Application Template Deployment Guide Microsoft OWA Deployment Guide Deployment Guide Notice: The information in this publication

is subject to change without notice. THIS PUBLICATION IS PROVIDED AS IS WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. CITRIX SYSTEMS, INC. (CITRIX), SHALL NOT BE LIABLE FOR TECHNICAL OR EDITORIAL ERRORS OR OMISSIONS CONTAINED HEREIN, NOR FOR DIRECT, INCIDENTAL, CONSEQUENTIAL OR ANY OTHER DAMAGES RESULTING FROM THE FURNISHING, PERFORMANCE, OR USE OF THIS PUBLICATION, EVEN IF CITRIX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE. This publication contains information protected by copyright. Except for interna l distribution, no part of this publication may be photocopied or reproduced in any form without prior w ritten consent from Citrix. The exclusive warranty for Citrix products, if any, is stated in the product doc umentation accompanying such products. Citrix does not warrant products other than its own. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Copyright 2008 Citrix Systems, Inc., 851 West Cypress Creek Road, Ft. Lauderdale , Florida 333092009 U.S.A. All rights reserved. Table of Contents Introduction.................................................................... ......................................................................4 Solution Requirements........................................................... ...............................................................5 Prerequisites................................................................... ......................................................................5 Network Diagram................................................................. ................................................................6 Application Templates .......................................................... .................................................................7 Introduction.................................................................... .................................................................7 OWA Template.................................................................... .................................................................8 OWA Application Template Configuration.......................................... ................................................8 Characterization of the OWA Application......................................... ..................................................9 OWA Application Units........................................................... .........................................................11 Ordering of Application Units................................................... .......................................................16 OWA Public Endpoint Configuration - HTTP........................................ ...........................................17 OWA Load Balancing Configuration - HTTP......................................... ...........................................18 OWA Public Endpoint Configuration - HTTPS....................................... ..........................................19 OWA HTTP-to-HTTPS Redirect...................................................... ................................................20 Application Visualizer..........................................................

...........................................................22 Exporting Application Templates................................................. .........................................................23 Importing Application Templates................................................. .........................................................24 Appendix A - NetScaler Configuration............................................ .....................................................25 Introduction Citrix NetScaler optimizes the delivery of web applications increasing security an d improving performance and Web server capacity. This approach ensures the best total cost o f ownership (TCO), security, availability, and performance for Web applications. The Citrix NetScal er solution is a comprehensive network system that combines high-speed load balancing and content switching wit h state-of-the-art application acceleration, layer 4-7 traffic management, data compression, dynami c content caching, SSL acceleration, network optimization, and robust application security into a s ingle, tightly integrated solution. Deployed in front of application servers, the system significantly red uces processing overhead on application and database servers, reducing hardware and bandwidth costs. NetScaler Applications Templates - introduced in NetScaler 9.0 - provide an appl ication-centric view of the NetScaler systems policy configurations. From a single place within the GU I (AppExpert Applications) NetScaler administrators can: 1) Configure the various application features the NetScaler is fronting, 2) View which NetScaler functional modules (e.g., compression, cach ing, application firewall) are optimized and active for a given application unit. Additionally, Application Templates allow you to drill down and see which indivi dual NetScaler policies are active, and what policies are inactive but available, by application compone nt and NetScaler module. From this same view, individual policies can be created, activated and deactivat ed. Application templates can be downloaded, imported, modified and exported. Admini strators can download application templates built by Citrix, Citrix Partners and members of t he NetScaler community from the Citrix Community Website. These templates are easily imported into any NetScaler running NetScaler 9.0 or higher, jump starting the configuration and deployment process. Templates developed in-house can be easily exported and shared within your organization, or posted b ack to the Citrix Community Website for others to view and improve. Solution Requirements Application Front-End Switch - NetScaler Microsoft Outlook Web Access Prerequisites Citrix NetScaler L4/7 Application Switch, running version 9.0 build 61.9 (Quanti ty x 2 for HA) Windows Server 2003, Windows Exchange Server 2003 w/ Outlook Web Access ~or~ Windows Server 2008, Windows Exchange Server 2007 w/ Outlook Web Access Client laptop/workstation running Internet Explorer 6.0+, Ethernet port 9-pin serial cable -or- USB-to-serial cable

