Many Microsoft Exchange 2010 services use the HTTP/HTTPs protocol. The table below presents each service with its own settings:

Service name

Default URL path

Type of client

Persistence

Autodiscover

AS

/autodiscover/

Outlook

N/A

Exchange ActiveSync

EAS

/microsoft-server-activesync/

Mobile phones

Authorization header

Exchange Control Panel

ECP

/ecp/

Web browser

LB cookie (shared with OWA)

Exchange Web Services

EWS

/ews/

3rd-party applications

N/A

Offline Address Book

OAB

/oab/

Outlook

N/A

Outlook Anywhere

OA

/rpc/rpcproxy.dll

Outlook

Source IP

Outlook Web App

OWA

/owa/

Web browser

LB cookie (shared with ECP)

For host names, you can apply various policies:

  • One host name for all services: mail.domain.com

  • One host name per service: autodiscover.domain.com, owa.domain.com, ews.domain.com, etc...

  • A mix of the above: Outlook Anywhere over oa.domain.com and all other services over mail.domain.com

There are three main architecture layouts possible for Exchange 2010 services running HTTP/HTTPs:

  • HTTP reverse proxy on HTTP (TCP/80) and TCP forward on HTTPs (TCP/443)

  • HTTP reverse proxy on both HTTP and HTTPs, which means activating SSL offloading on HTTPs

  • SSL bridging (or re-encryption) to enable HTTP reverse proxy on both HTTP and HTTPs and get connected using HTTPs on the server side

HAProxy can accommodate any configuration you choose from the information above.

For most deployments, a configuration in SSL offloading or in HTTPs forward mode is the simplest way.

For larger deployments (2000+ users in SSL offloading or 1000+ users in SSL bridging), we recommend a combination such as:

  • One host name and one VRRP IP for Outlook Anywhere, configured in TCP forward mode for HTTPs

  • One host name for all other services, configured in SSL offloading or SSL bridging mode