|
Create the Exchange ActiveSync Publishing Rule
|
| bet | 14/147 | | Sana | 21.03.2017 | | Hajmi | 1,65 Mb. | | #1016 |
Now that the Exchange front-end server and the ISA Server computer have been properly configured and have the proper server certificates installed, you can start the procedures to publish the Exchange front-end server. Using the Exchange Publishing Wizard, you can provide secure access to your Exchange front-end server.
The following procedures are used to publish your Exchange front-end server.
Create a Server Farm (optional)
When you have more than one Exchange front-end server, you can use ISA Server to provide load balancing for these servers. This will enable you to publish the Web site once, instead of having to run the wizard multiple times. Also, this eliminates the need for a third-party product to load balance a Web site. If one of the servers is unavailable, ISA Server detects that the server is not available and directs users to servers that are working. ISA Server verifies on regular intervals that the servers that are members of the server farm are functioning. The server farm properties determine the following:
Servers included in the farm
Connectivity verification method that ISA Server will use to verify that the servers are functioning
Perform the following procedure to create a server farm.
 To create a server farm
-
1. In the console tree of ISA Server Management, click Firewall Policy:
For ISA Server 2006 Standard Edition, expand Microsoft Internet Securityand Acceleration Server 2006, expand Server_Name, and then click Firewall Policy.
For ISA Server 2006 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, and then click Firewall Policy.
-
On the Toolbox tab, click Network Objects, click New, and select Server Farm. Use the wizard to create the server farm as outlined in the following table.
-
Page
|
Field or property
|
Setting
|
Welcome
|
Server farm name
|
Type a name for the server farm. For example, type Exchange front end servers.
|
Servers
|
Servers included in this farm
|
Select Add and enter either the IP addresses or names of your Exchange front-end servers.
|
Server Farm Connectivity Monitoring
|
Method used to monitor server farm connectivity
|
Select Send an HTTP/HTTPS GET request.
|
Completing the New Server Farm Wizard
|
Completing the New Server Farm Wizard
|
Review the selected settings, and click Back to make changes and Finish to complete the wizard.
|
-
When the wizard completes, click Yes in the Enable HTTP Connectivity Verification dialog box.
-
Click the Apply button in the details pane to save the changes and update the configuration.
|
For more information about connectivity verifiers, see ISA Server product Help.
Create a Web Listener
When you create a Web publishing rule, you must specify a Web listener to be used. The Web listener properties determine the following:
IP addresses and ports on the specified networks that the ISA Server computer uses to listen for Web requests (HTTP or HTTPS).
Server certificates to use with IP addresses.
Authentication method to use.
Number of concurrent connections that are allowed.
Single sign on (SSO) settings.
Collect the following information that will be used when you use the New Web Listener Wizard.
Property
|
Value
|
Web listener name
|
Name: ________________________
|
Client connection security
Note the following:
If HTTP is selected, information between the ISA Server computer and the client will be transferred in plaintext.
If HTTPS is selected, a server certificate needs to be installed on the ISA Server computer.
|
HTTPS or HTTP (circle one)
|
Web listener IP address
|
Network: ___________________
Optional
Specific IP address: ___.___.___.___
 Note:
If this specific IP address is not the primary network adapter IP address, a secondary IP address needs to be configured on the ISA Server computer before creating the Web listener.
|
Authentication settings Web listener SSL certificate
Note:
This is only required if HTTPS has been selected for client connectivity security.
|
___Use a single certificate for this Web listener.
Certificate issued to: _______________________
___Assign a certificate for each IP address. (This option will only be available if a specific IP address has been assigned to the Web listener.)
Certificate issued to: _______________________
|
Authentication
For forms-based authentication, you have options to authenticate your users to ISA Server.
|
For more information about authentication, see Authentication for Mobile Devices on the Corporate Network in Security Considerations within the Corporate Network.
|
Single sign on settings
|
___Enable single sign on.
Single sign on domain name:
___________________________
|
Create a Web listener with the information on the worksheet that you filled in previously, and perform the following procedure.
To create a Web listener
-
1. In the console tree of ISA Server Management, click Firewall Policy:
For ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Server_Name, and then click Firewall Policy.
