Reverse Proxy for Microsoft Exchange

With the end-of-life of Microsoft’s Threat Management Gateway (TMG), Exchange administrators are faced with the question of how to replace the reverse proxy features of TMG. Some admins may take the view that while Microsoft continue to offer support, they see no reason to replace TMG while others are searching for solutions that will fill the TMG roles. Acting as a reverse proxy in front of an Exchange deployment is one of the major TMG roles and replacement can be addressed in a number of ways such as using Application Request Routing (ARR) or by deploying a load balancer. As a reverse proxy, TMG also implemented features such as session logging, Kerberos authentication, content caching, compression and application layer protection. While ARR offers a way to implement the load balancing component of TMG, it does not offer the depth of features that TMG provided.

 

KEMP LoadMaster is a viable replacement of the reverse proxy functionality of TMG with pre-defined templates for Exchange 2010, 2013 and 2016* and also for Lync and Skype for Business. As a reverse proxy in an Exchange environment a LoadMaster will provide:

  • Reverse Proxy
  • Caching and Compression
  • SSL offload and acceleration
  • Web Application Firewall (WAF)
  • Daily WAF rule updates via optional subscription
  • End Point Pre-Authentication
  • Persistent Logging and Reporting
  • Single Sign On across Virtual Services
  • Active Directory Integration
  • RADIUS Authentication Support
  • LDAP integration
  • Customizable Sign-on Forms
  • Soft Lockout
  • Group Membership Validation
  • Dual factor authentication (SecurID)
  • Kerberos KCD
  • NTLM & Basic Authentication
  • Certificate based client authentication

 

The above list is not exhaustive but gives an indication of how a LoadMaster not only delivers the TMG reverse proxy feature set but adds significant additional value in a future-proofed and scalable package.