A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud.
A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online in Microsoft Office 365.
In addition, a hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization.
Configure F5 LTM For Exchange Server Hybrid Deployments
I got the opportunity to work on this scenario in my current organization and I found that there is no clear documentation available for this, so I decided to share my experience on this.
Step1:- You need SMTP IApps for this deployment, navigate to the https://downloads.f5.com/ and login with your F5 credentials and click on the “Find a Download” option.
Click on the iApp templates Option and download the template file in your local PC and extract it.
Step2:- Now you need to use F5.smtp file which is located under SMTP Folder
now login into your F5 LTM and navigate to the iApps > Templates and Click on the Plus icon to import new template and select the overwrite existing template option at the time of import.
after template importing, click on the iApps > Application Services > Applications > Enter the name of the application and under the Template option, select the F5.smtp template.
Step3:- Here you need to enter your VIP IP along with Port Number and choose your pool but the main setting that you need to exchange for Exchange Server Hybrid Deployments is SMTP Encryption setting.
Select the “Forward Encrypted traffic without decryption (SSL-pass through ) and under Do you require STARTTLS for Server connection, select the “Yes, the SMTP servers require STARTTLS” option.
If you go to the VIP, you will find this VIP is not a standard VIP it’s a performance VIP with the FastL4 profile enabled.
Note:- use SMTP monitor to monitor the SMTP server pool.
Configure LTM for Hybrid Authentication in Exchange
if you are configuring LTM for hybrid authentication then the most important point that you need to consider is to use an intermediate certificate in your VIP.
PC browsers are ok with the root certificate but for mobile devices, an intermediate certificate is the most important requirement that you need otherwise mobile devices are not able to authenticate.
If you deployed the exchange through OWA then navigate to iAPPS and select your application here and click on the reconfigure.
under the “Which intermediate certificate do you want to use” must select your certificate and update it.
and navigate to https://testconnectivity.microsoft.com/tests/O365OlkMobHma/input
and enter the email id that you want to test and click on the perform test.
it will show you the successful result.
Hope this post helps you to Configure F5 LTM For Exchange Server Hybrid Deployments. if you have any queries, feel free to comment.