Forum Discussion
ca689_1627
Sep 23, 2011Nimbostratus
Exchange 2010 and APM objects
Hello all.
We currently have a single set of LTM virtual server objects set up (created byt he Exchange 2010 template) to provide load balancing for our mutli-member CAS Array. This works great for internal and external users using Outlook Web App.
Now... we need to configure APM access policies to authenticate external users. My questions are as follows:
1. Do we apply the set of APM objects to the existing virtual server that is currently used for both internal and external access?
2. Do we leave the existing virtual server alone, use it for our internal users, and create a new virtual server for our external users and apply APM access policies to that?
3. If 2, would the pool member simply be a single object pointing to the existing virtual server?
Any other ideas or recommendations on what we're trying to accomplish? Any help would be much appreciated.
- Best practice would be to enable APM functionality on a separate virtual server and use split DNS. That is, if currently your users go to https://mail.contoso.com, then you'd want to setup that name to resolve to your existing VIP internally and to your newly-created VIP externally. By deploying this you avoid any potential negative interactions with Autodiscover and Kerberos authentication issues internally, conserve APM resources to protect access only for untrusted(external) access, and completely separate internal and external configuration for ease of troubleshooting, change management, and administration.
- ca689_1627Nimbostratus
- I am a bit confused - you're saying internal OWA connections - did you mean external instead? Your internal users should not be going through APM - they should be going to the internal VIP that does not have APM applied to it. External users should be going to APM.
- ca689_1627Nimbostratus
- Ah, that explains it. You should be deploying according to this guide:
- ca689_1627Nimbostratus
- Yes, that is correct. You do not want to create Web Applications for OWA. The guide I pointed you to allows you to setup APM to provide secure authentication and proxy of all HTTP-based Exchange services - OWA, ActiveSync, Autodiscover, EWS, and Outlook Anywhere.
- ca689_1627Nimbostratus
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects