Transcription

IMPORTANT: This guide has been archived. While the content in this guide is still valid for theproducts and version listed in the document, it is no longer being updated and mayrefer to F5 or 3rd party products or versions that have reached end-of-life orend-of-support. See https://support.f5.com/csp/article/K11163 for more information.Deploying F5 with Microsoft Exchange 2013 and 2010 Client Access ServersWelcome to the F5 and Microsoft Exchange 2010 and 2013 Client Access Server deployment guide. Use this document forguidance on configuring the BIG-IP system version 11 and later to provide additional security, performance and availability forExchange Server 2010 and Exchange Server 2013 Client Access Servers.When configured according to the instructions in this guide, whether using an iApp template or manually, the BIG-IP system performsas a reverse proxy for Exchange CAS servers, and also performs functions such as load balancing, compression, encryption, caching,and pre-authentication.Why F5?chivedF5 offers a complete suite of application delivery technologies designed to provide a highly scalable, secure, and responsive Exchangedeployment. he BIG-IP LTM can balance load and ensure high-availability across multiple Client Access servers using a variety of loadTbalancing methods and priority rules. TerminatingHTTPS connections at the BIG-IP LTM reduces CPU and memory load on Client Access Servers, and simplifiesTLS/SSL certificate management for Exchange 2010 and Exchange 2013 SP1 and later. he BIG-IP Access Policy Manager (APM), F5's high-performance access and security solution, can provide preTauthentication, single sign-on, and secure remote access to Exchange HTTP-based Client Access services. he BIG-IP Advanced Firewall Manager (AFM), F5's high-performance, stateful, full-proxy network firewall designed to guardTdata centers against incoming threats that enter the network can help secure and protect your Exchange deployment. he BIG-IP LTM TCP Express feature set ensures optimal network performance for all clients and servers, regardless ofToperating system and version. The LTM provides content compression features which improve client performance.ArProducts and versionsProductVersionMicrosoft Exchange Server2010, 2010 SP1, SP2, and SP3; 2013, 2013 SP1, and all Cumulative Updates (CUs)BIG-IP systemManual configuration: 11.0 - 13.1iApp template: 11.3 - 13.1BIG-IP iApp templatef5.microsoft exchange 2010 2013 cas.v1.6.2 and v1.6.3rc6Deployment Guide version3.0 See Document Revision History on page 140 for revision detailsLast updated10-24-2019Important: M ake sure you are using the most recent version of this deployment guide, available change-iapp-dg.pdfFor previous versions of this and other guides (including guides for previous Exchange iApps), see the Deployment guideArchive tab on f5.com: -608

ContentsIntroduction 3Prerequisites and configuration notes 4Configuring the iApp for Exchange Hybrid deployments 7iApp Deployment Scenarios 8This BIG-IP LTM will load balance and optimize Client Access Server traffic 8 This BIG-IP LTM will receive HTTP-based Client Access traffic forwarded by a BIG-IP APM 9 This BIG-IP APM will provide secure remote access to CAS 10Preparation worksheets 11Configuring the BIG-IP system for Microsoft Exchange using the iApp template 1313chivedDownloading and importing the new iApp Getting started with the Exchange iApp template 14Configuring the LTM to receive HTTP-based Client Access traffic forwarded by an APM 40Configuring the BIG-IP APM to provide secure remote access to Client Access Servers 56Modifying the iApp configuration 66Optional: Configuring the BIG-IP system to support MAPI over HTTP in Exchange 2013 SP1 68Optional: Configuring APM to Support Windows Integrated Authentication For Outlook Web App 70Optional: Configuring BIG-IP LTM/APM to support NTLMv2-only deployments in Exchange 2010 71Troubleshooting 7486Appendix B: Using X-Forwarded-For to log the client IP address 87Appendix C: Manual configuration tables 89ArAppendix A: Configuring additional BIG-IP settings Configuration table if using a combined virtual server for Exchange HTTP-based services 89Configuration table if using separate virtual servers for Exchange HTTP-based services 92BIG-IP APM manual configuration 107Optional: Securing Access to the Exchange 2013 Administration Center with BIG-IP APM 119Optional: Configuring the APM for Outlook Anywhere with NTLM Authentication - BIG-IP v11.3 or later only 123Manually configuring the BIG-IP Advanced Firewall Module to secure your Exchange deployment 129Appendix D: Technical Notes 134Appendix E: Active Directory and Exchange Server configuration for NTLM 136BIG-IP APM/LTM without DNS lookups 138Document Revision History 140F5 Deployment Guide2Microsoft Exchange Server 2010/2013

