Microsoft Exchange Server provides a reliable messaging system, with built-in protection against spam and viruses. Using Exchange, users throughout your organization can access e-mail, voice mail, calendars, and contacts, from a wide variety of devices and from any location.
Forefront Unified Access Gateway (UAG) provides end users with secure remote access to the following Exchange mail services:
- Outlook Web Access—Outlook Web Access
(OWA) is the Exchange mail service that allows users to access
their Exchange mailbox from any Web browser. There are two versions
of Outlook Web Access: Outlook Web Access Light
and Outlook Web Access Premium.
Outlook Web Access Light supports accessibility features
for users who are blind or have low vision; it provides a
simplified user interface and reduced feature set compared with
Outlook Web Access Premium. Outlook Web Access
Premium provides features that are currently not available in the
Light version, such as, Unified Messaging and the ability to check
Note: In Exchange Server 2010, Outlook Web Access is referred to as Outlook Web App.
- Outlook Anywhere (RPC over HTTP)—The
Outlook Anywhere feature for Exchange lets your
Microsoft Office Outlook 2010 and Outlook 2007
clients connect to their Exchange servers over the Internet, by
using the RPC over HTTP Windows networking component.
Exchange Server provides Exchange Web Services through the Outlook Anywhere feature, as an extensibility point for clients that connect to the computer that is running Exchange and consume information about user availability, and the manipulation of items that are located in the Exchange data store.
Exchange Server includes a Microsoft Exchange service, named the Autodiscover service. The Autodiscover service configures client computers that are running Microsoft Office Outlook 2010 or Microsoft Office Outlook 2007. The Autodiscover service can also configure supported mobile devices. The Autodiscover service provides access to Microsoft Exchange features for Outlook 2010 and Outlook 2007 clients that are connected to your Microsoft Exchange messaging environment.
Outlook Anywhere provides the following benefits:
- You can use the same URL and namespace that
you use for Microsoft Exchange ActiveSync and
Outlook Web Access.
- You do not need to use a virtual private
network (VPN) to access Exchange servers across the Internet.
- NTLM/KCD authentication—You can
configure Forefront UAG such that NTLM is used to authenticate the
user to the Forefront UAG server, and Kerberos Constrained
Delegation (KCD) is used to authenticate the Forefront UAG server
to the Client Access server. When using NTLM/KCD authentication,
the user is not prompted for a user name and password.
This form of authentication provides the most secure configuration, and requires users to provide only one set of credentials to gain access to the Exchange Client Access server.
- Basic authentication—Users are
prompted for a user name and password when connecting to the Client
- Passthrough—You can configure
Forefront UAG so that it does not authenticate users when they
connect to the portal, and with no authentication between the
Forefront UAG server and the Client Access server.
- You can use the same URL and namespace that you use for Microsoft Exchange ActiveSync and Outlook Web Access.
ActiveSync—Exchange ActiveSync is a
Microsoft Exchange synchronization protocol that is optimized
to work together with high-latency and low-bandwidth networks. The
protocol, that is based on HTTP and XML, lets devices, such as
browser-enabled cellular telephones or Microsoft Windows Mobile
powered devices, access an organization's information on a server
that is running Microsoft Exchange. Exchange ActiveSync
enables mobile device users to access their e-mail, calendar,
contacts, and tasks, and to continue to access this information
while they are working offline.
With the release of Forefront UAG Service Pack 1, Exchange mail services that you publish through Forefront UAG can be protected by Information Rights Management (IRM) using Active Directory Rights Management Services (AD RMS). IRM can be used to protect e-mail messages and attachments. For information, see Understanding Information Rights Management http://go.microsoft.com/fwlink/?LinkId=189506.