ARR is available on 2008 R2 and 2012 and 2012 R2. But 2012 R2 has WAP, and WAP is the future. No further investments are planned for ARR.
From: [email protected] [mailto:[email protected]] On Behalf Of ccollins9 Sent: Friday, May 9, 2014 1:22 PM To: exchange Subject: RE: [Exchange] CAS exposure - Exchange 2013 SP1 Yeah, I thought of that too but I've been messing with this for months now and I'm growing weary lol. plus go live date its getting close. I also wanted something not too complex that could bite us in production. However, if I muster the time and energy to try it, would I need sever 2012 for the "free" proxy solution? It would be ARR? On May 9, 2014 1:05 PM, "Kennedy, Jim" <[email protected]<mailto:[email protected]>> wrote: Thinking out loud. Load balancer out front balancing a group of reverse proxies. ________________________________________ From: [email protected]<mailto:[email protected]> [[email protected]<mailto:[email protected]>] on behalf of ccollins9 [[email protected]<mailto:[email protected]>] Sent: Friday, May 09, 2014 12:34 PM To: exchange Subject: Re: [Exchange] CAS exposure - Exchange 2013 SP1 Yes, EX2013 supports client certs and we have them turned on and working. The issue with reverse proxy from the load balancers, it needs to decrypt the packet at the LB to read the header to know where to send the connection (owa vs. ActiveSync, vs. EWS, etc.), and for that it would need to support decrypting with respect to client certificate. We haven't been able to get it working. But i do see that with a recent software update, my LB supports client certs, so maybe it will work if I set the AS directory back to Basic Auth/No client certs and require the client cert at the LB. This is similar to what we had to do in order to have EX2013 proxy client cert connections to EX2010 CAS servers. We needed to reset EX2010 to basic auth/no certs and EX2013 took care of the connections coming in with client certs. FYI, EX2013 supports client certs and works, but the line I got from MS Premier support is that THEY won't support it until perhaps EX2013 SP1 CU1. Which I thought was just plain stupid. But it works so far. On Fri, May 9, 2014 at 12:05 PM, Michael B. Smith <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> wrote: I suspect I need a diagram. Exchange 2013 supports client certs for ActiveSync (and for all the other web protocols also).
