• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

CAS config after SSL offload by loadbalancer

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2010] >> Outlook Web Access >> CAS config after SSL offload by loadbalancer Page: [1]
Login
Message << Older Topic   Newer Topic >>
CAS config after SSL offload by loadbalancer - 23.Sep.2010 11:09:10 AM   
Gotink

 

Posts: 13
Joined: 13.Sep.2010
Status: offline
We have 2 CAS servers behind a F5 loadbalancer the offloads the certificate. So the CAS to F5 communication is http, not https.
We only use OWA internaly, not from the (big-bad) internet. Also we don't use (server) activesync. We use single-sign-on with windows authentication, not FBA.
I have read Henrik's article about how to config CAS but still have questions.
Should I set the owa and ecp virtual directories internal url to point to https of the server?
Should I set the ews and oab virtual directories internal url to point to https of the loadbalancer?
Why I do not understand. When is this setting used?
Do I have to configure the externalurl's? (not using internet access)
How do I prevent users accessing http to CAS servers, bypassing the loadbalancer? With firewall rules?
Post #: 1
RE: CAS config after SSL offload by loadbalancer - 23.Sep.2010 2:22:06 PM   
travis.sheldon

 

Posts: 359
Joined: 16.Sep.2010
Status: offline
quote:


Should I set the owa and ecp virtual directories internal url to point to https of the server?


Thats what I do to all of my servers.

quote:

Should I set the ews and oab virtual directories internal url to point to https of the loadbalancer?


I would if you're doing SSL offload.

quote:

Why I do not understand. When is this setting used?


AFAIK any of the "internal/external urls" are used when a client does an autodiscover request..if it's a local request (Not through outlook anywhere) it gets the internal URL.

quote:

Do I have to configure the externalurl's? (not using internet access)


It doesn't hurt..it prevents more frustration in the future if someone wants to access it externally (As long as your company allows it).

quote:

How do I prevent users accessing http to CAS servers, bypassing the loadbalancer? With firewall rules?


Unfortunately that may start causing errors with EMC and EMS because I'm pretty sure they'll send all requests to the internal server name and not to the cas array.

If you utiliize autodiscover then you wont have to worry about users bypassing the server as they would have to manually change their settings to do so, and autodiscover will eventually set them back to what you specify in Exchange.

(in reply to Gotink)
Post #: 2
RE: CAS config after SSL offload by loadbalancer - 30.Sep.2010 2:47:31 AM   
Gotink

 

Posts: 13
Joined: 13.Sep.2010
Status: offline
Thanks, I did not know the autodiscover part of the urls's.

Our users don't use autodiscover so I will try to block http access with the firewall.
I don't think that will do any harm ...

(in reply to travis.sheldon)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2010] >> Outlook Web Access >> CAS config after SSL offload by loadbalancer Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter