Enabling Clients to Securely Connect over the Internet

Client computers can connect to mailboxes on Microsoft Exchange Server computers remotely using TCP/IP over the Internet. By connecting over the Internet, users can read and send mail just as if they were on the same local area network (LAN) as the server. For example, if users from CompanyA need access to mail while visiting CompanyB, they can use CompanyB's Internet connection. Microsoft Outlook does not need to use a modem or Remote Access Service (RAS) to establish a remote connection with Microsoft Exchange Server. However, both the client and the server must support TCP/IP.

You can enable communication over the Internet with the least amount of security risk to your organization by performing these tasks:

• Configure your client to use encrypted RPCs. This ensures that messages transmitted over the Internet between a client and a server are secure and no one can tamper with them. For more information about configuring encrypted RPCs, see "Configuring Microsoft Outlook to Use Encrypted RPCs" earlier in this chapter.
• Specify the client's home server using the server's fully qualified domain name (FQDN). This enables the client to locate the home server.
• If the home server and the user account that is accessing the mailbox are in different domains, enable the client to be authenticated by the home server's domain. This gives the user access to the domain where the home server is located.
• If your organization uses an Internet firewall, configure the firewall to allow RPC communication. If a firewall is not used, RPC communication to the Internet is enabled by default.