Scribd
Upload
110 views4 pages

3656 - Plan and Configure Namespaces and Client Services

This document discusses planning and configuring namespaces and client services for Exchange. It covers designing namespaces, configuring URLs and certificates, and setting authentication methods. Specifically, it discusses implementing a solid SAN certificate from a CA for SSL connectivity for SpyTechPrime's Exchange environment to provide secure accessibility. It also discusses different namespace designs, the need for proper certificates, options for individual, SAN or wildcard certificates, and adjusting authentication options like integrated Windows, digest, basic or forms-based authentication.

Uploaded by

David Hung Nguyen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
110 views4 pages

3656 - Plan and Configure Namespaces and Client Services

This document discusses planning and configuring namespaces and client services for Exchange. It covers designing namespaces, configuring URLs and certificates, and setting authentication methods. Specifically, it discusses implementing a solid SAN certificate from a CA for SSL connectivity for SpyTechPrime's Exchange environment to provide secure accessibility. It also discusses different namespace designs, the need for proper certificates, options for individual, SAN or wildcard certificates, and adjusting authentication options like integrated Windows, digest, basic or forms-based authentication.

Uploaded by

David Hung Nguyen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Plan, Install, Configure and

Manage Client Access:


Plan and Configure Namespaces and
Client Services


Plan and configure namespaces and
client services
This objective may include but is not
limited to:
Design namespaces for client connectivity
Configure URLs
Plan for certificates
Configure authentication methods
Implement autodiscovery for a given namespace
The Company:
SpyTechPrime

Problem:
They want secure accessibility
for their Exchange environment

Goal:
To implement a solid SAN cert
from a CA for SSL CAS connectivity
Scenario: Spy Technology Surveillance Co.

A namespace is a logical structure represented by a DNS
domain name

There are different organizational models for namespace
design including:
Single physical site with a single namespace like mail.exchangexchange.com
Single namespaces with multiple sites or proxy sites
Regional namespaces
Multiple forests

Once you have your namespace design decisions in place
you can move forward with DNS configuration(s), digital
certificate(s) and client configurations
Understanding Namespaces
You secure the traffic between Client Access servers and
clients through Secure Socket Layers (SSL)

You want to make sure you use proper certificates in a
production environment

There is a self-signed cert used by the Client Access server
to start but you should remove this and go with a
certificate assigned by a Certificate Authority (CA) on the
Client Access server
Certificate Configuration
Much depends on how you want persons to access the
services on your server

For example, if you use OWA and want users to use a URL
like https://mail.domainname.com or if they use POP and
you want to use the name POP.domainname.com and so
forth (all names have to be in the certificate)

Autodiscover (if used) must also be in the certificate
Certificate Names
You can go with a separate cert for each name (which is
complicated and not recommended)

You can go with a certificate that uses multiple subject
alternative names (SAN) so that all the names listed are
accounted for when clients connect (which is typically what
is used with Exchange)

You might want to go with a wildcard cert (like
*.domainname.com) but not all clients support these and
they are considered a security issue
Individual Certs, SAN Certs or Wildcard Certs
In addition to certification configuration you can adjust
authentication options as well

Options for authentication include:
Integrated Windows authentication
Digest authentication
Basic authentication
Forms-based authentication

Forms-based is enabled by default but should be changed
on non-Internet facing CAS servers
Authentication Settings
We obtained and configured a CA approved SSL
certificate and then assigned services to it

We also discussed different authentication options

Scenario: SpyTechPrime
Additional Research
Understanding Client Access Server Namespaces
http://technet.microsoft.com/en-us/library/dd351198(v=exchg.141).aspx

Setting Up Single Namespace in Exchange 2013
http://3techies.com/?p=194

Roberts Rules of Exchange Namespace Planning
http://blogs.technet.com/b/exchange/archive/2010/11/22/robert-s-rules-
of-exchange-namespace-planning.aspx

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy