Exchange 2010 CAS: Outlook Web App Proxying vs Redirection

Thursday, August 25, 2011 8:41
Posted in category Exchange & OCS
1 Comment

Just a little learning snack on Outlook Web App Proxying versus Redirection.

Let’s say we have two Active Directory sites, both with at least one Mailbox Server and both with at least one Client Access Server and we want users to be able to use Outlook Web App from the internet.

This means that at least one of the Client Access Servers should be accessible from the Internet. The internet accessible CAS should have Forms Based Authentication enabled, and must have a valid certificate installed on the OWA virtual directory. Furthermore, the internet accessible CAS server must have an External URL associated with it; the URL that Internet users use to access the OWA pages.

Scenario 1 – The second CAS is not accessible from the Internet (Proxying)

In this scenario, only the CAS in one site, let’s say SiteA, is accessible from the Internet. That means that the CAS on the second site, let’s say SiteB, is not accessible from the Internet and has no External URL associated with it. In this scenario, you should enable Windows Integrated Authentication on the CAS in SiteB. Users will access the CAS in SiteA from the Internet. If a user that has a mailbox in SiteB access the CAS in SiteA, that CAS ‘sees’ that the users mailbox resides in SideB, and that that CAS has no External URL associated with it. It will then proxy the request to the CAS in SiteB. So the client accesses the CAS in SiteA, and the CAS in SiteA proxies the request to the CAS in SiteB.

Scenario 2 – The second CAS is accessible from the Internet (Redirection)

In this scenario, both the Client Access Servers in SiteA and in SiteB are accessible from the Internet. Both CASses will have to be configured with an External URL and a valid certificate for the hostname as defined in the External URL. Both of the CASses should have Forms Based Authentication enabled.

If a client access the CAS in SiteA, but has a mailbox in SiteB, the CAS in SiteA ‘sees’ this and sends an HTTP Redirect message to the client. The client then access the CAS in SiteB.

Yes, it’s that simple… really…

You can leave a response, or trackback from your own site.
Tags: , , , ,

One Response to “Exchange 2010 CAS: Outlook Web App Proxying vs Redirection”

  1. exchange policy says:

    December 19th, 2011 at 1:05 AM

    Rainy Day…

    It was a cold day here yesterday, so I just took to surfing around online and found…

Leave a Reply

You must be logged in to post a comment.

«
»