Use ISA to reverse-proxy web-based mail products, such as Outlook Web Access, whenever possible. Use a second external IP Address, DNS host, and certificate if forms-based authentication for OWA is required to co-exist with OMA, ActiveSync, and RPC-HTTP. Use Secure Sockets Layer (SSL) encryption whenever possible to secure Outlook Web Access. Use forms-based authentication where possible to secure access and prevent unauthenticated traffic from touching the Exchange server. Secure an OWA virtual server with the settings described in Table 12.1.
|