Search <book_title>...

Enterprise Vault™ Deploying the Office Mail App externally through TMG

Last Published: 2021-03-23

Product(s): Enterprise Vault (14.1, 14.0, 12.5, 12.4, 12.3, 12.2, 12.1, 12.0, 11.0.1, 11.0)

Deploying the Office Mail App externally through TMG

Deployment considerations

When publishing Enterprise Vault access through Microsoft Forefront Threat Management Gateway (TMG), it is likely that administrators will only want to configure one external path, rather than presenting multiple externally reachable Enterprise Vault servers. This means that every manifest used to deploy the Enterprise Vault Office Mail App to user mailboxes will have to specify just one URL as the Mail App SourceLocation. The SourceLocation is the location that is used to load the Office Mail App when a user selects it from the App bar in Outlook 2013 or OWA 2013

The Enterprise Vault Setting up Exchange Server Archiving guide explains how this can be achieved using the BaseURL query string parameter for deploying to individual users or to the whole organization using the Exchange PowerShell command New-App.

When the BaseURL parameter is specified in the request to OfficeMailAppManifest.aspx, the generated manifest uses the specified base URL to construct the full SourceLocation path in the manifest. In contrast, when the BaseURL parameter is not specified, the SourceLocation path is based on the Enterprise Vault storage server that archives the mailbox (identified by the LegacyMbxDn query string parameter in the New-App command). This automatically achieves some degree of load balancing, where the Office Mail App only needs to be accessible on the organization's internal network.

For example, to deploy the Office Mail App to a single mailbox so that it can be used externally through TMG, BaseURL is used as follows.

The backtick character (`) is the PowerShell line-continuation character.

$Mbx = get-mailbox "mailbox"

New-App -mailbox $Mbx.LegacyExchangeDN -Url `
  ("http://EV_server/EnterpriseVault/OfficeMailAppManifest.aspx?LegacyMbxDn=" +
  $Mbx.LegacyExchangeDN + "&BaseURL=https://published_server/EnterpriseVault")

Where:

mailbox is the name of a mailbox that is enabled for archiving, and that you want to enable for the Office Mail App.
EV_server is the name of any Enterprise Vault server in your site. This Enterprise Vault server is not necessarily the one that is used to load the Office Mail App. The Enterprise Vault server that is used to load the Office Mail App is the server that is specified in the BaseURL parameter.
published_server is the name of the external server as published by the TMG.

Since the SourceLocation in the manifest will be used to load the Office Mail App in Outlook or OWA regardless of the location of the client (internal or external), then a split DNS configuration has to be used. The DNS configuration must ensure that externally published_server will resolve to the TMG.

Internally, there are the following possibilities for how DNS can be configured:

Make TMG publish the server (published_server) on the internal network and make the internal DNS resolve published_server to the internal TMG interface.
Pick one Enterprise Vault server and make the internal DNS resolve published_server to that Enterprise Vault server. If Office Mail App use is high, it could affect the overall performance of that server.
Use round robin DNS to resolve published_server to any one of the Enterprise Vault servers in the site.