The Client Access server (CAS) role is one of five server roles for Microsoft Exchange Server 2010. CAS is placed in a DMZ or perimeter network facing internet that means CAS configured with a public IP accessible to external network. There are six components of CAS. Components are Outlook Web App, Exchange ActiveSync client applications, Post Office Protocol version 3 (POP3), Internet Message Access Protocol (IMAP) version 4, the Availability service and Auto discover Service. The Client Access server role also provides access to free/busy data by using the Availability service and enables certain clients to download automatic configuration settings from the Auto discover service.
The Client Access server role accepts connections to Exchange server 2010 from software clients such as Microsoft Outlook Express, Microsoft office Outlook and Eudora use POP3 or IMAP4 connections to communicate with the Exchange HT server. Hardware clients such as mobile phones, use ActiveSync, POP3 or IMAP4 to communicate with the Exchange server. You must install the Client Access server (CAS) role in every Exchange organization and every Active Directory Domain site that has the Mailbox server (HT) role installed.
Prerequisites
Operating System requirement is similar to other Exchange Server roles. CAS does not store any mailboxes. CAS acts as a media in-between clients and HT server. you don’t need big storage for CAS server but the following Windows Server 2008 features must be installed. Outlook web access is a secure https web access. Web certificate and computer certificates must be installed in CAS server. To configure Outlook Anywhere you need to buy a SSL certificate from third party vendor such as verisign or godaddy.
Installation
Configuration
Once you finish installation and configuration of CAS role. You have to create Outlook web publishing rule in Forefront TMG 2010 or ISA server otherwise you will be blocked by Forefront TMG.
Relevant Topics
Forefront TMG 2010: Publish Outlook Web Access and Exchange Servers using Forefront TMG 2010
Step by Step Guide on Exchange Server 2010 Edge Transport Role
Pingback: Exchange 2010 deployment in different firewall scenario « Information Technology Blog
Microsoft doesn’t support CAS in a perimeter network. The term “Internet-facing” is misleading. What they are really implying is a hub site that provides Internet connectivity, versus a remote site that requires access to the Internet through the hub site.
http://technet.microsoft.com/en-us/library/dd351198.aspx
http://technet.microsoft.com/en-us/library/dd298002.aspx
Rick
LikeLike
Hello Rick,
Have tried back to back firewall? If you only open necessary port and close everything off. then I would say, nothing wrong. Exchange can be deployed so many ways. All my clients are different when comes to Exchange and Active Directory. I reckon, you just read Single Namespace with Proxy Sites section only. Please go to technet again and read Exchange deployment and design guide again.
Again, you can be master in windows security and leave a port open by mistake that may bring catastrophie than why blame CAS in DMZ. tighten up DMZ and then place servers in DMZ. If you are too worried then use Forefront TMG as reverse proxy with OWA without looking which one leading or misleading.
Regards,
raihan
LikeLike
Do the CAS server had to be in the AD under the installation? Wonder because its going to stand in the DMZ under other IP net then the AD/DC, but when trying to install a CAS server standalone I get error, asking about the AD, same with under installation on the AD error about active directory, it shold not have anything to the AD if it’s gonna act like an CAS server? strange
LikeLike
CAS stays in internal network as best practice however if you have a secure DMZ then you place CAS in DMZ
LikeLike
Dear mate,
Your tutorial is great! Complete n helpful!
I am looking forward.
Salam.
LikeLike
Dear Raihan,
This is one of the best tutorials I have ever seen, and I’m pretty old / have seen a lot of them. I am going to use what you’ve written here as the core of my implementation because I have ZERO clue having never done this before.
If I complete the task without looking at anyone else’s musings, can you tell me how I am going to put the ten stars at the top of the article?
So far, you rule. Thank you very much for this article.
LikeLike
Thanks for visiting my blog. You can find more on http://microsoftguru.com.au . Click the Category you like. Thanks.
LikeLike