Deployment Guide. AX Series with Microsoft Exchange Server

Deployment Guide AX Series with Microsoft Exchange Server

DEPLOYMENT GUIDE AX Series with Microsoft Exchange Server Table of Contents Introduction... 1 Prerequisites & Assumptions...1 Configuring AX for Microsoft Exchange Server... 2 Configuring Outlook Web Access Client Access...3 Configuring HTTP Health Monitor for Exchange Web Service...3 Configuring Real Servers for Exchange...4 Service Group Configuration...5 IP Source NAT Configuration...6 Creating Templates for Outlook Web Access...7 Configuring HTTP Template...8 Configuring Cookie Persistence Template...9 Configuring TCP-Proxy Template...10 Configuring RAM Caching Template...11 Configuring HTTP Virtual Server...13 Configuring AX for Outlook Web Access Component of Client Access Using SSL... 16 Configuration Steps...16 Import SSL Certificate...16 Configuring SSL Server Template...18 Configuring SSL Client Template...18 Configuring HTTPS Virtual Server...19

Table of Contents Configuring AX for IMAP4 and POP3 Components of Client Access... 22 Configuring AX for IMAP4...22 Creating TCP Health Monitor for IMAP...22 Real Server Configuration for IMAP...23 Configuring IMAP Service Group...25 Creating Templates for IMAP4...26 TCP-Proxy template configuration...26 SSL Client template configuration...27 SSL Server template configuration...28 Configuring IMAP4 Virtual Server...28 Configuring AX for POP3...30 Creating TCP Health Monitor for POP3...31 Configuring POP3 Real Server...32 Configuring POP3 Service Group...34 Creating Templates for POP3...35 TCP-Proxy template configuration...35 SSL Client template configuration...36 SSL Server template configuration...37 Configuring POP3 Virtual Server...37 Configuring AX for SMTP... 40 Creating SMTP Health Monitor...40 Configuring SMTP Real Server...41 Configuring SMTP Service Group...43 Creating Template for SMTP...44 Configuring SMTPS Virtual Server...44 Summary and Conclusion... 47

Introduction This deployment guide contains confi guration procedures for AX Series server load balancers to support Microsoft Exchange Server. Microsoft Exchange provides reliable messaging with built-in protection against spam and viruses. Using Exchange, users throughout an organization can access e-mail, voice mail, calendars, and contacts from a wide variety of devices and from any location. For more information on Microsoft Offi ce Exchange Server, visit: http://www.microsoft.com/exchange/default.mspx The AX Series with its Advanced Core Operating System (ACOS) has been designed specifi cally for applications such as Exchange, providing better robustness in failover situations and performing intelligent load sharing of email processing. Prerequisites & Assumptions A10 s AX platform should be running software version 2.0 or later. All of the confi guration steps in this document apply to the AX platform. For information on the Exchange Server, refer to the appropriate Exchange documentation. http://technet.microsoft.com/en-us/library/aa998846.aspx It is assumed that users have some basic confi guration familiarity with both AX and Microsoft Exchange products. The AX can be confi gured in one armed mode or routed mode. This confi guration note used routed mode as an example confi guration. Performance by Design 1

Configuring AX for Microsoft Exchange Server This document contains deployment confi gurations for the following Exchange applications: Outlook Web Access Client POP3 and IMAP client components SMTP client component The confi guration steps in this document are based on AX Series Software Release 2.0 and Microsoft Windows Server running Exchange Server 2003. Figure 2.1 Logical deployment topology Performance by Design 2

Configuring Outlook Web Access Client Access Outlook Web Access (OWA) as part of Exchange Server allows users to connect remotely via a Web browser interface. OWA requires Web connectivity and can be used from Internet cafes and any other location that provides the connectivity. OWA interfaces through the HTTP and HTTPS protocols. Load balancing of OWA clients to Exchange through AX involves the confi guration procedures in the following sections. Configuring HTTP Health Monitor for Exchange Web Service The AX device can regularly check the health of real servers and service ports. Health checks ensure that client requests are directed only to available servers. It is a best practice to setup a health check that is specifi c to the application type. In this deployment guide, we use a health check that requests a page from the Web server on the Exchange system. To confi gure HTTP health monitor: 1. Select Config Mode > Service > Health Monitor 2. Click Add 3. On the Health Monitor section, enter a name for the monitor in the Name fi eld. In this example, the name HTTP-Exchg is used 4. On the Method section, select HTTP from the Type drop-down list 5. Confi guration of optional fi elds may be required for your deployment. In this deployment, we use a specifi c HTTP health check in the URL fi eld by issuing a GET (from the drop down list) for /iistest.htm and checking for the content Exchange Test in the Expect fi eld. You can do a similar health check for your setup 6. Click OK to fi nish confi guration of the health monitor. The health monitor appears in the health monitor table Performance by Design 3

Figure 2.2 Health Monitor Configuration Configuring Real Servers for Exchange Real server confi guration is the fi rst step in doing server load balancing. The health monitor that was created above is used to check the real server health. To confi gure a real server: 1. Select Config Mode > Service > SLB 2. Select Server on the menu bar 3. Click Add. The General section appears 4. In the Name fi eld, enter a name for the server. In this example, the name is Win-Exchg 5. In the IP Address fi eld, enter the IP address of the Exchange server 6. In the Health Monitor drop-down list, leave the default health monitor for Layer 3, which is ping to the server s IP address 7. In the Port section, enter the number of the service port in the Port fi eld for the real server. In this example, the port number is 80 Performance by Design 4

8. In the Health Monitor (HM) drop-down list for the port, select the confi gured HTTP health monitor above which is HTTP-Exchg 9. Click Add to add the port to the port list for the server 10. Click OK. The real server appears in the server table 11. Repeat this procedure for each of the Exchange servers Figure 2.3 Real Server Configuration Service Group Configuration A service group contains a set of real servers from which the AX device can select to service client requests. A service group allows you to virtually support multiple Exchange servers as one logical server. This example uses a service group that contains Exchange servers as real servers and the applicable service port 80. To confi gure a service group: 1. Select Config Mode > Service > SLB 2. Select Service Group on the menu bar 3. Click Add. The Service Group section appears 4. In Name fi eld, enter name of service group. In this example, the name is HTTP-Exchg Performance by Design 5

5. In the Algorithm drop-down list, select the preferred load-balancing method. You can control the load on each server by selecting the appropriate type of load balancing methods. For this confi guration, Round Robin is used 6. In the Server section, select a confi gured real server from the Server drop-down list 7. In the Port fi eld, enter the service port number (in this example, 80 ) 8. Click Add. Repeat steps 6-8 for each real server 9. Click OK. The new group appears in the service group table Figure 2.4 Service Group Configuration IP Source NAT Configuration This step confi gures the IP address pool to use for IP source Network Address Translation (NAT). This pool assigns IP addresses to clients that use the Exchange servers. When the AX device performs NAT for a port that is bound to the template, the device selects an IP address from the pool. Note: This step is optional for mapping between external IP addresses and internal IP addresses. To confi gure Source NAT: 1. Select Config Mode > Service > IP Source NAT 2. Select IPv4 Pool on the menu bar 3. Click Add. The IP Source NAT >IPv4 Pool > Create screen appears 4. Enter a Name for the pool. In this example, the pool name is Exchg-NAT Performance by Design 6

5. Enter the Start IP Address and End IP Address (the beginning and ending addresses in the range to use for the pool). This can be the same number for a single IP address. In this example we use 192.168.141.16 for both fi elds 6. Enter the network mask, in this example 255.255.255.0 7. If the AX device is deployed in transparent mode, enter the default Gateway to use for the NAT traffi c. (In this example, the AX device is deployed in route mode, so the fi eld is left blank.) 8. To use session synchronization for NAT translations, select the HA Group from the drop down list Note: In this guide, High Availability (HA) is not used 9. Click OK Figure 2.5 IP Source NAT Configuration Creating Templates for Outlook Web Access Templates are sets of confi guration parameters that apply to specifi c service types or to servers and service ports. Even though in some cases default templates can be used, it is recommended that you create templates specifi c for Exchange, thus allowing you to change the templates in the future without impacting the default templates, which others may be sharing also. For this deployment, the following types of templates are used: HTTP template Cookie-persistence template (Optional) TCP-Proxy template RAM Caching Template (Optional) SSL Client Template SSL Server Template Performance by Design 7

