Prior to Exchange 2013, the

StefanSchuessle · ‎08-03-2015

Hi,

we provide evault access through our owa server using a A10 loadbalancer. When using an old ms isa server and owa:2003, it was working with one authentication. once you are authenticated from owa, you could use the evault plugins.

now, not only that you have the evault plugin as well in the outlook client whoch does not make any sense to me as we have the evault templates, but users have to authenticate twice now.

support says we need isa´s authentication delegation feature, but the a10 offers that as well. we have an external domain name for the owa like

owa.mycompexternaldomain.de and an internal ad domain name like mycompinternaladname.de

do we need to so some rewriting as evault expects username@mycompinternaladname.de but gets username@mycompexternaldomain.de ?

Anyone had such a case ?

Cheers & KR

Stefan

Andrew_G_ · ‎08-03-2015

Prior to Exchange 2013, the OWA extensions were installed onto the Exchange servers. With new Mail App features available in Exchange 2013, the EV model changed to make use of those instead, and we no longer need to install anything on the Exchange Servers. These are available to OWA, and also to Outlook 2013.

The authentication model actually changed with the Exchange 2007 extensions though. For Exchange 2003, EV access was proxied via the Exchange Servers, but from Exchange 2007 the browser accesses search and archive explorer from EV directly and not via Exchange.

In order to facilitate single sign on, you can configure a load balancer/reverse proxy to allow the same credentials to be used to access both the Exchange Server and the EV server. I doubt you need the name translation - presumably users don't have separate logins for EV and Exchange?

I haven't any experience with A10, but a quick google shows that it's "Application Access Management" feature is probably what you need to look at.

Hope that helps

Andrew

VOX

owa 2013 with evault 10.x