IntroductionThis document provides guidance for using the updated, downloadable BIG-IP iApp Template to configure the Client Access serverrole of Microsoft Exchange Server, as well as instructions on how to configure the BIG-IP system manually. This iApp template wasdeveloped for use with both Exchange Server 2013 and 2010.You can configure the BIG-IP system to support any combination of the following services supported by Client Access servers:Outlook Web App (which includes the HTTP resources for Exchange Control Panel), Exchange Web Services, Outlook Anywhere (RPCover HTTP, including the Offline Address Book), ActiveSync, Autodiscover, RPC Client Access (MAPI) for Exchange 2010 only, POP3,IMAP4, and MAPI over HTTP.For more information on the Client Access Server role, see 2010: 5%28EXCHG.140%29.aspx2013: 14(v exchg.150).aspxFor more information on the F5 devices in this guide, see http://f5.com/products/big-ip/.You can also see the BIG-IP deployment guide for SMTP services at: .chivedYou can also visit the Microsoft page of F5’s online developer community, DevCentral, for Microsoft forums, solutions, blogs and more:http://devcentral.f5.com/Microsoft/.To provide feedback on this deployment guide or other F5 solution documents, contact us at [email protected] is F5 iApp?F5 iApp is a powerful set of features in the BIG-IP system that provides a new way to architect application delivery in the data center.iApp includes a holistic, application-centric view of how applications are managed and delivered inside, outside, and beyond the datacenter. The iApp template for Microsoft Exchange Server acts as the single-point interface for building, managing, and monitoring theExchange 2010 and 2013 Client Access role.For more information on iApp, see the White Paper F5 iApp: Moving Application Delivery Beyond the pdf.AdvancedArSkip aheadIf you are already familiar with the Exchange iApp, you can skip directly to the relevant section after reading the prerequisites: Configuring the BIG-IP system for Microsoft Exchange using the iApp template on page 13 if using the iApp template, or Appendix C: Manual configuration tables on page 89 if configuring the BIG-IP system manually.F5 Deployment Guide3Microsoft Exchange Server 2010/2013

Prerequisites and configuration notesUse this section for important items you need to know about and plan for before you begin this deployment. Not all items will apply inall implementations, but we strongly recommend you read all of these items carefully.General BIG-IP system prerequisiteshh T he configuration described in this deployment guide is supported by F5 Networks. F5 Technical support can help validatethe configuration described in this guide if necessary, but your environment may have other factors which may complicate theconfiguration.If you need additional guidance or help with configuration that is not included in this guide, we recommend you consultyour F5 FSE, check DevCentral (https://devcentral.f5.com/) and AskF5 (https://support.f5.com/), or contact F5 ProfessionalServices (https://f5.com/support/professional-services) to discuss a consulting engagement. If you believe you have found anerror in this guide, contact us at [email protected] F or this deployment guide, the BIG-IP system must be running version 11.0 or later. If you are using a previous version ofthe BIG-IP system, see the Deployment Guide index on F5.com. This configuration does not apply to previous versions.hh M ost of the configuration guidance in this document is performed on F5 devices. We provide a summary of Exchangeconfiguration steps for reference only; for complete information on how to deploy or configure the components of MicrosoftExchange Server, consult the appropriate Microsoft documentation. F5 cannot provide support for Microsoft products.chivedhh If deploying BIG-IP APM features, you must fully license and provision APM before starting the iApp template.hh T his document provides guidance on using the Exchange iApp template. Additionally, for users familiar with the BIG-IPsystem, there are manual configuration tables at the end of this guide. Because of the complexity of this configuration, westrongly recommend using the iApp to configure the BIG-IP system.hh F or Exchange 2010 only: NTLMv2 is supported for external monitors when deploying the iApp for Exchange 2010 with APMon BIG-IP v13.0 and later. If you are using BIG-IP v13.0 or later, and need advanced monitors to support NTLMv2, you mustperform the manual guidance in Optional: Configuring BIG-IP LTM/APM to support NTLMv2-only deployments in Exchange2010 on page 71.If you are using Exchange 2013, the external monitors use SNMP authentication, so no manual configuration is necessary.iApp template prerequisites and notes!Arhh This document provides guidance on using the F5 supplied downloadable iApp template for Microsoft Exchange 2010and 2013 available via downloads.f5.com. The latest official release can always be found /13000/400/sol13497.html.You must use a downloadable iApp for BIG-IP versions 11.0 and later. For the iApp template, you must beusing version 11.4.1 or later as it contains a number of fixes and enhancements not found in the default iApp, or otherdownloadable versions.Warning To run the Microsoft Exchange iApp template, you must be logged into the BIG-IP system as a user thatis assigned the admin role. For more information on roles on the BIG-IP system, see the BIG-IP UserAccounts chapter of the BIG-IP TMOS: Concepts guide.hh I f you have an existing Exchange application service from a previous version of the downloadable iApp, see Upgradingfrom a previous version of the iApp template on page 13 for instructions on how to upgrade the configuration.hh B IG-IP APM v12.0 and later now supports the MAPI over HTTP transport protocol (introduced in Exchange 2013 5177(v exchg.150).aspx).If you are using BIG-IP APM v11.x, the iApp template does not support this new protocol. See Optional: Configuring theBIG-IP system to support MAPI over HTTP in Exchange 2013 SP1 on page 68 for manual instructions on configuringthe BIG-IP system for MAPI over HTTP for the 11.x versions.hh I f you have existing, manually created Node objects on the BIG-IP system and given these nodes a name, you cannot usethe IP addresses for those nodes when configuring the iApp. You must first manually delete those nodes and re-add themwithout a name, or delete the nodes and let the iApp automatically create them.hh F or some configuration objects, such as profiles, the iApp allows you to import custom objects you created outside thetemplate. This enables greater customization and flexibility. If you have already started the iApp template configuration andthen decide to you want to create a custom profile, you can complete the rest of the template as appropriate and then reenter the template at a later time to select the custom object. Otherwise you can exit the iApp immediately, create the profile,and then restart the iApp template from the beginning.hh See Troubleshooting on page 74 for troubleshooting tips and important configuration changes for specific situations.F5 Deployment Guide4Microsoft Exchange Server 2010/2013

