16 août 2013

Part 1: Reverse Proxy for Exchange Server 2013 using IIS ARR

For a long time, ForeFront TMG (and ISA before it) has been the go-to Microsoft reverse proxy solution for many applications, including Exchange Server. However, with no more development roadmap for TMG 2010 a lot of customers are looking out for an alternative solution that works well with Exchange Server 2013. The Windows team have added an additional component called Application Request Routing (ARR, or as Greg the pirate says, ARR!) 2.5 to the Internet Information Service (IIS) role, which enables IIS to handle reverse proxy... [Lire la suite]
Posté par jcdemarque à 13:42 - - Commentaires [0] - Permalien [#]
Tags : , , , , , , , , , , , , ,

30 janvier 2013

Réponse à une question sur Apache en Reverse Proxy et les certificats SSL clients

J'ai reçu une demande de détails sur l'authentification par certificat SSL Client sur un Apache en mode Reverse Proxy. Voici donc des détails sur la configuration : http://stackoverflow.com/questions/11323309/making-a-two-way-ssl-authentication-between-apache-httpd-reverse-proxy-and-tomca http://stackoverflow.com/questions/3369443/switch-sslverifyclient-within-reverseproxy-context  Pour la configuration proprement dite du Reverse Proxy Apache: http://www.apachelounge.com/viewtopic.php?p=18171  ... [Lire la suite]
Posté par jcdemarque à 14:20 - - Commentaires [1] - Permalien [#]
Tags : , , , , , , , , ,
25 novembre 2012

Publishing Exchange Server 2013 using TMG

Now that Exchange Server 2013 is available, some of you may well be wondering how to publish it to the Internet using Microsoft Threat Management Gateway (TMG) or perhaps the Microsoft Unified Access Gateway (UAG). This post will help you configure TMG, for sure, but not UAG – as for the time being, you can’t effectively publish Exchange Server 2013 using UAG without turning off many of the security features in UAG. Why’s that? Well, as you’ll have gathered from other posts on this fine blog, we re-wrote OWA for Exchange 2013. And... [Lire la suite]
Posté par jcdemarque à 18:40 - - Commentaires [0] - Permalien [#]
Tags : , , , , , , ,
24 janvier 2011

Using NTLM Outlook Anywhere Authentication through Forefront TMG and UAG

The last in the series of papers I wrote in this general area has just been published and is available here. This one details the configuration you need when you want to have Outlook Anywhere use NTLM authentication when published through TMG or UAG. Why would you ever want to do this? Well, if your clients are domain joined it does avoid the Basic authentication pop up in most cases, and because it is more secure than Basic as credentials never pass over the wire (though of course with Basic they are, or certainly should be,... [Lire la suite]
Posté par jcdemarque à 22:03 - - Commentaires [0] - Permalien [#]
Tags : , , , , , , , ,
06 décembre 2010

More Whitepapers to Help You Securely Publish Exchange

A few months ago we published a Whitepaper detailing the steps required to securely publish Exchange to the Internet using TMG and UAG. (That document has recently been updated by the way, and the newest version is available here White Paper - Publishing Exchange Server 2010 with Forefront). At the end of the last post I hinted at some related upcoming Whitepapers. The first two of them are ready. The first is about using IPsec to restrict access to OWA and Outlook Anywhere to machines you control or manage, and it is available... [Lire la suite]
Posté par jcdemarque à 22:13 - - Commentaires [0] - Permalien [#]
Tags : , , , , , , , , ,
16 octobre 2010

TMG is Unable to Listen on Port 80 (no IIS was not installed)

Introduction Consider the scenario where a TMG 2010 Server is installed as Hyper-V guest on a Windows 2008 Server. You publish a website on port 80 or enable HTTP to HTTPS redirection on a Web Listener for an existing SSL publishing rule. When you try to access the published website you get an error: 10060 Connection Refused. Troubleshooting A quick look at the TMG Live Logging reveals the following: Netstat output indicates that Process ID 4 (System) is listening on port TCP 80 as shown below: This explains why... [Lire la suite]
Posté par jcdemarque à 11:33 - - Commentaires [0] - Permalien [#]
Tags : , , , , , ,
16 octobre 2010

Publishing POP, IMAP & SMTP Settings In Exchange 2010 SP1 OWA…

Exchange Team has provided an option to configure POP, IMAP and SMTP settings and publish it in 2010 SP1 OWA, as an information for users. Helpdesk can always direct users to look at the information in OWA & setup their POP or IMAP client, if your organization is still using it. By default (new in SP1), you have a new link called “Settings for POP,IMAP & SMTP Access” in the “Options” page (ECP to be precise). If you click the link, there won’t be any information published by default. Let’s say that your... [Lire la suite]
Posté par jcdemarque à 10:50 - - Commentaires [0] - Permalien [#]
Tags : , , , , ,
20 juillet 2010

Publishing Exchange Server 2010 with Forefront UAG and TMG

Since joining the Exchange Customer Experience team a few months ago, a question I am commonly asked (aside from “When are you taking over the storage calculator from Ross? He’s a busy chap and as the new guy on the team you should help him out so he can take a break now and then.” – these comments added by Ross as a pre-condition to publishing this) is how to increase the security of access to Exchange from the Internet. I’m asked this mainly because I have a particular interest in client access and security aspects of Exchange, and... [Lire la suite]
Posté par jcdemarque à 21:56 - - Commentaires [0] - Permalien [#]
Tags : , , , , , , ,
06 janvier 2010

ISA 2006 SP1 Configuration with Exchange 2010

Un très bon post sur le Blog de la Team Exchange : While ISA 2006 SP1 includes a Client Access Web Publishing Wizard for both Exchange 2003 and Exchange 2007, the wizard does not have any knowledge of Exchange 2010. Exchange 2010 includes the following changes with respect to its URLs and virtual directories: Exchange 2010 Client Access Servers (CAS) no longer utilize the /exchweb virtual directory. Exchange 2010 CAS no longer utilizes the /unifiedmessaging virtual directory. Exchange 2010 CAS provides a new... [Lire la suite]
Posté par jcdemarque à 10:51 - Commentaires [0] - Permalien [#]
Tags : , , , , , ,