To place a template into use, you must bind it to the virtual port on the virtual server. The SSL client and server templates are covered in the section, OWA component of client access using SSL. Configuring HTTP Template HTTP templates have many options, including options to change information in the HTTP header, and select a service group based on the URL requested by the client. By default, all the options in this template are either disabled or not set, so you need to confi gure these options per your deployment requirements. To confi gure an HTTP template: 1. Select Config Mode > Service > Template 2. Select Application > HTTP on the drop down menu bar 3. Click Add. The HTTP section appears 4. Enter a Name for the template (in this example, Exchg-HTTP-Temp ) 5. Select or enter values for the template options you want to use. In this example, the default values are used for the remaining options 6. For further options on this screen you can continue, or when fi nished, click OK. The template then appears in the HTTP template list Figure 2.6 HTTP Template Configuration If continuing on the same confi guration: 1. Click on Compression section icon to expand and see the available options 2. Click the Enabled radio button next to Compression 3. Keep-Accept-Encoding Enabled will leave the Accept-Encoding header in HTTP request from clients instead of removing the header. To keep the Accept-Encoding fi eld in client requests, select Enabled next to Compression Keep Accept Encoding. Otherwise, to remove the fi eld, leave this option disabled Performance by Design 8

4. To specify the Min Content Length that is eligible for compression, enter the minimum number of bytes the content must be in the Compression Content Length fi eld. In our example we type 1024 5. To add more content types to be compressed: a. Click the Compression Type tab b. In the Type fi eld, enter the string for a content type to compress. In this example fi rst we type pdf c. Click Add d. Repeat step b and step c for each type of content to compress 6. Click OK Figure 2.7 HTTP Template Configuration Continuation Configuring Cookie Persistence Template Cookie Persistence inserts a cookie in the HTTP header of a server reply before sending the reply to the client. The cookie ensures that subsequent requests from the client for the same virtual server and virtual port are directed to the same service group, real server, or real service port for a specifi ed time confi g- ured in the expiration fi eld below. To confi gure Cookie Persistence: 1. Select Config Mode > Service > Template 2. Select Persistence > Cookie Persistence from the menu bar 3. Click Add to create a new template 4. In the Name fi eld, type the name of the template. In this example, the name is Exchg-Cookie. 5. In the Expiration fi eld, check the check box. We used the expiration time of 604800 seconds, which is seven days. (The maximum confi gurable expiration is one year.) 6. For the Cookie Name we used exchg-cookie Performance by Design 9

7. In the Path fi eld, type default path / 8. Click OK. The template appears in the Cookie Persistence template list Figure 2.8 Cookie Persistence Configuration Configuring TCP-Proxy Template TCP-Proxy Templates control TCP stack settings such as the idle timeout for TCP connections. Unless you need to change the setting for a TCP/IP stack parameter, you can use the default TCP-proxy template for the service type that uses it. To confi gure a TCP Proxy template: 1. Select Config Mode > Service > Template 2. Select TCP Proxy on the menu bar 3. Click Add 4. In the Name fi eld, enter a name for the new template. In this example, the name is Exchg- TCP-Proxy 5. In the Idle Timeout fi eld, the default value is 600 seconds. The defaults for this setting and the other settings are used in this example 6. Click OK Performance by Design 10

Figure 2.9 TCP Proxy Template Configuration Configuring RAM Caching Template To cache some content on the AX device itself, you can use a RAM caching template. In this case, the AX device directly serves content that is cached, and only sends requests to the cache server for content that is not cached on the AX device. RAM caching can be used with compression on the same virtual port. In this case, compressed objects are cached and served to clients. The RAM Cache can store a variety of static and dynamic content, serving this content instantly and effi ciently to a large number of users. Caching of HTTP content reduces the number of Web server transactions and hence the load on the servers. Caching of dynamic content reduces the latency and the cost of generating dynamic pages by application servers and database servers. Caching can also result in signifi cant reduction in page download time and in bandwidth utilization. RAM caching is especially useful for high-demand objects on a website, for static content such as images, and when used in conjunction with compression to store compressed responses and eliminating unnecessary overhead. The steps involved are as follows: Performance by Design 11

1. Select Config Mode> Service > Template 2. On the menu bar, select Application > RAM Caching 3. Click Add to create a new one 4. Enter a Name for the template, if you are creating a new one. This example name is Exchg- RAM 5. Enter or change any settings for which you do not want to use the default settings. Here we changed Age value to 7200 seconds 6. In the Max. Cache Field, default value is 10 MB, but we are using 50MB for Max. Cache 7. To confi gure a cache policy: a. In the URI fi eld, enter the portion of the URI string to match on. In this example we typed /apps/docs/ b. Select Cache from the Action drop-down list c. By default, the content is cached for the number of seconds specifi ed in the Age fi eld of the RAM Caching section. To override the aging period, specify the number of seconds in the Duration fi eld. We used 3600 for that d. Click Add 8. Click OK Figure 2.10 RAM Caching Template Configuration Performance by Design 12

Configuring HTTP Virtual Server When you confi gure a virtual server, you add a virtual service port for each of the load-balanced services. When adding a virtual service port, you specify the protocol port number for the port, and the service type. In this example, the service type is HTTP. Virtual port confi guration also includes binding the service group and the templates to the port. To confi gure a virtual server for the HTTP service: 1. Select Config Mode > Service > SLB 2. Select Virtual Server on the menu bar 3. Click Add. The General section appears 4. In the Name fi eld, enter a name for the virtual server. In this example, the name is Exchg- Web-HTTP 5. In the IP Address fi eld, enter the IP address that clients will request. In this example, the address is 192.168.141.11 Figure 2.11 Virtual Server Configuration 6. In the Port section, click Add. The Virtual Server Port section appears 7. In the Type drop-down list, select the service type. In this example, select HTTP 8. In the Port fi eld, enter the service port number. In this example, enter 80 9. In the Service Group drop-down list, select the service group. In this example, select service group HTTP-Exchg Performance by Design 13

Figure 2.12 Virtual Server Port Configuration Continue on the same confi guration: 10. The default port template is used for the Virtual Server Port Template, so leave default selected 11. In the Source NAT Pool drop-down list, select the pool confi gured above (in this example, Exchg-NAT ) 12. In the HTTP Template drop-down list, select the HTTP Template confi gured above (in this example, Exchg-HTTP-Temp ) 13. In the RAM Caching Template drop-down list, select the RAM caching template confi gured above (in this example Exchg-RAM ) 14. In the TCP-Proxy Template drop-down list, select the TCP-proxy template (in this example, Exchg-TCP-Proxy ) 15. In the Persistence Template Type select Cookie Persistence Template from the drop down. You can now select a Cookie Persistence Template drop-down list. Select the cookie-persistence template (in this example, Exchg-Cookie ) Figure 2.13 Virtual Server Port Configuration (Continuation) Performance by Design 14

16. Click OK. The port appears in the list of the Port section Figure 2.14 Virtual Server Port Configuration (Continuation) 17. Click OK. The virtual server appears in the virtual server list 18. Click Save to save the confi guration changes to the startup-confi g Note: As the confi guration is hierarchical, you need to click the OK button up to the top level of confi guration so that all the changes are applied. Performance by Design 15

Configuring AX for Outlook Web Access Component of Client Access Using SSL Configuration Steps To confi gure the AX device to load balance Exchange servers using SSL, use the steps described in the previous section, but on the virtual server, use service type and health check for HTTPS instead of HTTP. Before confi guring the virtual server, the following additional steps also are required: Create or import an SSL certifi cate Create an SSL client template Create an SSL server template Import SSL Certificate If you are importing a CA-signed certifi cate for which you used the AX device to generate the CSR, you do not need to import the key. The key is automatically generated on the AX device when you generate the CSR. To import the Certifi cate: 1. Select Config Mode> Service > SSL Management 2. On the menu bar, select Certificate 3. To import the certifi cate click Import. The SSL Management > Certificate > Import screen appears 4. In the Name fi eld, enter a name for the certifi cate. This is the name you will refer to when adding the certifi cate to a client-ssl or server-ssl template. In this example we type n1.pem 5. Select Certificate from the Type drop-down list, if not already selected 6. Click Browse and navigate to the location of the certifi cate 7. Click Open. The path and fi lename appear in the Source fi eld 8. Click OK. The certifi cate appears in the certifi cate and key list Performance by Design 16

Figure 3.1 SSL Certificate To create the Key: 1. Select Config Mode > Service > SSL Management 2. On the menu bar, select Certificate 3. Click on the Import button. The SSL Management > Certificate > Import screen appears. 4. In the Name fi eld, enter a name for the key. This is the name you will refer to when adding the key to a client-ssl or server-ssl template. In this example we used n1.key 5. Select Key from the Type drop-down list 6. Click Browse and navigate to the location of the key 7. Click Open. The path and fi lename appear in the Source fi eld 8. Click OK. The key appears in the certifi cate and key list Figure 3.2 SSL Key Performance by Design 17

Configuring SSL Server Template In this step, SSL server template is confi gured for the real server. To confi gure a Server SSL template: 1. Select Configure Mode > Service > Template 2. Select SSL > Server SSL from the menu bar 3. Click Add. The Server SSL section appears 4. In the Name fi eld, enter a name for the template. In this example, the name is Exchg-SSLserver 5. In the CA Cert Name drop-down list, select the certifi cate imported above 6. Click OK. The new template appears in the Server SSL template list Figure 3.3 Server SSL Template Configuration Configuring SSL Client Template In this step, SSL client template is confi gured for the HTTPS virtual server. The SSL certifi cate and key confi gured in the previous step are used here. Later, during confi guration of the virtual server, the template will be bound to the HTTPS virtual service port. To confi gure a client SSL template: 1. Select Config Mode > Service > Template 2. Select SSL > Client SSL from the menu bar and drop down list 3. Click Add. The Template >> Client SSL >> Create screen appears 4. In the Name fi eld, enter a name for the template. In this example, the name is Exchg-SSL 5. In the Certificate Name drop-down list, select the certifi cate imported above 6. In the Key Name fi eld, select the key imported above 7. Click OK. The new template appears in the Client SSL template list Performance by Design 18

Figure 3.4 Client SSL Template Configuration Configuring HTTPS Virtual Server In this step, a virtual server with SSL virtual service port is confi gured. 1. Select Config Mode > Service > SLB, if not still selected 2. Select Virtual Server on the menu bar 3. Click Add. The General section appears 4. In the Name fi eld, enter a name for the virtual server. In this example, the name is Exchg- Web-https 5. In the IP Address fi eld, enter the IP address that clients will request Figure 3.5 HTTPS Virtual Server Configuration 6. In the Port section, click Add. The Virtual Server Port section appears 7. In the Type drop-down list, select the service type. In this example, select HTTPS 8. In the Port fi eld, enter the service port number. In this example, enter 443 9. In the Service Group drop-down list, select the service group (in this example, HTTPS-Exchg, this may be HTTP-Exchg if the name was not changed in the original steps) Performance by Design 19

Figure 3.6 HTTPS Virtual Server Port Configuration Continue on the same confi guration: 10. In the Source NAT Pool drop-down list, select the pool confi gured above (in this example, Exchg-NAT ) 11. In the HTTP Template drop-down list, select the HTTP template confi gured above (in this example, Exchg-HTTP-Temp ) 12. In the RAM Caching Template drop-down list, select the RAM caching template confi gured above (in this example Exchg-RAM ) 13. In the Client-SSL Template drop-down list, select the confi gured client-ssl template (in his example, Exchg-SSL ) 14. In the Server-SSL Template drop-down list, select the confi gured server-ssl template (in this example, Exchg-SSL-Server ) 15. In the TCP-Proxy Template drop-down list, select the TCP-proxy template (in this example, Exchg-TCP-Proxy ) 16. Change the Persistence Template Type to Cookie Persistence Template. Then select the Cookie Persistence Template from the drop-down list in the fi eld below, (in this example, Exchg-Cookie ) Performance by Design 20

Figure 3.7 HTTPS Virtual Server Port Configuration (Continuation) 17. Click OK. The port appears in the Port section 18. Click OK 19. Click Save to save the confi guration changes to the startup-confi g Performance by Design 21

Configuring AX for IMAP4 and POP3 Components of Client Access POP3 and IMAP4 are protocols used to connect a client to the Microsoft Exchange Server. To access Exchange server with these protocols, clients use programs such as Outlook, Outlook Express or other third party clients such as Thunderbird and Eudora. AX is confi gured to service POP3 and IMAP4 with secure SSL connections. Configuring AX for IMAP4 This section contains confi guration steps for IMAP4 on AX, and the required steps are: Import Certifi cate and Key Confi gure TCP Health Monitor for port 993 Confi gure Real Server Confi gure Service-group Confi gure Template Confi gure Virtual Server Note: Follow the procedures outlined above in the OWA section for loading SSL certifi cates and keys for all the confi gurations below. Creating TCP Health Monitor for IMAP The fi rst step is to confi gure a health monitor for the Exchange server IMAP service. 1. Select Config Mode > Service > Health Monitor 2. Click Add 3. In the Health Monitor section, enter a name for the monitor in the Name fi eld. In this example, the name Exchg-TCP-IMAP is used 4. In the Interval and Timeout fi elds, default values are 30 and 5. But for this example we used 20 seconds as interval value and 3 seconds as timeout value for TCP health monitor 5. In the Method section, select TCP from the Type drop-down list 6. In the Port fi eld, enter port number 993 for IMAP4 with SSL service 7. Confi gure optional fi elds as required for your deployment. In this example, the default health monitor settings are used 8. Click OK to fi nish confi guration of the health monitor. The health monitor appears in the Health Monitor list Performance by Design 22

