Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2009-10-12

This topic describes how you can use Microsoft Internet Security and Acceleration (ISA) Server 2006 with Outlook Anywhere. We recommend that you use ISA Server 2006 for all available client access methods in Microsoft Exchange Server 2010. When you publish Outlook Anywhere client access with ISA Server 2006, communications from the Outlook clients located on the Internet to the ISA Server computer and from the ISA Server computer to the Client Access server are encrypted using Secure Sockets Layer (SSL).

In many organizations, users need to have access to their mailbox when they're away from the office. Outlook Anywhere ensures that users can interact with their Exchange information from any location. To support this client access method, specific paths must be published on the ISA Server computer.

Looking for management tasks related to Outlook Anywhere? See Managing Outlook Anywhere.

Contents

Exchange 2010 Services Used with ISA Server 2006

ISA Server 2006 Features for Outlook Anywhere Client Access

ISA Server 2006 Deployment Options for Outlook Anywhere

How to Deploy ISA Server 2006 for Outlook Anywhere

Exchange 2010 Services Used with ISA Server 2006

The following table lists the Exchange services that are supported by ISA Server 2006 for Exchange 2010 and used by Outlook Anywhere clients.

Exchange 2010 services used with ISA Server 2006

Feature Path Description

Outlook Anywhere

/rpc/*

Internet-based access to an Exchange deployment by using RPC over HTTP or RPC over HTTPS.

Unified Messaging

/unifiedmessaging/*

Exchange 2010 Unified Messaging puts all e-mail, voice mail, and fax messages into one Exchange 2010 mailbox that can be accessed from a variety of devices.

Offline Address Book

/OAB/*

An offline address book (OAB) is a copy of an address book that's been downloaded so that an Outlook user can access address book information while disconnected from the server.

Exchange Web Services

/ews/*

This virtual directory is used for the Autodiscover service and the Availability service to provide free/busy information.

Autodiscover

/Autodiscover/*

The Autodiscover service provides access to Exchange features for Microsoft Office Outlook 2007 clients that are connected to your Exchange messaging environment.

Return to top

ISA Server 2006 Features for Outlook Anywhere Client Access

The following table describes several of the benefits of using ISA Server 2006 to protect client access to your Exchange deployment using Outlook Anywhere.

ISA Server 2006 features for Outlook Anywhere

Feature Description More information

Exchange server locations are hidden

When you publish an application through ISA Server, you're protecting the server from direct external access because the name and IP address of the server can't be accessed by the user. The user accesses the ISA Server computer. This computer forwards the request to the server according to the conditions of the server publishing rule.

Publishing Exchange Server 2007 with ISA Server 2006

SSL Bridging and Inspection

SSL bridging protects against attacks that are hidden in SSL-encrypted connections. For SSL-enabled Web applications, after ISA Server receives the client's request, ISA Server decrypts it, inspects it, and ends the SSL connection with the client computer. The Web publishing rules determine how ISA Server communicates the request for the object to the published Web server. If the secure Web publishing rule is configured to forward the request by using secure HTTP (HTTPS), ISA Server initiates a new SSL connection with the published server. Because the ISA Server computer is now an SSL client, it requires the published Web server to respond with a server-side certificate.

Best Practices for Performance in ISA Server 2006

Return to top

ISA Server 2006 Deployment Options for Outlook Anywhere

Before you deploy ISA Server 2006 to help secure communication from Outlook Anywhere clients on the Internet to Exchange Client Access servers, you must verify that you've correctly configured your Exchange deployment to support Outlook Anywhere clients. You will then run the Exchange Publishing Rule wizard to provide Outlook Anywhere access to your Exchange deployment.

Install a Server Certificate for ISA Server 2006

To enable an encrypted channel by using SSL between the client computer and the ISA Server computer, you must install a server certificate on the ISA Server computer. This certificate should be issued by a public certification authority (CA) because it will be accessed by users on the Internet. If a private CA is used, the root CA certificate from the private CA must be installed on any computer that must create an encrypted channel (HTTPS) to the ISA Server computer.

For more information about how to install a server certificate on ISA Server 2006, see Publishing Exchange Server 2007 with ISA Server 2006.

Return to top

How to Deploy ISA Server 2006 for Outlook Anywhere

You can run the Exchange Publishing Rule wizard to provide Outlook Anywhere access to your Exchange deployment by following these steps:

  1. Create a server farm (optional)   When you have more than one Exchange Client Access server, you can use ISA Server to provide load balancing for these servers. The server farm properties determine the following:

    • Servers that are included in the farm

    • Connectivity verification method that ISA Server will use to verify that the servers are functioning

  2. Create a Web listener   When you create a Web publishing rule, you must specify a Web listener to use. The Web listener properties determine the following:

    • IP addresses and ports on the specified networks that the ISA Server computer uses to listen for Web requests (HTTP or HTTPS)

    • Server certificates to use with IP addresses

    • Authentication method to use

    • Number of concurrent connections that are allowed

    • Single sign-on (SSO) settings

  3. Create an Exchange Web client access publishing rule   When you publish an internal Exchange 2010 Client Access server through ISA Server 2006, you protect the Web server from direct external access because the name and IP address of the server can't be accessed by the user. The user accesses the ISA Server computer. The ISA Server computer forwards the request to the internal Web server according to the conditions of your Web server publishing rule. An Exchange Web client access publishing rule is a Web publishing rule that contains default settings appropriate to Exchange client access.

For more information about how to use the Exchange Publishing Rule wizard, see Publishing Exchange Server 2007 with ISA Server 2006.

Return to top