SSL certificate and key prerequisites and noteshh I f you are using the BIG-IP system to offload SSL (Exchange 2010 and Exchange 2013 SP1 and later only) or for SSLBridging, we assume you have already obtained an SSL certificate and key, and it is installed on the BIG-IP LTM system. Toconfigure your Client Access servers to support SSL offloading, you must first follow the Microsoft documentation. hange-2010.aspx. Makesure you follow the correct steps for the version of Exchange Server that you are using.hh W hile SSL offload was not supported in the RTM version of Exchange Server 2013, it is now supported in 2013 -in-exchange-2013.aspx).If you using Exchange 2013 and are not yet on SP1, you must change the default setting for Outlook Anywhere on eachClient Access Server so that SSL offloading is not configured.hh F or Exchange Server 2010 and 2013 SP1 only: We generally recommend that you do not re-encrypt traffic between APMand LTM because both BIG-IP systems must process the SSL transactions. However, if you choose to re-encrypt, westrongly recommend you use a valid certificate (usually SAN-enabled) rather than the default, self-signed certificate for theClient SSL profile on your BIG-IP LTM system. If not re-encrypting traffic, you do not need a certificate on your BIG-IP LTM.hh T his template currently only supports the use of a single DNS name and corresponding certificate and key for all services,or multiple DNS names using a SAN-enabled certificate and key.chivedhh I f using a single virtual server for all HTTP-based Client Access services as recommended, you must obtain the SubjectAlternative Name (SAN) certificate (or wildcard certificate, see the next paragraph) and key from a 3rd party certificateauthority that supports SAN certificates, and then import it onto the BIG-IP system. In versions prior to 11.1, the BIG-IPsystem does not display SAN values in the web-based Configuration utility, but uses these certificates correctly.While the BIG-IP system supports using a wildcard certificate to secure Exchange CAS deployments using multiple FQDNs,for increased security, F5 recommends using SAN certificate(s) where possible. Additionally, some older mobile devicesare incompatible with wildcard certificates. Consult your issuing Certificate Authority for compatibility information. For moreinformation on SAN certificates, see Subject Alternative Name (SAN) SSL Certificates on page 134.BIG-IP Access Policy Manager prerequisites and noteshh New For BIG-IP APM, the iApp template v1.6.2 and later supports Exchange hybrid deployments. See Configuringthe iApp for Exchange Hybrid deployments on page 7. If you are deploying BIG-IP APM, make sure to seeExchange Hybrid Autodiscover and free/busy lookups fail when APM is deployed on page 76 for an importantiRule you must add to the configuration.Arhh I f you want to display the computer type (public/shared vs private) and light version (Use the light version of OutlookWeb App) options for OWA on the APM logon page via the BIG-IP APM, you must run the following PowerShellcommand on one of your Client Access Servers (only one): Get-OwaVirtualDirectory bled true -LogonPagePublicPrivateSelectionEnabled truehh If you are using BIG-IP APM, the following table shows the Exchange Server (Client Access Server) settings:RoleOut-of-the-box settingYour SettingNotesSSL Offload for all HTTP services1Not enabledEnabledExchange 2010 and 2013 SP1 only.Optional but strongly recommendedNot configuredEnabledExchange 2010 only: RequiredForms2Forms (default) 2 orKerberos authentication(smart card)RequiredNegotiateNegotiate (default)RequiredBasic (default)RequiredBasic (default)or NTLMRequiredClient Access ArrayOWA Authentication1Autodiscover Authentication1BasicActiveSync Authentication1Outlook Anywhere Authentication1,32010:Basic2013: NegotiateExchange Server 2010 and 2013 SP1 and later only. See the following link for more information on default authentication methods for Exchange Server 331973.aspx2 You must change the default Forms logon format from Domain\username to just username. More information is available later in this guide.3 Outlook Anywhere is disabled by default in Exchange 2010; you must enable it before you can use it. You can optionally configure BIG-IP APM v11.3 andlater for NTLM authentication for Outlook Anywhere. See page 50.1 When deploying APM, server authentication settings for the OWA and Outlook protocols are determined by client-sideauthentication selections made in the iApp. For example, selecting Basic client authentication for Outlook clients causes NTLMSSO to be applied to server-side requests, while selecting NTLM client authentication results in Kerberos single sign-on.F5 Deployment Guide5Microsoft Exchange Server 2010/2013

