In this scenario, the additional IP address, DNS A record, and additional
certificate are no longer necessary; standard SSL-encrypted basic authentication can
be used. The downside is that the increased security and functionality of FBA is lost
and the user is prompted with the standard Username/Password dialog box.
The only additional requirement is that this traffic be directed to an additional DNS
namespace, such as http://mail2.companyabc.com, so that it can be configured to point
the external A record for mail2 to the different external IP address. Of course, this requires
installing a separate certificate for the additional presence, which may add additional cost
to the environment, depending on whether third-party CAs are used. To finish the
example, in this case, CompanyABC would install and configure a certificate for
mail2.companyabc.com and associate all non-FBA traffic with that particular FQDN.
This solution provides a less than elegant, but fully supported solution to the problem of
enabling OMA, ActiveSync, and OWA with FBA at the same time.
TIP
If it is not feasible to obtain an additional external IP, DNS name, and certificate, the
fallback solution to the problem would be to simply use standard basic authentication
with OWA.
Pages:
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583