My blog has now moved to a new hoster, availability and performance have made this step necessary (primarily availability). My blog is now hosted by Strato and Strato offers a nice feature that makes it much easier for me to use the Exchange web services. First, let me tell you a bit about the technology behind frankysweb.de:
Strato hosts my domain frankysweb.de. At home I have a vmWare ESXi 5.1 server with currently 7 VMs (for the sake of clarity I have only drawn in the VMs concerned). My internet provider only provides me with a dynamic IP that changes every 24 hours. However, Strato offers the possibility to create subdomains and to fill them with a dynamic IP address similar to DynDNS (which I used before) and to keep them up to date via client.
Dynamic IP and Strato:
http://www.strato-faq.de/artikel.html?articleid=2097
In this article I describe how I connected my private Exchange environment to the Internet. This article is therefore only for general understanding, but smaller Exchange organizations in particular can be made available externally in this way. I use a Sophos UTM 9 as a firewall. This solution offers a web application firewall that can be used for Active Sync and OWA. Unfortunately, the UTM 9 does not yet support RPCoverHTPPS. Outlook Anywhere can therefore not be used, at least not if you want to use the Sophos UTM web application firewall for security.
I have therefore set up an additional network as a DMZ on the ESX server and installed a server with Microsoft Forefront TMG. You could also make the Exchange web services accessible via port forwarding without a reverse proxy like Forefront TMG. However, this is not recommended for security reasons.
I then set up a port forward for port 443 (HTTPS) to the TMG server on the Sophos UTM firewall, no other ports are required:
The configuration at Strato for the subdomains "OWA" and "Autodiscover" looks like this (the small symbol in the DNS column indicates that it is a dynamic IP)
The ForeFront TMG server only has one virtual network card. I have therefore configured routing between the DMZ and the internal network. The setup is of course different for each router and/or firewall, so I will not describe it here and will only briefly describe the connection path:
My notebook establishes an RPCoverHTTPS connection to owa.frankysweb.de, the firewall forwards the request via port forward to the TMG server (red arrow). The TMG server authenticates the client and then forwards the request to the Exchange server in the internal network. Since I only have one virtual network card in the TMG server, the request runs through the firewall again (green arrow).
All Exchange Web Services are published in the Forefront TMG. The setup is simple as it can be done using wizards, only Autodiscover requires some manual work:
Autodiscover is configured to the "Outlook Anywhere" rule by adding an entry with "Autodiscover.frankysweb.de" under the "Public name" tab in the properties
And "Autodiscover" is also entered under the "Paths" tab.
The setup of Forefront TMG is described in detail by Microsoft, so I think I can save myself the instructions here as well:
http://www.microsoft.com/en-us/download/details.aspx?id=8946
Conclusion: Dynamic IP and subdomain at Strato works wonderfully. Especially small organizations (like mine) can be connected wonderfully. With DynDNS.org it was much more complicated. The only question is where to get a free certificate for a subdomain, StartSSL is a great service, but unfortunately does not issue certificates for subdomains. Does anyone have any tips?