iImportant The values in the following table are only examples, use the values appropriate for your configuration.In our example, we use the following conventions.RoleFQDNsExternal URL/Host nameDNS RecordsNotesCombined virtual serverA: mail.example.commail.example.comAutodiscoverSRV: autodiscover. tcp.example.com: port443, Host todiscover/autodiscover.xmlSeparate virtual serversautodiscover.example.comA: autodiscover.example.comSRV: autodiscover. tcp.example.com: port443, Host r.example.com/autodiscover/autodiscover.xmlIf the external DNS SRVrecord listed is not used, andyou don’t want to use SCPinternally, you must also haveat least one of these, set to thesame IP as your OWA FQDN:example.comautodiscover.example.comCombined virtual servermail.example.comOutlook Web AppA: mail.example.comhttps://mail.example.com/owaA: owa.example.comhttps://owa.example.com/owaSeparate virtual serversowa.example.comchivedCombined virtual servermail.example.comActiveSyncA: -Server-ActiveSyncA: soft-Server-ActiveSyncSeparate virtual serversmobile.example.comTo prevent internal users fromreceiving a password prompt,your internal DNS must nothave an A record for the FQDNfor Outlook Anywhere. Thisonly applies if you are usingExchange 2010, using RPCMAPI internally and OutlookAnywhere externally, and yourinternal clients do not have aroute to the external OutlookAnywhere/EWS virtual server(s).Combined virtual servermail.example.comA: mail.example.commail.example.comA: oa.example.comoa.example.comSeparate virtual serversOutlook Anywhere(RPC over HTTP)Aroa.example.comCombined virtual serverOutlook Anywhere(MAPI over HTTP)mail.example.comA: mail.example.comhttps://mail.example.com/mapiA: mapi.example.comhttps://mapi.example.com/mapiA: array.example.comN/ASeparate virtual serversmapi.example.comSeparate virtual serversRPC Mapi1array.example.comExchange Server 2010 only. Exchange 2013 does not use RPC.1 For more information, see: Summary of SRV records on Wikipedia: http://en.wikipedia.org/wiki/SRV record Specification for SRV records (RFC2782): http://tools.ietf.org/html/rfc2782 Microsoft KB article on SRV records and the Autodiscover service: http://support.microsoft.com/kb/940881 Understanding the Autodiscover Service (including SCP information): 1.aspxF5 Deployment Guide6Microsoft Exchange Server 2010/2013

