Follow the steps below to create a Virtual Service with ESP. In this example we will configure an owa for Exchange 2013 service.

  1. In the menu on the left, click Virtual Services and select Add New.

  2. Enter the Virtual Address, for example 10.11.0.157.
    Note: This is the Virtual IP address of the Virtual Service. It must be unique and not in use by any other device on the network.
  3. Enter 443 as the Port number as all workloads are accessing Exchange 2013 using HTTPS.
    Note: Creating Virtual Services for other protocols is outside the scope of this document.
  4. Enter the desired Service Name, for example Exchange 2013 owa.
  5. Ensure that tcp is selected as the Protocol.
  6. Click the Add this Virtual Service button.
  7. Expand the Real Servers section.
  8. Enter /OWA/healthcheck.htm as the URL.
  9. Click the Set URL button.
  10. Select GET from the HTTP Method drop-down list.
  11. Click the Add New button.

  12. Enter the relevant Real Server Address.
  13. Enter 80 as the port.
  14. Click Add This Real Server.
  15. Expand the SSL Properties section.

  16. Select the Enabled checkbox.
  17. Select the Reencrypt checkbox.
  18. Click the Manage Certificates button.
  19. Click Import Certificate.

  20. Click the first Choose File button.
  21. Browse to and select the relevant certificate.
  22. Click the second Choose File button.
  23. If needed, browse to and select the relevant Key File.
  24. Enter the Pass Phrase.
  25. Enter a name for the certificate in the Certificate Identifier text box.
  26. Click Save.
  27. Click OK.
  28. Select View/Modify Services in the main menu.
  29. Click Modify on the relevant Virtual Service.
  30. Expand the Standard Options section.

  31. Ensure that None is selected as the Persistence Options Mode.
  32. Ensure that round robin is selected as the Scheduling Method.
  33. Expand the ESP Options section.

  34. Select the Enable ESP check box.
  35. Select the relevant option in the Client Authentication Mode drop-down list.
  36. Select the relevant Domain that was created within the SSO Domain drop-down list.
  37. Enter the relevant hosts in the Allowed Virtual Hosts text box, for example mail.example.com.
    Note: More than one host can be provided by using a space-separated list. Wildcards can also be used, for example *progressdemo.com.
    Note: The Allowed Virtual Hosts text box should contain host names, not IP addresses.
  38. Enter any directories that can be accessed by the Virtual Services, for example /owa* in the Allowed Virtual Directories text box.
  39. Click Set Allowed Directories.
    Note: If a Virtual Service needs to allow more than one virtual directory, use a space-separated list. Optionally, a wildcard character can be used, for example /* to allow all virtual directories.
  40. Enter all the virtual directories that will not be pre-authorized by this Virtual Service, for example, /owa/guid* in the Pre-Authorization Excluded Directories field.
  41. Click Set Excluded Directories.
    Note:

    The Globally Unique Identifier (GUID) is unique to each organization. To find the correct GUID, run the following command on the Exchange Server:

    Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “OrganizationCapabilityClientExtensions”} | fl exchangeGUID, primarysmtpaddress
  42. Enter any groups that are allowed to access this Virtual Service in the Permitted Groups text box.
    Note: Multiple groups can be entered but the group names must be separated by a semi-colon.
    Note: The following characters are not allowed in permitted group names: / : + *
  43. Click Set Permitted Groups.
  44. Enable or disable the Include Nested Groups option.
    Note: There is a theoretical limit of approximately six nested groups.
    Note: This field relates to the Permitted Groups setting. Enable this option to include nested groups in the authentication attempt. If this option is disabled, only users in the top-level group are granted access. If this option is enabled, users in both the top-level and first sub-level group are granted access.
  45. Select an SSO Image Set, if required.
    Note: Custom SSO image sets can be created and uploaded to the LoadMaster. For more information, refer to the Custom Authentication Form, Technical Note.
  46. Enter a message in the SSO Greeting Message field, if required.
    Note: The SSO Greeting Message can have up to 255 characters. The field accepts HTML code, so the users can insert their own an image can be entered if desired. The grave accent character ( ` ) is not supported. If this character is entered in the SSO Greeting Message, the character will not display in the output, for example a`b`c becomes abc.
  47. Enter /owa/logoff.owa in the Logoff String text box.
    Note: In a customized environment, if the OWA logoff string has been changed, the modified logoff string must be entered here.
  48. If required, select the Display Public/Private Option which will show a public/private option on the login screen. When this option is enabled, the timeout value is determined based on which option the user selects. The timeout values are set in the manage SSO domain screen. For more information on the timeout fields, refer to the Create a Single Sign-On (SSO) Domain section. When the user selects Private their username is stored for that session.
  49. If needed, enable the Disable Password Form check box. This may be needed when password validation is not required, for example if using RSA SecurID authentication in a singular fashion.
  50. Select the relevant option in the Use Session or Permanent Cookies field.
    Note: Permanent cookies should only be used when using single sign on with SharePoint or similar services.
  51. Specify the User Password Change URL and User Password Change Dialog Message, if needed.
  52. Select Basic Authentication in the Server Authentication Mode drop-down menu.

You can check the status of the Virtual Service by selecting Virtual Services > View/Modify Services in the main menu. An Up status indicates that the latest health check passed successfully.