To configure a Virtual Service for HTTPS-based services, with SSL offloading and ESP enabled, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services > Add New.

  2. Enter a valid Virtual Address.
  3. Enter 443 as the Port.
  4. Enter a recognizable Service Name.
  5. Click Add this Virtual Service.
  6. Configure the settings as shown in the following table:

    * By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available for your Virtual Service and that a temporary one is used until a valid certificate is installed. Optional: You can export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure to export the certificate and private key as a Personal Information File (PFX). An SSL certificate can also be obtained from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by the LoadMaster. Optional: You can import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to the Importing and Assigning an SSL Certificate section.

    Section

    Option

    Value

    		 Comment
    SSL Properties SSL Acceleration Enabled* Click OK.

    Standard Options

    		Transparency Disabled
    Idle Connection Timeout 900 Click Set Idle Timeout.

    Advanced Properties

    		 Click Show Header Rules. Select the Modify URL rule. Click Add. Then, click Back.

    		Add Header to Request FRONT-END-HTTP:ON Click Set Header.
    Redirect URL https://%h%s Click Add HTTP Redirector. This creates a redirect Virtual Service on port 80 with the same IP address.
  7. Now the SubVSs need to be added. Expand the Real Servers section.

  8. Click Add SubVS.
  9. Click OK.

  10. To configure the SubVS, click Modify.

  11. Configure the settings as shown in the following table:

    * There are several characters that are not supported. These are the grave accent character ( ` ) and the single quotes (’). If a grave accent character is used in the SSO Greeting Message, the character does not display in the output. For example, a`b`c becomes abc. If a single quote is used, users will not be able to log in.

    Section

    Option

    Value

    		 Comment
    Basic Properties SubVS Name Enter a recognizable name, for example OWA, and click Set Nickname.

    Standard Options

    		Transparency Disabled
    Persistence Mode Super HTTP

    		Persistence Timeout 1 Hour
    ESP Options Enable ESP Enabled
    Client Authentication Mode Form Based

    		SSO Domain Select the relevant domain.
    Allowed Virtual Hosts Enter any required Allowed Virtual Hosts and click Set Allowed Virtual Hosts.
    Allowed Virtual Directories /owa* Click Set Allowed Directories.
    Server Authentication Mode Basic Authentication
    SSO Image Set Exchange
    SSO Greeting Message Please enter your Exchange credentials. Click Set SSO Greeting Message.*

    Real Servers

    		Checked Port 443 Click Set Check Port.
    URL /owa Click Set URL.
    Use HTTP/1.1 Enabled
    HTTP Method GET
  12. Now, add the remaining required SubVSs. The specific settings for the additional SubVSs, which differ from the above steps, are in the table below.

    SubVS Name

    Allowed Virtual Directories

    Client Auth. mode

    Server Auth. mode

    SSO Image Set

    SSO Greeting Message

    Health Check URL

    Autodiscover

    /autodiscover*

    None

    None

    n/a

    /autodiscover

    ECP

    /ecp*

    Form Based

    Basic Auth.

    Exchange

    Please enter your Exchange credentials.

    /ecp

    EWS

    /ews*

    None

    None

    n/a

    /ews

    ActiveSync

    /microsoft-server-activesync*

    Basic Auth.

    Basic Auth.

    n/a

    /microsoft-server-activesync

    OAB

    /oab*

    None

    None

    n/a

    /oab

    Powershell

    /powershell*

    None

    None

    n/a

    /powershell

    RPC

    /rpc*

    None

    None

    n/a

    /rpc

    Authentication Proxy

    /*

    Form Based

    Basic Auth.

    Exchange

    Please enter your Exchange credentials.

  13. When all the SubVSs have been added, go to the parent Virtual Service modify screen and expand the Advanced Properties section.

  14. Click Enable to enable Content Switching.
  15. Now, the content rules need to be assigned to each of the SubVSs. To do this, expand the SubVSs section.

  16. Click None.

  17. Select the relevant rule for the SubVS selected and click Add.
  18. Repeat the previous two steps to add rules to each of the SubVSs.
Note: In addition to the OWA rule, the root rule should also be assigned to the OWA SubVS.