Configuring the iApp for Exchange Hybrid deployments his solution supports using BIG-IP APM for secure access to hybrid deployment of Exchange. A hybrid deployment meansTan environment that has deployed Exchange on-premise and Office 365, and those two components have been configured tocommunicate with each other (as described in 81(v exchg.150).aspx).ArchivedIn a hybrid scenario, the BIG-IP is located between the Exchange Web Services and the Office 365 infrastructure, and F5 providesseamless access to the on-premise Exchange components in a secure fashion without causing failures for the hybrid-related traffic.The iApp template (v1.6.2 and later) now includes the question Would you like to bypass APM for hybrid services?. Select Yes forhybrid deployments. This will prevent failures in federated requests for Autodiscover and free/busy information, as well as remotemoves and migrations between your Exchange organization and Exchange Online.F5 Deployment Guide7Microsoft Exchange Server 2010/2013

iApp Deployment ScenariosThe iApp greatly simplifies configuring the BIG-IP system for Microsoft Exchange 2010/2013 Client Access Server roles. Beforebeginning the Application template, you must make a decision about the scenario in which you are using BIG-IP system for thisdeployment. The iApp presents the following three deployment options. You choose one of these options when you begin configuringthe iApp. This BIG-IP LTM will load balance and optimize Client Access Server traffic, on this page This BIG-IP LTM will receive HTTP-based Client Access traffic forwarded by a BIG-IP APM on page 9 This BIG-IP APM will provide secure remote access to CAS on page 10This BIG-IP LTM will load balance and optimize Client Access Server trafficYou can select this scenario to manage, secure, and optimize client-generated Client Access Server traffic using the BIG-IP system.This is the traditional role of the BIG-IP LTM and should be used in scenarios where you are not deploying BIG-IP Access PolicyManager (APM) on a separate BIG-IP system. In this scenario, you can optionally the BIG-IP APM to secure HTTP-based virtualservers on this system.You would not select this option if you intend to deploy a separate APM that provides secure remote access to CAS HTTP services.chivedClient Access 23autodiscover.example.comEASOABBIG-IP PlatformRPCMAPIAutodiscoverArFigure 1: Logical configuration example showing the BIG-IP system directing traffic to Client Access ServicesThe traffic flow for this scenario is:1.All Exchange Client Access traffic goes to the BIG-IP system.2. You can use the following optional modules if they are licenced and provisioned on you BIG-IP system:3. BIG-IP Access Policy Manager (APM)The BIG-IP APM module provides secure access and proxied authentication (pre-authentication) for HTTP-based ClientAccess services: Outlook Web App, Outlook Anywhere, ActiveSync, and Autodiscover). The BIG-IP APM presents a loginpage to end users that takes the place of the forms-based login page normally presented by Outlook Web App. Usersprovide credentials through the BIG-IP APM form; the BIG-IP APM then authenticates the user to Active Directory. BIG-IP Advanced Firewall Manager (AFM)The BIG-IP Advanced Firewall Manager (AFM) is a high-performance, stateful, full-proxy network firewall designed to guarddata centers against incoming threats that enter the network on the most widely deployed protocols. he BIG-IP LTM load balances and optimizes the traffic to the Client Access Servers, including the services which are notTHTTP-based: RPC Client Access, POP3, and IMAP4.F5 Deployment Guide8Microsoft Exchange Server 2010/2013

This BIG-IP LTM will receive HTTP-based Client Access traffic forwarded by a BIG-IP APMYou can select this scenario to configure BIG-IP LTM with a single virtual server that receives Exchange Client Access HTTP-basedtraffic that has been forwarded by a separate BIG-IP APM. The virtual server can also accommodate direct traffic, e.g. internal clientsthat do not use the BIG-IP APM, and non-HTTP traffic that is not handled by BIG-IP APM such as POP3 and IMAP4.This scenario would be used together with the following scenario, in which you configure a separate BIG-IP APM to send traffic to thisBIG-IP LTM device.Client Access utodiscoverInternalClientsFigure 2:Logical configuration example showing the BIG-IP system receiving traffic from a BIG-IP APMTraffic comes in from the BIG-IP APM as described in the next scenario.2. he BIG-IP LTM receives HTTP-based Client Access traffic from a separate BIG-IP APM, or directly received the nonTHTTP-based traffic.3. If you have internal Exchange clients, all Client Access Server traffic from the internal clients goes directly to the BIG-IP LTM.4. he BIG-IP LTM load balances and optimizes the traffic to the Client Access Servers, including the services which are notTHTTP-based: RPC Client Access (MAPI), POP3, and IMAP4.Ar1. hile this scenario can accommodate internal clients, we do not recommend using this virtual server in that way. We Note: Wstrongly recommend creating a second instance of the iApp on this BIG-IP LTM for the direct traffic/internal users.You must use a unique virtual server IP address; all of the other settings can be identical. Once both iApps have beencreated, you would configure Split DNS (use the same domain name, but different zones and IP addresses for internaland external clients). For more information about Split DNS, refer to your DNS documentation.F5 Deployment Guide9Microsoft Exchange Server 2010/2013