For ISA Server 2006 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, and then click Firewall Policy.
2. On the Toolbox tab, click Network Objects, click New, and then select Web Listener. Use the wizard to create the Web listener as outlined in the following table.
|
Page
|
Field or property
|
Setting
|
Welcome
|
Web listener name
|
Type a name for the Web listener. For example, type Exchange FBA.
|
Client connection security
|
Select what type of connections this Web Listener will establish with clients
|
Select Require SSL secured connections with clients.
|
Web Listener IP Addresses
|
Listen for incoming Web requests on these networks
ISA Server will compress content sent to clients
|
Select the External network.
Check box should be selected (default).
Click Select IP Addresses.
|
External Network Listener IP Selection
|
Listen for requests on
Available IP Addresses
|
Select Specified IP addresses on the ISA Server computer in the selected network.
Select the correct IP address and click Add.
Note:
For ISA Server Enterprise Edition with an NLB-enabled array, you should select a virtual IP address.
|
Listener SSL Certificates
|
Select a certificate for each IP address, or specify a single certificate for this Web listener
|
Select Assign a certificate for each IP address.
Select the IP address you just selected and click Select Certificate.
|
Select Certificate
|
Select a certificate from the list of available certificates
|
Select the certificate that you just installed on the ISA Server computer. For example, select mail.contoso.com, and click Select. The certificate must be installed before running the wizard.
|
Authentication Settings
|
Select how clients will provide credentials to ISA Server
Select how ISA Server will validate client credentials
|
Select HTML Form Authentication for forms-based authentication and select the appropriate method that ISA Server will use to validate the client's credentials.
For example, select LDAP Authentication if you are installing in workgroup mode. Select Windows (Active Directory) if your ISA Server computer is in a domain configuration.
|
Single Sign on Settings
|
Enable SSO for Web sites published with this Web listener
SSO domain name
|
Leave the default setting to enable SSO.
To enable SSO between two published sites portal.contoso.com and mail.contoso.com, type .contoso.com.
|
Completing the New Web Listener Wizard
|
Completing the New Web Listener Wizard
|
Review the selected settings, and click Back to make changes or Finish to complete the wizard.
|
Create an Exchange Web Client Access Publishing Rule
When you publish an internal Exchange front-end server through ISA Server 2006, you are protecting the Web server from direct external access because the name and IP address of the server are not accessible to the user. The user accesses the ISA Server computer, which then forwards the request to the internal Web server according to the conditions of your Web server publishing rule. An Exchange Web client access publishing rule is a Web publishing rule that contains default settings appropriate to Exchange Web client access.
Collect the following information that will be used when you use the New Exchange Publishing Rule Wizard.
Property
|
Value
|
Exchange publishing rule name
|
Name: ________________________
|
Services
Note:
You can publish all services in a single rule using the same Web listener configured with forms-based authentication. ISA Server 2006 will use Basic authentication for services that do not support forms-based authentication.
|
Exchange version: ____________
__Outlook Web Access
__Outlook RPC over HTTP
__Outlook Mobile Access
_X_Exchange ActiveSync
|
Publishing type
|
__Publish a single Web site
or
__Publish a server farm of load balanced servers
and
Server farm name:_____________
|
Server connection security
|
HTTPS or HTTP (circle one)
Note the following:
If HTTP is selected, information between the ISA Server computer and the Web server will be transferred in plaintext.
If HTTPS is selected, a server certificate needs to be installed on the Exchange front-end server.
|
Internal publishing details
|
Internal site name (FQDN): ______________________
If the FQDN is not resolvable by the ISA Server computer:
Computer name or IP address:_____________________
|
Public name details
|
Accept request for:
__This domain name:______________
or
__Any domain name
|
Select Web listener
|
Web listener:________________
|
User set
|
List user sets that will have access to this rule:
_________________
__________________
|
Use the information on the worksheet that you filled in previously and perform the following procedure to create an Exchange Web client access publishing rule.
To create an Exchange Web client access publishing rule
-
1. In the console tree of ISA Server Management, click Firewall Policy:
For ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Server_Name, and then click Firewall Policy.
