Configuring External Client Access
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2011-11-09
By allowing remote access to Microsoft Exchange to users who are based outside the corporate network, an organization enables its employees to take full advantage of the technology their company provides. Remote access lets employees use many types of devices to communicate with their peers and customers from any place and at any time.
When an organization allows access to corporate resources from any location—perhaps with devices that aren’t controlled by the organization—it risks the security of the data and services that are accessed. Therefore it's critical to take measures to ensure that the data is accessed securely. This means you must implement technologies such as certificates, implement firewalls, and enforce pre-authentication and device or endpoint validation. This process is known as publishing Exchange.
When you publish Exchange, Microsoft offers two primary software-based options: Microsoft Forefront Threat Management Gateway 2010 (Forefront TMG) and Microsoft Forefront Unified Access Gateway 2010 (Forefront UAG). Both options offer publishing wizards and security features to provide secure access to Exchange when it's accessed from outside the safety of the corporate network. For more information about these two solutions, see Publishing Exchange Server 2010 with Forefront UAG and TMG.
In addition to configuring your chosen firewall and security solution, you must configure the individual Client Access server protocols for external access. For more information about how to configure the various Client Access server protocols for external access, see the following topics.