This BIG-IP APM will provide secure remote access to CASYou can select this scenario to configure the BIG-IP system as a BIG-IP APM that will use a single virtual server to provide proxyauthentication (pre-authentication) and secure remote access to Exchange HTTP-based Client Access services without requiring theuse of an F5 Edge Client. When you select this deployment scenario, the BIG-IP APM presents a login page to end users that takesthe place of the forms-based login page normally presented by Outlook Web App. Users provide credentials through the BIG-IPAPM form; the BIG-IP APM then authenticates the user to Active Directory. The BIG-IP system will only forward connections after auser has authenticated successfully. The traffic is then sent to another BIG-IP running LTM which provides advanced load balancing,persistence, monitoring and optimizations for HTTP-based Client Access services.This scenario would be used together with the previous scenario, in which you configure a separate BIG-IP LTM to receive traffic fromthis BIG-IP APM device.Client Access utodiscoverInternalClientsFigure 3:1.Logical configuration example showing the BIG-IP APM providing proxy authentication and secure remote access HTTP-based Client Access traffic goes to the BIG-IP APM, which provides proxy authentication and secure remote access.Ar hile this scenario can accommodate internal clients, we do not recommend using this virtual server in that Note: Wway. We strongly recommend creating a second instance of the iApp on this BIG-IP LTM for the direct traffic/internal users. You must use a unique virtual server IP address; all of the other settings can be identical. Onceboth iApps have been created, you would configure Split DNS (use the same domain name, but different zonesand IP addresses for internal and external clients). For more information about Split DNS, refer to your DNSdocumentation.2. After authentication, the BIG-IP APM sends the traffic to a separate BIG-IP LTM for intelligent traffic management.Guidance specific to each deployment scenario is contained later in this document.F5 Deployment Guide10Microsoft Exchange Server 2010/2013

Preparation worksheetsFor each section of the iApp Template, you need to gather some information, such as Client Access server IP addresses and domaininformation. The worksheets do not contain every question in the template, but rather include the information that is helpful to have inadvance. Use the worksheet(s) applicable to your configuration. More information on specific template questions can be found on theindividual pages. You might find it useful to print these tables and then enter the information.BIG-IP LTM Preparation worksheetTraffic arriving to this BIG-IPsystem is:EncryptedUnencryptedSSL Certificate:If encrypting traffic to the Client Access Servers and not usingthe BIG-IP default certificate and key:Key:If re-encrypting traffic to the Client Access Servers and notusing the BIG-IP default certificate and key for the Server SSLprofile:Certificate:Certificate:Key:Key:Same SubnetDifferent SubnetsIf the maximum number of expected concurrent users perClient Access Server is more than 6,000, you need one SNATIP address for each 6,000 users or fraction thereof:If the CAS servers are a different subnet from the BIG-IP virtualservers, and do not use the BIG-IP as their default gateway,and if the maximum number of expected concurrent users perClient Access Server is more than 6,000, you need one SNATIP address for each 6,000 users or fraction thereof:1:2:3:Single virtual IP address forall Client Access Services ormultiple addresseschivedBIG-IP virtual servers andClient Access Servers will beon:4:5:1:4:6:2:5:3:6:Single virtual IP addressIP address for the BIG-IP virtual server:Different virtual IP addresses for different servicesYou need a unique IP address for each of the Client Accessservices you are deploying:Outlook Web App:Outlook Anywhere:ActiveSync:Aut

May 11, 2017 · Exchange Server 2010 and Exchange Server 2013 Client Access Servers. When configured according to the instructions in this guide, whether using an iApp template or manually, the BIG-IP system performs . as a reverse proxy for Exchange CAS servers, and also performs functions