Forum Discussion

Divya C's avatar
Divya C
Copper Contributor
May 13, 2019
Solved

Exchange 2013 Hybrid with Reverse Proxy

Hi team,   My customer is having a 3-Tier architecture of Exchange 2013 infrastructure as below:   Tier 1 - SMTP Gateways, Hybrid CAS server Tier 2 - All CAS servers Tier 3 -  All Mailbox serve...
2013
exchange online
Exchange Server
hybrid
office 365
  • Danny Pastuszynski's avatar
    Danny Pastuszynski
    May 17, 2019

    Divya C Yes you can use IIS ARR for the reverse proxy just as that article states.  Hybrid auth isn't my specialty, but you don't need ADFS for SSO, AADC can provide this now (that article was published before AADC even came out).  You can see here you can use AADC or ADFS for SSO:  SSO options

    Hope that helps!

Divya C's avatar
Divya C
Copper Contributor
May 17, 2019

Danny PastuszynskiThanks Danny! The plan is to move Hybrid CAS which is also having mailbox role to Tier 2. The Reverse Proxy and Edge Transport shall be deployed in Tier 1 (which is like a DMZ). 

I would like to validate that this proposed design option shall remediate the issues with Autodiscover publishing and mail flow routing without exposing the internal mailbox servers. 

 

One last query I have is that - do we just use IIS ARR as reverse proxy to establish hybrid connectivity to Office 365. As per this TechNet article, it seems that IIS ARR also need ADFS to establish hybrid connectivity, but I think this is no longer a requirement since we are using AADC with PTA to provide single sign on authentication. Do you see that IIS ARR alone can fulfill this requirement to establish hybrid connectivity?

 

 

Danny Pastuszynski's avatar
Danny Pastuszynski
Icon for Microsoft rankMicrosoft
May 17, 2019

Divya C Yes you can use IIS ARR for the reverse proxy just as that article states.  Hybrid auth isn't my specialty, but you don't need ADFS for SSO, AADC can provide this now (that article was published before AADC even came out).  You can see here you can use AADC or ADFS for SSO:  SSO options

Hope that helps!

  • Divya C's avatar
    Divya C
    Copper Contributor
    May 17, 2019

    Danny PastuszynskiAppreciate it for clarifying my queries ! Thanks a lot!

     

    • Divya C's avatar
      Divya C
      Copper Contributor
      Jun 24, 2019

      Hello Danny Pastuszynski ,

       

      Happy to share that this design is proven to be working, have successfully deployed it in production. The Hybrid CAS server is behind IIS ARR which handles the external EWS/Autodiscover requests and Edge Transport handles the mail flow in Tier 1. 

      Thank you!

       

      Regards,

      Divya 

      Divya C 

Resources