ISA Server 2000 Exchange 2000/2003 Secure Remote Email Access Deployment Kit Table of Contents

Download all the ISA Server 2000 Exchange 2000/2003 Deployment Kit documents in a single .zip file. WARNING: the entire file is
ISAEXCHANGE.ZIP

 You can view the Web based content by clicking the title of the article. Click the DOC link to download an uncompressed Word ..doc file. Click the ZIP link to download a zipped version of the Word .doc file for that article.

This is the Table of Contents for the ISA Server 2000 Exchange 2000/2003 Secure Remote Email Access Deployment Kit.

1.       Better Together – ISA Server 2000 and Exchange 2000/2003 [DOC] [ZIP]
We've put this tremendous kit together on how to provide secure remote access to all the Exchange Server services using ISA Server firewalls. But why? Is there something special about ISA Server 2000 that makes providing remote access to Exchange Server services better or more secure? Of course this is! This documents provides all the reasons why you want to use ISA Server 2000 to provide your remote email users secure remote access to your Exchange Server.

 

2.       How to use the ISA Server 2000/Exchange 2000/2003 Deployment Kit [DOC] [ZIP]
The ISA Server 2000 Exchange 2000/2003 Deployment Kit contains all the information you need to provide a highly available and secure remote access solution for you remote email users. This document walks you through the design goals of the kit and provides information on how to use the kit and some tips and tricks on how to optimize the design and configuration strategies included herein.

 

3.       Configuring DNS to Support Exchange Server Publishing [DOC] [ZIP]
One of the most confusing aspects of any remote access solution to Exchange services is configuring public and private DNS entries correctly so that machines can connect to the Exchange Server regardless of their location. This article also discusses a number of other problematic DNS issues relating to remote access to Exchange services.

 

4.       Configuring Outbound Access for the Exchange 2003 SMTP Service [DOC] [ZIP]
The Exchange SMTP service needs outbound access to Internet SMTP servers. You won’t be able to send mail to other Internet users if the Exchange Server isn’t allowed outbound access to these external SMTP servers. This article discusses methods you can use to allow the Exchange SMTP service to reliably send mail to users in other Internet mail domains.

 

5.       Secure Exchange 2003 SMTP/SMTPS publishing [DOC] [ZIP]
You may wish to allow your remote users access to the Exchange Server’s SMTP service. Remote users without access to a secure SMTP server can connect to the Exchange Server’s SMTP service and send SMTP mail using a secure link. Intruders will not be able to view the contents of messages send via the secure SMTP link with the Exchange Server’s SMTP service. POP3 and IMAP4 users benefit from secure Exchange SMTP server publishing. This article walks you through each procedure.

 

6.       Secure Exchange 2003 IMAP4/IMAP4 publishing [DOC] [ZIP]
IMAP4 allows your remote users to access all folders in their message store and download only the message headers without incurrent the bandwidth drain from downloading every messages contained in the users mailbox. You can secure remote access to your Exchange IMAP4 service using TLS/SSL security. Intruders will not be able to view information moving over the secure IMAP4 link. This article shows you all the steps required to allow remote IMAP4 access.

 

7.       Exchange 2003 POP3/Secure POP3 publishing [DOC] [ZIP]
POP3 access to the users Exchange messages store is one of the most popular remote access methods used to connect to the Exchange Server form a remote location. Almost all users have connected and download mail from POP3 server. You can secure the connection between the email client and the Exchange Server using TLS/SSL and prevent intruders from reading remote access users’ mail. This article gives the step by steps on how to make it happen.

 

8.       Secure Remote Access for the full Outlook 2000/2002/2003 MAPI Client [DOC] [ZIP]
Corporate users accustomed to full Outlook MAPI access to the Exchange Server while connected to the internal network often are disappointed that they can’t access the full feature set included with the Outlook 2000/2002/2003 client when connected to a remote network. ISA Server 2000 allows you remote users to connect to the Exchange Server and get all the features they’ve come to love when on the Internet network. This article explains how to allow them to use the full Outlook MAPI client while connected to a remote network.

 

9.       Publishing Secure Outlook Web Access (OWA) Web sites [DOC] [ZIP]
Outlook Web Access (OWA) is one of the most popular methods for remote access to the Exchange Server. OWA provides a substantial subset of the feature set available to the full Outlook client. You can provide remote access to the Exchange OWA site with a very high level of security using a combination of security technologies. This article describes how to get it all done.

 

10.     Secure ISA Server 2000 RPC over HTTP Publishing using Outlook 2003 and Exchange 2003 [DOC] [ZIP]
Outlook 2003 and Exchange 2003 partner up to provide a new and improved way to connect to Exchange from remote locations using the RPC over HTTP protocol. This new protocol allows any Outlook 2003 client to access the entire range of Exchange 2003 services from any location in the world, from behind virtually any type of firewall. The Outlook 2003 client only needs outbound access to HTTP/HTTPS. This article gives you the fine details on how to allow eminently secure connections to Exchange using RPC over HTTP.

 

11.     ISA Server 2000 in a Front End/Back End Exchange ISA Server Configuration [DOC] [ZIP]
The front-end/back-end Exchange Server configuration is a popular way of providing load balancing and fault tolerance for an Exchange organization. The front-end/back-end configuration can also enhance security for your remote access mail clients. This article provides the step by step details required to allow OWA/SMTP/POP3/IMAP mail clients access to Exchange and do it in the most secure way possible.

 

12.   Configuring the Windows Server 2003-based ISA Server 2000 Firewall as a Filtering SMTP Relay  [DOC] [ZIP]
Spam is something we all have to worry about. ISA Server addresses the spam problem with its SMTP Message Screener. The SMTP Message Screener can filter SMTP mail using source address, source domain, keywords and attachment filtering. The SMTP Message Screener can be installed on the ISA firewall, an independent SMTP relay on the internal network, or on the Exchange Server itself. If you don’t have the resources to put the SMTP filter on a dedicated SMTP relay on the internal network, then put it on the ISA firewall. This article gives you all the details on how to make it happen.

 

13.   Configuring a Windows Server 2003-based ISA Server as a Secure Authenticating SMTP Relay [DOC] [ZIP]
Remote users often connect to hotel networks that don’t provide them with an SMTP server to send outbound mail. If your remote users use POP3 or IMAP4 to connect to the Exchange Server, then they need access to an SMTP server. You can create a secure, authenticating SMTP server on the ISA Server firewall itself that you users can connect to and send mail to anyone in the world. The ISA firewall can also act as an SMTP relay that accepts inbound SMTP messages for your domains and reject mail from spammers attempting to use it as an anonymous relay. This article provides all the details required to allow a secure authenticating SMTP relay and an anonymous inbound SMTP relay for mail destined to your own mail domains.

 

14.   How to Obtain a Web Site Certificate [DOC] [ZIP]
Exchange Server services require a Web site certificate before they can establish a secure SSL/TLS connection with a remote email client. This article shows you how to obtain the certificate and bind it to the secure Exchange Service.

 

15.   Installing and Configuring the Windows Server 2003-based ISA Server 2000 SMTP Filter and Message Screener on the ISA Server Firewall [DOC] [ZIP]
Want to run the SMTP Message Screener on the ISA firewall and not waste resources on a second machine or risk putting it on the Exchange Server? Here’s your fix. This article gives the details on how to make it happen. This article extends the information provided in the Configuring the Windows Server 2003-based ISA Server 2000 Firewall as a Filtering SMTP Relay article.

 

16.   Configuring a Secure Internal SMTP Relay with the SMTP Filter and Message Screener [DOC] [ZIP]
For organizations that can spare an extra machine on the internal network, the most secure and best performance solution is to put a secure SMTP relay and spam whacking SMTP Message Screener on a machine running the IIS SMTP service on the internal network. If you have a machine that you can run the IIS SMTP service on (that is not the ISA firewall itself or the Exchange Server), then check out this article for all the step by step details required to make it work.

 

17.   Publishing Outlook Web Access with a Single NIC Web Caching ISA Server [DOC] [ZIP]
Many organizations already have a firewall solution in place but they still want to take advantage of the unique layer 7 protection that only an ISA Server firewall and provide for remote access to OWA sites. This article discusses how you can use a single NIC (unihomed) caching-only in a DMZ between two other firewalls to provide highly secure remote access to the OWA site on the internal network. Every step is demonstrated and documented in this article.

 

18.   Increasing OWA Security by Configuring the ISA Server to Present a Client Certificate to an OWA Web site [DOC] [ZIP]
If you have a caching-only ISA Server on the DMZ and a non-ISA firewall behind the ISA Server protecting the internal network, you will need a higher level of security than what your non-ISA firewall can provide. In this article we discuss how you can force the ISA Server caching-only proxy server to present a certificate to the OWA Web site before a connection is established to the OWA Web site. This prevents other computers on the DMZ from connecting to the OWA site in the event that they are violated by an intruder.

 

19.   Enhance Outlook Web Access Publishing with Client Certificate Authentication [DOC] [ZIP]
Users can connect to the ISA Server firewall using a secure SSL connecting and sending basic or integrated authentication. You can enhance the authentication security for inbound access to the OWA site by requiring not only user credentials in the form of user name and password, but also require a user certificate. This “two factor” authentication provides a very high level of authentication security for your OWA site. Step by step instructions are included for all the required procedures.

 

20.   How to Import the Root CA Certificate into Email Client Certificate Stores [DOC] [ZIP]
Remote clients connecting to the Exchange Server’s mail services need the root CA certificate from the CA that issued the certificate to the Exchange Server service that client makes a secure connection to. The root CA certificate is required to create a secure SMTP/POP3/IMAP4/NNTP/OWA or RPC over HTTP connection. This article provides the details on how to import the CA certificate into the email client’s Trusted Root Certificate Store.

