Thursday, 19 March 2009

Hosted Exchange prior to RPC over HTTPs / Outlook Anywhere

Back when hosting Exchange 2000 and 2003 RTM an Exchange Hoster had limited options when opening up MAPI to their client base. The options basically were:

1. Require the customer to use a VPN, do not use Static MAPI ports
2. Require the customer to use a VPN, use Static MAPI ports
3. Have MAPI open over the Internet, use Static MAPI ports, directly NAT to Exchange Server
4. Have MAPI open over the Internet, use Static MAPI ports, NAT but filter traffic to Exchange Server

1. Is a fairly simple affair. However I found customers didn’t like the addition of having to setup a VPN across their desktops and remember to login to it.
2. Again this achieved nothing more than option 1
3. This was the easiest way to connect, however it totally opened up Exchange Servers to the Internet. Seeing Outlook queries Exchange initially using RPC (Port 135) you would be open to worm attacks like the famous Blaster Virus
4. The same as the above, but hopefully with better protection in protecting against attacks, virii or worms.

3 and 4 also opened up issues with customers connecting to Exchange Hosters. When the Blaster virus took hold Networks across the World were locking down Port 135 on their networks to try and stop machine infection. This caused a lot of issues unless you had a VPN option in place for customers.

My preferred method of access is RPC over HTTPs (Introduced in Exchange 2003 Server SP1, known as Outlook Anywhere in Exchange 2007 RTM/SP1). This requires Outlook 2003 as a minimum to work. This in certain circumstances can cause more overhead for an Exchange platform to the traditional MAPI protocol. However it certainly has its benefits.

Outlook Anyhwere (I will refer to this for both Exchange 2003 and 2007 from here on) allows the encapsulation of RPC over SSL. You receive your MAPI connection by using the RPC Proxy Service (usually installed on an Exchange Front End) and connecting to your OWA url.

I advise this as the best way to connect to Exchange over the Internet. Simplifying connection for users and allowing a more secure Exchange platform for an Exchange Hoster.


“Exchange Server static port mappings”

“Overview of Outlook Anywhere”

“How to configure RPC over HTTP in Exchange Server 2003”

Oliver Moazzezi

MVP - Exchange Server

No comments: