how ISA Server communicates the request for the object to the published Web server. If the secure Web publishing rule is configured to forward the request by using secure HTTP (HTTPS), ISA Server initiates a new SSL connection with the published server. Because the ISA Server computer is now an SSL client, it requires the published Web server to respond with a server-side certificate. |
ISA Server 2006 Deployment Options for Outlook Anywhere
Before you deploy ISA Server 2006 to help secure communication from Outlook Anywhere clients on the Internet to Exchange Client Access servers, you must verify that you have correctly configured your Exchange deployment to support Outlook Anywhere clients. For more information, see Deploying Outlook Anywhere. You will then run the Exchange Publishing Rule Wizard to provide Outlook Anywhere access to your Exchange deployment.
Install a Server Certificate for ISA Server 2006
To enable an encrypted channel by using SSL between the client computer and the ISA Server computer, you must install a server certificate on the ISA Server computer. This certificate should be issued by a public certification authority (CA) because it will be accessed by users on the Internet. If a private CA is used, the root CA certificate from the private CA must be installed on any computer that has to create an encrypted channel (HTTPS) to the ISA Server computer.
For more information about how to install a server certificate on ISA Server 2006, see Publishing Exchange Server 2007 with ISA Server 2006.
How to Deploy ISA Server 2006 for Outlook Anywhere
You can run the Exchange Publishing Rule Wizard to provide Outlook Anywhere access to your Exchange deployment by following these steps:
- Create a server farm (optional) When
you have more than one Exchange Client Access server, you can
use ISA Server to provide load balancing for these
servers. The server farm properties determine the
following:
- Servers that are included in the farm
- Connectivity verification method that ISA Server will use to
verify that the servers are functioning
- Servers that are included in the farm
- Create a Web listener When you create a
Web publishing rule, you must specify a Web listener to use. The
Web listener properties determine the following:
- IP addresses and ports on the specified networks that the ISA
Server computer uses to listen for Web requests (HTTP or HTTPS)
- Server certificates to use with IP addresses
- Authentication method to use
- Number of concurrent connections that are allowed
- Single sign on (SSO) settings
- IP addresses and ports on the specified networks that the ISA
Server computer uses to listen for Web requests (HTTP or HTTPS)
- Create an Exchange Web client access publishing
rule When you publish an internal
Exchange 2007 Client Access server through ISA Server
2006, you protect the Web server from direct external access
because the name and IP address of the server cannot be
accessed by the user. The user accesses the ISA Server
computer. The ISA Server computer forwards the request to the
internal Web server according to the conditions of your Web server
publishing rule. An Exchange Web client access publishing rule is a
Web publishing rule that contains default settings appropriate to
Exchange client access.
For more information about how to use the Exchange Publishing Rule Wizard, see Publishing Exchange Server 2007 with ISA Server 2006.
For More Information
- For more information about how to use ISA Server 2006 with
Exchange 2007, see Using ISA Server 2006
with Exchange 2007.