 

21.   Configuring Outlook Express [DOC] [ZIP]
This article goes over all the details, step by step, on how to configure the Outlook Express email client to use secure and non-secure forms of SMTP, POP3 and IMAP4 to connect to the Exchange Server published behind the ISA Server firewall.

 

22.   Configuring Outlook 2000 [DOC] [ZIP]
This article goes over all the details on how to configure the Outlook 2000 client to connect to the Exchange Server using secure and non-secure forms of SMTP and POP3. In addition, this document covers the unique configuration issues that must be addressed to allow a successful connection via secure Exchange RPC publishing.

 

23.   Configuring Outlook 2002 [DOC] [ZIP]
In this article we discuss how to configure the Outlook 2002 clients to connect to the Exchange Server through ISA Server publishing rules. The discussion includes connecting the Outlook 2002 client to create secure and non-secure connections to the Exchange Server using the SMTP/POP3/IMAP4 and secure Exchange RPC protocols. Each procedure includes all the step by step details required to create the connection.

 

24.     Configuring Outlook 2003 [DOC] [ZIP]
This article covers all the details, step by step, that you need to configure the Outlook 2003 client to create secure and non-secure SMTP/POP3/IMAP4/RPC and RPC over HTTP connections. Special attention goes into the details on how to configure the Outlook 2003 client to create the new RPC over HTTP connection to the Exchange 2003 server in a highly secure fashion.

 

25.   Creating an Enterprise CA [DOC] [ZIP]
An enterprise CA is the Certificate Authority of choice when you have deployed a Windows 2000 or Windows 2003 Active Directory domain. All users and computers in an Active Directory can be automatically assigned certificates using Group Policy based autoenrollment. And if you don't want to use autoenrollment, you can use the Certificates MMC snap-in to obtain a user or computer certificate. This document provides all the step by step details you need to install and configure an enterprise CA on a Windows Server 2003 computer.

 

26.   Creating the standalone CA [DOC] [ZIP]
Standalone CAs are useful when you cannot install a Certificate Authority on a machine that is a member of an Active Directory domain. If you find yourself in the situation where you cannot install the Microsoft Certificate Server on a domain member server, then check out the Standalone CA. This document provides all the step by step details you need to install and configure a standalone CA on Windows Server 2003.

 

27.   Issuing certificates via autoenrollment [DOC] [ZIP]
Assigning machine and user certificates can be a laborious process. The best way to automate certificate assignment is by using certificate autoenrollment. All the machines in the Exchange Server domain can be automatically assigned a machine certificate and have the root CA certificate automatically added to its Trusted Root Certification Authorities certificate store.

 

28.   Issuing certificates via the MMC snap-in [DOC] [ZIP]
One of the major advantages to using an enterprise CA is that the Certificates MMC console is available to you to request machine certificates.  The Certificates MMC makes it very easy for domain members to request a machine certificate that can be used to create an SSL or IPSec connection with another machine.
 

29.   Issuing certificates via the enterprise CA Web enrollment site [DOC] [ZIP]
One of the primary advantages of using an enterprise CA is that you can issue certificates either via the Certificates MMC snap-in or via autoenrollment. Some organizations do not want to use autoenrollment and some prefer not to use the Certificates MMC. In those situations where autoenrollment and the MMC are not viable options, you can obtain use and machine certificates via the enterprise CA's Web enrollment site. This document gives you all the step by steps required to obtain the certificate your Exchange mail client needs to authenticate and establish a secure link.

 

30.   Issuing certificates via the standalone CA Web enrollment site [DOC] [ZIP]
Organizations that don't have an enterprise CA in place can use a standalone CA to assign user and machine certificates. You can't use the Certificates MMC or autoenrollment to assign certificates from a standalone CA, but you can use the Web enrollment site. This article shows you how to obtain a machine certificate from the standalone CA's Web enrollment site.

 

31.   Publishing the Web enrollment site [DOC] [ZIP]
You may want to publish the Web enrollment site for either a standalone or enterprise CA. This allows remote clients to obtain a CA certificate. The remote email clients require the CA certificate to establish a secure connection to the SMTP/POP3/IMAP4/OWA and other secure Exchange Services. This article has all the step by step details required to published your CA's Web enrollment site to the Internet using a ISA Server Web Publishing Rule.

 

32.   Installing ISA Server 2000 on Windows Server 2003 [DOC] [ZIP]
While installing an ISA Server 2000 firewall on Windows 2000 is straightforward, there are some tricks you need to perform to make things work right. This article provides all the step by step details you need to get ISA Server 2000 installed and working on a Windows Server 2003 computer.

 

If you have suggestions or comments, let me know at tshinder@shinder.net  Thanks! --Tom