For ISA Server 2006 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, and then click Firewall Policy.
2. On the Tasks tab, click Publish Exchange Web Client Access. Use the wizard to create the rule as outlined in the following tables.
|
For a single Web server, use the table in New Exchange Publishing Rule Wizard for a single Web site.
If you are using a server farm, use the table in New Exchange Server Publishing Rule Wizard for a server farm.
New Exchange Publishing Rule Wizard for a Single Web Site
Page
|
Field or property
|
Setting
|
Welcome
|
Exchange Publishing rule name
|
Type a name for the rule. For example, type Exchange Web Client Publishing.
|
Select Services
|
Exchange version
Web client mail services
|
Select the proper version of Exchange. For example, select Exchange Server 2003.
Select the desired access methods.
|
Publishing Type
|
Select if this rule will publish a single Web site or external load balancer, a Web server farm, or multiple Web sites
|
Select Publish a single Web site or load balancer.
|
Server Connection Security
|
Choose the type of connections ISA Server will establish with the published Web server or server farm
|
Select Use SSL to connect to the published Web server or server farm.
Note:
A server certificate must be installed on the published Exchange front-end server, and the root CA certificate of the CA that issued the server certificate on the Exchange front-end server must be installed on the ISA Server computer.
|
Internal Publishing Details
|
Internal site name
|
Type the internal FQDN of the Exchange front-end server. For example, type exchfe.corp.contoso.com.
 Important:
The internal site name must match the name of the server certificate that is installed on the internal Exchange front-end server.
Note:
If you cannot properly resolve the internal site name, you can select Use a computer name or IP address to connect to the published server, and then type the required IP address or name that is resolvable by the ISA Server computer.
|
Public Name Details
|
Accept requests for
Public name
|
This domain name (type below)
Type the domain name that you want ISA Server to accept the connection for. For example, type mail.contoso.com.
|
Select Web Listener
|
Web listener
|
Select the Web listener you created previously. For example, select Exchange FBA.
|
Authentication Delegation
|
Select the method used by ISA Server to authenticate to the published Web server
|
Select Basic authentication.
|
User Sets
|
This rule applies to requests from the following user sets
|
Select the user set approved to access this rule.
|
Completing the New Exchange Publishing Wizard
|
Completing the New Exchange Publishing Rule Wizard
|
Review the selected settings, and click Back to make changes and Finish to complete the wizard.
|
1. Click the Apply button in the details pane to save the changes and update the configuration.
Page
|
Field or property
|
Setting
|
Welcome
|
Exchange Publishing rule name
|
Type Exchange Web client Publishing
|
Select Services
|
Exchange version
Web client mail services
|
Select the proper version of Exchange server. For example, select Exchange Server 2003.
Select the desired access methods.
|
Publishing Type
|
Select if this rule will publish a single Web site or external load balancer, a Web server farm, or multiple Web sites
|
Select Publish a server farm of load balanced Web servers.
|
Server Connection security
|
Choose the type of connections ISA Server will establish with the published Web server or server farm
|
Select Use SSL to connect to the published Web server or server farm.
Note:
A server certificate must be installed on the published Exchange front-end servers, and the root CA certificate must be installed on the ISA Server computer.
|
Internal Publishing Details
|
Internal site name
|
Type exchfe.corp.contoso.com.
|
Specify Server Farm
|
Select the Exchange server farm you want to publish
|
Select the name of the server farm previously created. For example, select Exchange front end servers.
|
Public Name Details
|
Accept requests for
Public name
|
This domain name (type below)
Type mail.contoso.com.
|
Select Web Listener
|
Web listener
|
Select Exchange FBA.
|
Authentication Delegation
|
Select the method used by ISA Server to authenticate to the published Web server
|
Select Basic authentication.
|
User Sets
|
This rule applies to requests from the following user sets
|
Select the user set approved to access this rule.
|
Completing the New Exchange Publishing Rule Wizard
|
Completing the New Exchange Publishing Rule Wizard
|
Review the selected settings, and click Back to make changes and Finish to complete the wizard.
|
4. Click the Apply button in the details pane to save the changes and update the configuration.
|
| |
