Exchange 2013 reverse proxy with IIS + Application Request Routing

If you are looking for an easy way to set up a reverse proxy for not directly publish your CAS on the internet and maybe place it in a DMZ to expose a not domain joined machine, the couple IIS + Application Request Routing (ARR) can do the trick. ARR can also be used as loadbalancer at zero cost (of course if you have the licenses to set up 1/2 Windows machines) and the configuration, following this guide, is very simple; the infrastructure that you want to get is something like this where the server with ARR interposes itself in the DMZ between the demands of the clients and the CAS servers in the corporate LAN:

ARR reverse proxy DMZ


Here you will find all the necessary steps to configure the reverse proxy / load balancer (if you have multiple CAS exchange):

An important configuration that in the guide is inserted only as “reccomended” is that at the end of the page, without this change Outlook Anywhere will not work:

“For optimization of RPC-HTTP traffic make the changes as stated. Click on the root of IIS and open the properties for Request Filtering. Then click on “Edit Feature Settings” and change the settings for “Maximum allowed content length” to the below.”

ARR reverse proxy

Another very interesting thing is that two servers with ARR can be put into high reliability through integrated service Network Load Balancer (NLB) of windows so you can get fully redundant infrastructure, balanced and scalable both from the point of view of the exchange services and from the point of view of the reverse proxy. At this link you will find a guide for configuring nlb in active / passive or active / active:

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.