16 août 2013

Part 1: Reverse Proxy for Exchange Server 2013 using IIS ARR

For a long time, ForeFront TMG (and ISA before it) has been the go-to Microsoft reverse proxy solution for many applications, including Exchange Server. However, with no more development roadmap for TMG 2010 a lot of customers are looking out for an alternative solution that works well with Exchange Server 2013. The Windows team have added an additional component called Application Request Routing (ARR, or as Greg the pirate says, ARR!) 2.5 to the Internet Information Service (IIS) role, which enables IIS to handle reverse proxy... [Lire la suite]
Posté par jcdemarque à 13:42 - - Commentaires [0] - Permalien [#]
Tags : , , , , , , , , , , , , ,

30 janvier 2013

Réponse à une question sur Apache en Reverse Proxy et les certificats SSL clients

J'ai reçu une demande de détails sur l'authentification par certificat SSL Client sur un Apache en mode Reverse Proxy. Voici donc des détails sur la configuration : http://stackoverflow.com/questions/11323309/making-a-two-way-ssl-authentication-between-apache-httpd-reverse-proxy-and-tomca http://stackoverflow.com/questions/3369443/switch-sslverifyclient-within-reverseproxy-context  Pour la configuration proprement dite du Reverse Proxy Apache: http://www.apachelounge.com/viewtopic.php?p=18171  ... [Lire la suite]
Posté par jcdemarque à 14:20 - - Commentaires [1] - Permalien [#]
Tags : , , , , , , , , ,
15 janvier 2013

Lync 2010 Edge Publication : Équilibrage de charge DNS ou répartition de charge matérielle ?

La publication des services Edge est une chose délicate car parfois incomprise par les services réseaux car impliquant des contraintes liées à la supportabilité de Nat et des flux Vidéo. Dans l’environnement Lync deux solutions sont possibles pour publier des services Edge vers l’internet. La première est de se baser sur les fonctions de répartiteur de charges matérielles déjà présentes au sein de l’entreprise. La seconde est de ne pas recourir aux répartiteurs de charge pour utiliser des fonctions plus primaires que sont les... [Lire la suite]
Posté par jcdemarque à 17:22 - - Commentaires [0] - Permalien [#]
Tags : , , , , , , , , ,
17 septembre 2012

Forefront TMG 2010 EOL Announcement

Today, Microsoft finally announced the discontinuing of most of it’s ForeFront products, including the retirement of products used in many Exchange deployments, ForeFront Threat Management Gateway (TMG) 2010 and ForeFront Protection for Exchange (FPE). The products to be discontinued are: ForeFront Threat Management Gateway (TMG), including Forefront TMG Web Protection Services (TMG WPS); ForeFront Protection for Exchange (FPE); ForeFront Protection for SharePoint (FPSP); ForeFront Security for OCS (FSOCS); ForeFront... [Lire la suite]
29 décembre 2011

Using “built in” applications with Windows XP mode

Last week I was asked, on Twitter, if it was possible to publish a built in application (like Internet Backgammon) from Windows XP mode.  The answer is: Yes, but it is a little tricky. Most people use Windows XP mode to run specific applications that they have that will not run under Windows 7.  These people do not want to have their start menus cluttered with all the applications that populate the Windows XP menu – they just want to access their applications.  For this reason, we block publishing of all of the built... [Lire la suite]
Posté par jcdemarque à 18:37 - - Commentaires [0] - Permalien [#]
Tags : , , , ,
24 janvier 2011

Using NTLM Outlook Anywhere Authentication through Forefront TMG and UAG

The last in the series of papers I wrote in this general area has just been published and is available here. This one details the configuration you need when you want to have Outlook Anywhere use NTLM authentication when published through TMG or UAG. Why would you ever want to do this? Well, if your clients are domain joined it does avoid the Basic authentication pop up in most cases, and because it is more secure than Basic as credentials never pass over the wire (though of course with Basic they are, or certainly should be,... [Lire la suite]
Posté par jcdemarque à 22:03 - - Commentaires [0] - Permalien [#]
Tags : , , , , , , , ,

06 décembre 2010

More Whitepapers to Help You Securely Publish Exchange

A few months ago we published a Whitepaper detailing the steps required to securely publish Exchange to the Internet using TMG and UAG. (That document has recently been updated by the way, and the newest version is available here White Paper - Publishing Exchange Server 2010 with Forefront). At the end of the last post I hinted at some related upcoming Whitepapers. The first two of them are ready. The first is about using IPsec to restrict access to OWA and Outlook Anywhere to machines you control or manage, and it is available... [Lire la suite]
Posté par jcdemarque à 22:13 - - Commentaires [0] - Permalien [#]
Tags : , , , , , , , , ,
16 octobre 2010

TMG is Unable to Listen on Port 80 (no IIS was not installed)

Introduction Consider the scenario where a TMG 2010 Server is installed as Hyper-V guest on a Windows 2008 Server. You publish a website on port 80 or enable HTTP to HTTPS redirection on a Web Listener for an existing SSL publishing rule. When you try to access the published website you get an error: 10060 Connection Refused. Troubleshooting A quick look at the TMG Live Logging reveals the following: Netstat output indicates that Process ID 4 (System) is listening on port TCP 80 as shown below: This explains why... [Lire la suite]
Posté par jcdemarque à 11:33 - - Commentaires [0] - Permalien [#]
Tags : , , , , , ,
20 juillet 2010

Publishing Exchange Server 2010 with Forefront UAG and TMG

Since joining the Exchange Customer Experience team a few months ago, a question I am commonly asked (aside from “When are you taking over the storage calculator from Ross? He’s a busy chap and as the new guy on the team you should help him out so he can take a break now and then.” – these comments added by Ross as a pre-condition to publishing this) is how to increase the security of access to Exchange from the Internet. I’m asked this mainly because I have a particular interest in client access and security aspects of Exchange, and... [Lire la suite]
Posté par jcdemarque à 21:56 - - Commentaires [0] - Permalien [#]
Tags : , , , , , , ,
03 mars 2010

Publier des applications distantes depuis un poste de travail – Pourquoi et comment ?

Nous connaissons cette fonctionnalité en mettant en œuvre la fonctionnalité Windows XP Mode sur Windows 7 qui me permet d’accéder directement à mes applications qui s’exécutent dans ma machine virtuelle depuis mon poste de travail Guide pas à pas : Utilisation du XP Mode - http://technet.microsoft.com/fr-fr/windows/ee806852.aspx http://blogs.technet.com/fabricem_blogs/archive/2009/10/13/guide-pas-pas-1ere-partie-installation-et-configuration-virtual-pc-7-et-windows-xp-mode-sur-windows-7.aspx et en particulier le... [Lire la suite]
Posté par jcdemarque à 21:45 - - Commentaires [0] - Permalien [#]
Tags : , , , , , , , ,