Elan Shudnow’s Blog

There is an excellent article that describes how CAS to CAS proxying and redirection works over here. It was created to supplement this white paper. It also discusses CAS to Exchange 2003. I wanted to discuss some key points on this article from a CAS to CAS situation.

• Proxying is used when you have one internet facing CAS. Your other CAS will be accessible via intranet only. When a client connects to the internal facing CAS, that CAS will see that the user’s mailbox is located in another site. That CAS will then proxy information from the CAS which is located in that user’s site. In order to have CAS Proxying working, ExternalURL properties must not be configured (default) on intranet-only CAS. You must use proxying if you want to have 1 common URL. For example, you want to expose only https://owa.domain.com. This is because even if a client connects to a CAS in another site, that CAS server will do the proxying behind the scenes. Redirection is a bit different since it re-directs the client to a new URL for the CAS that is located in the user’s site in which their mailbox is located. More on this in the next bullet.
• Redirection is used when you have more than one internet facing CAS. So if we have two sites, we make both CAS accessible via the internet. We then configure the CAS’ ExternalURL properties. This method will expose multiple OWA URLs. So in this configuration, one CAS may use https://mail1.domain.com and the other CAS may use https://mail2.domain.com. If a user connects to https://mail1.domain.com and their mailbox is located in a site where the CAS uses the https://mail2.domain.com, the CAS they connect to will automatically re-direct that user to https://mail2.domain.com

Other things to note:

• Proxying does not work with POP3 or IMAP4. If you use either of these protocols, you will have to make sure your certificate, DNS, and firewall is configured to allow POP3 or IMAP4 connectivity to the CAS in that user’s specific site where their mailbox is located. Because of this, you cannot have 1 common URL.
• Redirection only works with OWA.
• Outlook Anywhere uses neither Redirection or CAS-CAS Proxying. If you contact a CAS in another site, the CAS will talk directly with the Mailbox in the other site.
• In order for Proxying to work, Integrated Windows Authentication must be used on the necessary directories in IIS on the intranet-facing CAS.
• If you want to use re-direction for OWA but Proxying for all other services, you can configure the external URL for OWA but leave all other ExternalURL properties blank ($null).

I would highly suggest reading the two articles I linked in the first paragraph if you are deploying Exchange 2007 in separate sites which contain a Mailbox Server, Hub Transport Server, and Client Access Server.

Elan Shudnow :: Sep.06.2007 :: Exchange :: No Comments »

Trackback this post | Feed on Comments to this post