In the Forefront UAG Management console, click the portal through which you want to publish Exchange services, and then, below the Applications list, click Add. The Add Application Wizard opens.

On the Select Application page of the wizard, in the Web list, click Microsoft Exchange Server (all versions).

On the Select Exchange Services page of the wizard, in the Exchange version list, click the version of the Exchange server you want to publish. Under Exchange services, select the Outlook Anywhere check box, and then click Next.

Note:
Outlook Anywhere is supported only for Exchange 2010 and Exchange 2007.

On the Configure Application page of the wizard, enter a name for the application.

On the Select Endpoint Policies page of the wizard, click Next. Endpoint policies are not applicable when publishing Outlook Anywhere.

On the Deploying an Application page of the wizard, choose whether to publish a single Web server or a farm of load-balanced Web servers.

On the Web Servers page of the wizard:

• In the Addresses list, enter the IP address or host name of the Client Access server.
  
  
• In the Public host name box, enter the public host name for this application.
  
  

Note:
When publishing Outlook Anywhere, Forefront UAG communicates with the Exchange Client Access server over HTTPS.

On the Authentication page of the wizard, select an authentication server to use for authenticating users to the application.

On the Outlook Anywhere page of the wizard, select the Enable Exchange Web Services and the Autodiscover service check box to publish the Exchange Web services automatically.

• In the Outlook Anywhere Authentication area, select one of the following:
  
  
  • No Authentication—Select this option to prevent Forefront UAG from replying to the Exchange server during authentication.
    
    
  • Use Basic authentication—Select this option to provide Basic authentication and authenticate user requests against the authentication server selected in the previous step of the wizard.
    
    
  • Use Kerberos constrained delegation—Select this option to authenticate user requests using Kerberos Constrained Delegation (KCD). If you select this option, you must also enter the Service Principal Name (SPN) and the public host name for the Outlook Anywhere service. This option uses NTLM to authenticate users to Forefront UAG.
    
    
• In the Autodiscover Authentication area, select one of the following:
  
  
  • No Authentication—Select this option to prevent Forefront UAG from replying to the Exchange server during authentication.
    
    
  • Use Basic Authentication—Select this option to provide Basic authentication, and authenticate user requests against the authentication server selected in the previous step of the wizard.
    
    
  • Use Kerberos constrained delegation—Select this option to authenticate user requests using KCD. If you select this option, you must also enter the SPN and the public host name for the Autodiscover service. This option uses NTLM to authenticate users to Forefront UAG.
    
    

On the Authorization page of the wizard, select which users are authorized to access this application.

On the Completing the Add Application Wizard page, click Finish.

The Add Application Wizard closes, and the application that you defined appears in the Forefront UAG Management console, in the Applications list.

Two additional applications are added to the application list:

• Autodiscover—The Autodiscover application that is required for the Autodiscover service.
  
  
• EWS—The Exchange Web Services application that is required to provide the following Exchange Web services:
  
  

  Important:
  If you change settings for any of these applications, you must manually make the changes for the other two applications. For example, if you remove a backend server from the Outlook Anywhere application, you must also remove it from the Autodiscover and EWS applications.

  • Availability—Provides information about availability and free/busy information.
    
    
  • Delegate management—Allows users to add and remove delegates and change delegate permissions.
    
    
  • Folder—Allows users to perform operations on the folders in a mailbox.
    
    
  • Item—Allows users to perform operations on the items in a mailbox.
    
    
  • Messaging records management—Allows the assignment of managed custom folders to mailbox users.
    
    
  • Notification—Notifies client systems of events and changes in mailboxes on the Exchange server.
    
    
  • Synchronization—Provides a one-way synchronized cached copy of a user’s folders and items.
    
    
  For further information about Exchange Web services, see Web Services (http://go.microsoft.com/fwlink/?LinkId=163150).
  
  

On the toolbar of the Forefront UAG Management console, click the Activate configuration icon, and then on the Activate Configuration dialog box, click Activate.

When the configuration is activated, the message "Forefront UAG configuration activated successfully" appears.

On the Forefront UAG server, in the Start menu, click Control Panel. Under Network and Internet click View network status and tasks, and then click Change adapter settings.

Configure additional IP addresses on the internal network adapter.

Each additional IP address can support approximately 60,000 connections to the Exchange Client Access server.

Open the Registry Editor and locate the following key: HKLM\SOFTWARE\WhaleCom\e-Gap\von\UrlFilter\Comm.

Create a new String Value with the name PortScalabilityIPs, and enter a comma separated list of IP addresses in Value data.