Planning and Deploying Client Access Servers

Module 4
Planning and Deploying Client

Access Servers
Module Overview
Planning Client Access Server Deployment

Configuring the Client Access Server Role
• Managing Client Access Services
Lesson 1: Planning Client Access Server
Deployment
What Is the Client Access Server Role?

Hardware and Software Requirements for the Client
Access Server
How Does a Client Access Server Work?
Connecting Outlook Clients to Mailboxes
How Does a Client Access Server Work with
Multiple Sites?
• Planning Client Connectivity for Client Access
Server
What Is the Client Access Server Role?
• Client Access server role handles client

connections and server SMTP-based connections
• Clients do not communicate with Mailbox server
directly
• Connections are routed through Client Access
server
• Client Access server does not store any user data
• Client Access server provides services for
messaging security through Front End Transport
service
Hardware and Software Requirements for the
Client Access Server
• General hardware and software requirements for

Exchange Server 2013 apply to Client Access
server
• Client Access server needs to have reliable disks
• Make sure that operating system volume is
redundant
• Provide more than one Client Access server if
possible
• Client Access server requires a fast network
connection to Mailbox servers and global catalog
servers
• Client Access server:

• Must be deployed in each AD DS site that has
Mailbox servers
• Must have a fast connection to Mailbox servers and
domain controllers
• Needs to be accessible from the Internet using the
client protocol in Internet-facing sites
• You deploy Client Access server:

• On a single server with other Exchange Server roles
• On a dedicated server to provide scalability
• On multiple dedicated servers in NLB cluster
How Does a Client Access Server Work?
Connecting Outlook Clients to Mailboxes
• Exchange Server 2013 no longer uses FQDNs of

Client Access servers or arrays to locate user
mailboxes
• Client Access server uses the GUID that is
assigned to the user mailbox
• The connection point is the string that is a
unique identifier of the mailbox.
• Connection point contains the mailbox GUID and
domain name
How Does a Client Access Server Work with
Multiple Sites?
• In a pure Exchange 2013 environment, Client

Access server will always proxy the client
connection to the right Mailbox server
• In a mixed Exchange environment, Client Access
server 2013 will proxy the connection to the
Client Access Server 2007 or 2010 in the
destination site
• POP3 and IMAP4 clients must connect directly to
the Client Access server in their destination sit
Planning Client Connectivity for Client Access
Server
• Officially supported client platforms:

• Outlook 2013
• Outlook 2010 SP1 with April 2012 Cumulative Update
• Outlook 2007 SP3 with July 2012 Cumulative Update
• Entourage 2008 for Mac, Web Services Edition
• Outlook for Mac 2011
• You can also connect from various POP3 and

IMAP4 clients, and ActiveSync devices
Lesson 2: Configuring the Client Access Server
Role
Configuring Client Access Server Options

Configuring Namespaces on a Client Access Server
Configuring Certificates on the Client Access Server
Demonstration: Creating a Certificate Request on a
Client Access Server
Securing a Client Access Server
Configuring the Client Access Server for Internet
Access
• Configuring POP3 and IMAP4 Client Access
Configuring Client Access Server Options
• On a Client Access server, you can configure the

following groups of options:
• Virtual Directory settings
• Certificates
• Mobile device settings
• Mail flow
• Antimalware protection
• Outlook Anywhere options
Configuring Namespaces on a Client Access
Server
• Multiple namespace support may be required

when:
• An organization uses multiple SMTP domains
• An organization includes multiple AD DS domains or
forests
• Options include:
• A single name space with a single data center
• A single name space with proxy sites
• A single name space with multiple Internet-accessible
sites
• Regional namespaces
• Multiple forests
Configuring Certificates on the Client Access
Server
When implementing Client Access certificates,

consider:
• Whether to use an internal or public CA – consider
advantages and disadvantages of each approach
• The client access protocols and services published to
the Internet
• The namespaces used by messaging clients to connect
Exchange Server 2013 Mailbox Server has a self-

signed certificate preinstalled
Demonstration: Creating a Certificate Request on
a Client Access Server
• In this demonstration, you will see how to make a

certificate request on a Client Access server
Securing a Client Access Server
• To secure a Client Access server:

• Install server certificates, and ensure that SSL is
required
• Configure authentication settings:
• Integrated Windows authentication
• Digest authentication
• Basic authentication
• Forms-based authentication
• Protect the server with an application layer firewall
Configuring the Client Access Server for Internet
Access
• To enable Internet access to Client Access

services:
• Configure external URLs
• Configure the external DNS names
• Configure access to Client Access virtual directories
• Implement SSL certificates with multiple subject
alternative names
• Plan for Client Access server access with multiple sites
Configuring POP3 and IMAP4 Client Access
Option Description
Bindings Configure local server addresses
Authentication Configure authentication options
Connection settings Configure server connection

settings
Retrieval settings Configure message formats and

calendar retrieval settings
User access Configure whether a user can use

the protocol
Lesson 3: Managing Client Access Services
Services Provided by the Client Access Server

What Is Autodiscover?
Configuring and Managing Autodiscover
What Is the Availability Service?
What Are MailTips?
• Demonstration: Configuring MailTips
Services Provided by the Client Access Server
• Services provided by Client Access server role:

• Autodiscover
• Availability
• MailTips
• Offline Address Book download
• Exchange Administration Center
• Exchange Web Services
• Outlook Anywhere
What Is Autodiscover?
Autodiscover provides information that you can use to

configure Outlook 2007 and newer client profiles
Autodiscover process:
1. Client Access Server registers the SCP
2. Client uses LDAP query to AD DS to locate appropriate SCP
3. Based on information in SCP, client locates the Autodiscover
service on Client Access Server
4. Client provides its SMTP address to the Autodiscover service and
asks for appropriate configuration information
5. The Client Access server responds by returning an XML file
6. Outlook downloads the required configuration information from
the Autodiscover service
7. Outlook connects to the Exchange Server
Configuring and Managing Autodiscover
To configure and manage Autodiscover settings

you should:
• Use the Exchange Management Shell
• Configure site affinity for Exchange Servers in multiple
sites
• Configure DNS records for external clients
• Use the Outlook Test E-mail AutoConfiguration feature
to test
• Use the TestExchangeConnectivity website
What Is the Availability Service?
The availability Service on Client Access server

provides following:
• Retrieve live free/busy information for mailboxes in local or
other Exchange organizations
• View the working hours of attendees
• Show meeting time suggestions
• Only Outlook 2007 or newer and Outlook Web App

use the Availability service
• The Availability service is deployed by default on all
Client Access servers
• The service does not need any configuration by
default
What Are MailTips?
• MailTips provide information about a message

delivery before the message is sent
• The Exchange Server 2013 provides:
• Default MailTips
• Custom MailTips
• The Client Access server provides the MailTips to

the client
Demonstration: Configuring MailTips
• In this demonstration, you will see how to

configure MailTips
Lab: Deploying and Configuring a Client Access
Server Role
Exercise 1: Configuring Certificates for the Client

Access Server
Exercise 2: Configuring Client Access Services
Options
• Exercise 3: Configuring Custom MailTips
Logon Information
Virtual Machines: 20341B-LON-DC1
20341B-LON-CAS1
20341B-LON-MBX1
User Name: Adatum\Administrator
Password: Pa$$w0rd
Estimated Time: 60 minutes

Lab Scenario
You are working as a messaging administrator in

A. Datum Corporation. Your organization has
decided to deploy Client Access servers so that
the servers are accessible from the Internet for a
variety of messaging clients. To make sure that the
deployment is as secure as possible, you must
secure the Client Access server, and you also must
configure a certificate on the server that will
support the messaging client connections. In
addition, you have to verify options on the Client
Access server, and configure Mailtips for a few
users.
Lab Review
Why do we recommend that a certificate be issued

from an internal CA to Client Access server?
• Which service on the Client Access server supports
certificate-based authentication?
Module Review and Takeaways
Review Question(s)
Real-world Issues and Scenarios
Tools
• Best Practice

Planning and Deploying Client Access Servers

Uploaded by

Copyright:

Available Formats

Planning and Deploying Client Access Servers

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Planning and Deploying Client Access Servers

Uploaded by

Copyright:

Available Formats

Module 4

Planning and Deploying Client

Planning Client Access Server Deployment

What Is the Client Access Server Role?

• Client Access server role handles client

• General hardware and software requirements for

• Client Access server:

• You deploy Client Access server:

• Exchange Server 2013 no longer uses FQDNs of

• In a pure Exchange 2013 environment, Client

• Officially supported client platforms:

• You can also connect from various POP3 and

Configuring Client Access Server Options

• On a Client Access server, you can configure the

• Multiple namespace support may be required

When implementing Client Access certificates,

Exchange Server 2013 Mailbox Server has a self-

• In this demonstration, you will see how to make a

• To secure a Client Access server:

• To enable Internet access to Client Access

Bindings Configure local server addresses

Authentication Configure authentication options

Connection settings Configure server connection

Retrieval settings Configure message formats and

User access Configure whether a user can use

Services Provided by the Client Access Server

• Services provided by Client Access server role:

Autodiscover provides information that you can use to

To configure and manage Autodiscover settings

The availability Service on Client Access server

• Only Outlook 2007 or newer and Outlook Web App

• MailTips provide information about a message

• The Client Access server provides the MailTips to

• In this demonstration, you will see how to

Exercise 1: Configuring Certificates for the Client

Estimated Time: 60 minutes

You are working as a messaging administrator in

Why do we recommend that a certificate be issued

You might also like