| [email protected] | Microsoft Certificate Lifecycle Manager.
Folder Proxy + OWA + ECP/EAC · 6 Click Certificate Manager on the Administration menu of the...
Transcript of Folder Proxy + OWA + ECP/EAC · 6 Click Certificate Manager on the Administration menu of the...
Folder Proxy + OWA + ECP/EAC Guide
Version 2.0 | April 2016
Copyright © 2016 iWebGate. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of iWebGate as provided by the explicit terms and conditions of our license agreement.
Basic Rights of Use
Thank you for choosing iWebGate. Registration of your product is required during the installation process outlined in this document. Registration of a single product entitles you to begin using the product for the specific purposes of the product. Additional licensing might be required to use additional features. For more information about iWebGate, visit us at http://www.iwebgate.com.
Trademarks
Microsoft, Windows, Windows NT, and Vista are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
To ensure proper operational function and/or reliability of the product is maintained, iWebGate reserves the right to make changes to the product described within this document, via electronic means or otherwise, without notice. iWebGate does not assume any liability that may occur due to the use, or application of, the product described herein.
Table of Contents
Introduction 4
1. Upload Signed Certificate in VSP 4
2. Configure Folder Proxy in VSP 8
3. Add MFA to Folder Proxy 12
4. Configure DNS Entry 13
5. Outlook Web App (OWA) 13
6. Exchange Control Panel /Exchange Admin Center 14
4
Introduction This guide will show how to set up the Virtual Segmentation Platform (VSP) as a folder
proxy to Microsoft Exchange 2013 Server before accessing Outlook Web App (OWA) and
Exchange Control Panel (ECP) / Exchange Admin Center (EAC) via a web browser.
The steps for establishing a folder proxy and OWA access with the VSP are:
1. Upload Signed Certificate in VSP
2. Configure the Folder Proxy in VSP
3. Add MFA to Folder Proxy
4. Configure DNS Entry
5. Outlook Web App (OWA)
6. Exchange Control Panel (ECP) / Exchange Admin Center (EAC)
Since this is a guide of how to setup a folder proxy for Microsoft Exchange 2013 server
using OWA, additional information on the VSP can be found in its detailed manuals.
Requirements:
Functioning Microsoft Exchange 2013 server and OWA access
Certificate/Private Key for the email domain that is signed by a Certificate
Authority (e.g. *.p12 or *.pfx)
Administrator login credentials to the Virtual Segmentation Platform (VSP) and ECP
/ EAC
Access to DNS records
1. Upload Signed Certificate in VSP Log into the Virtual Segmentation Platform (VSP) with your administrator credentials.
5
6
Click Certificate Manager on the Administration menu of the Virtual Segmentation Platform
(VSP).
Click Upload Signed Certificate in Certificate Manager.
Click Choose File to open File Explorer to select the certificate off your device before
clicking Upload.
Make sure to assign
the certificate by
clicking Assign
It is possible to use the same FQDN as your existing public facing
Exchange Client Access Server (CAS). Export existing certificate/key pair
from the CAS, or choose a new FQDN for the proxy before purchasing a
new certificate for it. The certificate/key pair must be in PFX or P12
format.
.
7
Assign this certificate as the new VSP certificate, by checking Assign and click Save.
8
After assigning the new certificate, log back into the VSP using the new FQDN.
2. Configure Folder Proxy in VSP While logged into the VSP, click Proxy LP on the sidebar before selecting Reverse Proxy
from the list.
9
Click Add in Backends.
10
Set the internal address of the Exchange CAS port (typically 443), and check SSL. Click
Save.
11
In the main Proxy menu, click Add in Backends.
Name the new proxy and click the Folder Proxy option under the Type section of the new
proxy.
12
Under Folder Mapping, select Exchange Web Services from the drop-down list under Pre-
Configured Folder Maps and click Add.
3. Add MFA to Folder Proxy Proxies can use multi-factor authentication (Google Authenticator) to strengthen the
security of the connection.
To configure proxy authentication, click Configure MFA in the main Reverse Proxy
module.
Select the desired 1st Factor Type. This is the authentication users must first enter to get
through to the backend proxy servers.
13
Users accessing the folder will need to enter the Time Based One-Time Password received
through the Google Authethicatior app.
4. Configure DNS Entry If choosing to use a new FQDN for the proxy server, then you can add it to your DNS and
test without danger of disrupting existing Exchange clients.
If choosing the same FQDN as existing public facing Exchange server for the proxy, you
would need to change the DNS record to point it to the proxy's IP address. However, it is
recommended to first test that the proxy and Exchange server configurations are working
as expected before making a change to the DNS configuration.
To test Outlook on the client PC before changing DNS, put an entry in
C:\Windows\System32\Drivers\etc\hosts on the client PC for the FQDN of the proxy for
testing. Once verified that the configuration is correct, change the DNS and remove the
entry from the hosts file. This allows testing without disruption of existing Exchange clients.
5. Outlook Web App (OWA) Open the /owa folder via the proxy on the Exchange server by connecting to https://(FQDN-of-proxy-server)/owa :
14
Enter the username and password, before clicking sign in.
Access to OWA through the folder proxy is now established.
6. Exchange Control Panel (ECP) / Exchange Admin Center (EAC)
Open the /ecp folder via the proxy on the Exchange server by connecting to https://(FQDN-of-proxy-server)/ecp :
15
Enter the Administrator username and password, before clicking sign in.
Access to ECP / EAC through the folder proxy is now established.
Version 2.0 | April 2016