Figure 4.1 Health Monitor Configuration for IMAP Real Server Configuration for IMAP We are using IMAP service with secure SSL and therefore need to confi gure port 993 on the real server. Also we need to confi gure the TCP health monitor on the service port. The following steps are required to confi gure the IMAP real server. To confi gure a real server: 1. Select Config Mode > Service > SLB 2. Select Server on the menu bar 3. Click Add. The General section appears 4. In the Name fi eld, enter a name for the server. In this example, the name is Win-Exchg 5. In the IP Address fi eld, enter the IP address of the server. In this example the IP address value is 192.168.140.10 6. In the Health Monitor drop-down list, leave the default health monitor selected. This dropdown list specifi es the Layer 3 health monitor, which will ping the server s IP address 7. In the Port fi eld, enter the number of the service port on the real server. In this example, the port number is 993 Performance by Design 23

8. In the Health Monitor (HM) drop-down list for the port, select the previously confi gured TCP health monitor for IMAP Exchg-TCP-IMAP 9. Click Add to add the port to the port list for the server 10. Click OK. The real server appears in the server table 11. Repeat this procedure for each of the Exchange servers Figure 4.2 Real Server Configuration for IMAP Performance by Design 24

Configuring IMAP Service Group A service group contains a set of real servers from which the AX device can be selected to service client requests. A service group allows you to group multiple real servers to assign to a single virtual server. For IMAP4 the service port is 993. To confi gure a service group: 1. Select Config Mode > Service > SLB 2. Select Service Group on the menu bar 3. Click Add. The SLB >> Service Group >> Create screen appears 4. In Name fi eld, enter name of service group. In this example, the name is Exchg-IMAP4-SSL 5. In the Algorithm drop-down list, select the preferred load-balancing method. You can control the load on each server by selecting the appropriate type of load balancing methods. For this confi guration, Round Robin is used 6. In the Server fi eld, select a previously confi gured real server from the Server drop-down list. In this example real server is Win-Exchg 7. In the Port fi eld, enter the service port number. In this example the port number for IMAP service with SSL is 993 8. Click Add. Repeat steps 6-8 for each real server 9. Click OK. The new group appears in the service group table Figure 4.3 Service Group Configuration for IMAP Performance by Design 25

Creating Templates for IMAP4 For IMAP4 service confi guration, the following templates are used: TCP-Proxy Template SSL-Client Template SSL-Server Template TCP-Proxy template configuration TCP-proxy template controls TCP stack settings such as the idle timeout for TCP connections. Unless you need to change the setting for a TCP/IP stack parameter, you can use the default TCP-Proxy template for the service type that uses it. To confi gure a TCP-Proxy template: 1. Select Config Mode > Service > Template 2. Click TCP Proxy on the top menu bar 3. Click Add 4. In the Name fi eld, enter the name for the new template. In this example, the name is Exchg- IMAP-TCPProxy 5. In the Idle Timeout fi eld, the default value is 600 seconds. In this example we used 1200 seconds for idle timeout 6. Other settings are used in this example as default value 7. Click OK Figure 4.4 TCP Proxy Template Configuration Performance by Design 26

SSL Client template configuration In this step, the SSL client template is confi gured for the IMAP virtual server. We are using the IMAP service with secure SSL service so we need to confi gure the SSL client template on IMAP SSL service port 993. Import SSL Certifi cate and Key using steps confi gured in the Outlook Web Access component of Client Access Using SSL, Pg 21. To confi gure a client SSL template: 1. Select Config Mode > Service > Template 2. Select SSL > Client SSL from the top menu bar and drop down 3. Click Add. The Template >> Client SSL >> Create screen appears 4. In the Name fi eld, enter a name for the template. In this example, the name is Exchg-IMAP- Certi 5. In the Certificate Name drop-down list, select the certifi cate imported above. In this example, the name is also Exchange-IMAP-Cert 6. From the Key Name drop down, select the key imported above. In this example, the name is also Exchange-IMAP-Cert 7. In this example we changed the Cache Size to 10 8. Click OK. The new template appears in the Client SSL template list Figure 4.5 SSL Client Template Configuration Performance by Design 27