 The following is the Network that was used to develop this deployment guide. Network Diagram Microsoft Exchange Server Farm Citrix NetScaler int 1/2 int 1/7 Exchange Server Exchange Server VLAN 1 Exchange Server VLAN 200 Intranet/ Internet/ Extranet VLAN Legend NetScaler VLAN 1 VLAN 200 VLAN 1: Interface 1/2, Untagged NSIP: 10.217.105.51 / 24 SNIP: 10.217.105.52 / 24 VIP: 10.217.105.220 / 24 VLAN 200: Interface 1/7, Untagged SNIP: 10.217.104.209 / 24 Application Templates Introduction Application Templates are a new and simple approach to configuration management for complex enterprise applications. Applications are listed in the left-most column. In one simple view, you can view what is most important to you in terms of application delivery directly bel ow in the same column in what are called Application Units. You simply configure what constitutes the int eresting traffic for each application delivery unit, and turn on the rules for compression, caching, rewri te, filtering, responder and application firewall. This is largely different from having to go into each feat ure and define complex rules and expressions individually, reducing the time to deploy, easing management and improving the bottom line. What is important to the Application Expert is how the application is characteri zed by its content. In other words, what is the content that comprises the back-end application, and wh at are you most concerned with regarding its delivery. It is this content that we are most intere sted in, as we will build Application Templates surrounding this content. Methodology for Building an Application Template 1. Identify Application Workflows 2. Model Workflows into Application Units. Identification of workflows refers to the areas of the application that are important to Application Delivery, such as Reports,

Documents, Images, Stylesheets, Web Services and Portal Pages. Each of these workflows can be specifically identified by the type of content they generate from Server to Client and vice-verse. The process for entering Application Templates into the NetScaler Application Sw itch is simple. From the GUI, navigate to NetScaler AppExpert Applications. Select Add to add the Appli cation by name. Select Add again to enter an Application Unit, which refers to the workflow, for example Report Management. Enter the Expression to identify the reports, for example URL == /*.pd f. From this basis, the important operations can be configured upon all reports that appertai n to this application, such as compression, caching, rewrite, filtering, responder and application firewall. One final step involves adding the front-end Virtual IP Address (VIP) and back-e nd servers. Then, by virtue of this configuration, load balancing is in effect for this application. Load Balancing algorithms and persistence can be modified from the default values. OWA Template OWA Application Template Configuration Microsoft Exchange Server is a messaging and collaborative software product deve loped by Microsoft. It is part of the Windows Server System line of server products and is widely us ed by enterprises using Microsoft infrastructure solutions. Exchanges major features consist of electroni c mail, shared calendars and tasks, and support for mobile and web-based access to information, as well a s supporting very large amounts of data storage. Outlook Web Access (OWA) allows you to access your Exchange mailbox from any web browser, and is ideal for users who do not have access to Outlook. The Exchange directories a re found under the IIS web server and much of the content is standard web site fare. The OWA application can be found under the ExchWeb directory, and is characteriz ed by ASP web pages, javascript, content style sheets, XSL Stylesheets, HTML Component (HTC) F iles, images, and HTML files. Clients access their Exchange mailbox over HTTP and RPC over HTTP. H TTPS is used for secure communications. Many of the features found in Outlook are found in Outlook Web Access. From with in the Outlook Web Access interface you can access the same content for mail, calendars, contac ts, tasks and documents. What this means to an Application Expert is you will see a myriad of content bei ng passed through the Citrix NetScaler Application Switch. What is important to the Application Expert is how the OWA application is charac terized by its content. In other words, the content that comprises the back-end application and how that content flows through the Citrix NetScaler Application Switch. It is this content that we are most int erested in, as we will build Application Templates surrounding this content. Under the hood, the workfl ows are characterized

accordingly to the following table. Workflow Characterized By Components Server Pages Active Server Pages, HTML, XML .asp, .aspx, .htm, .html, .xml, .msp , .mspx, .mht, .mhtml, .xhtml Document Management Document Sharing & Storage, MS Office Documents, Reports, Spreadsheet, Forms .txt, .doc, .docx, .vcf, .mdb, .ps, .mpp, .cdf, .fif, .ins, .man, .latex, .spl, .hta, .dot, .dotx, .docm, .dotm, . rtf, .wps, .ppt, .pptx, .pot, .potx, .pptm, .potm, .thmx, .ppsx, .ppsm, .pps, .ppam, .pdf, .csv, .prn, .xsn, .xls, .xlsx, .xlt, .xltx, .xlsb, .xlsm, .xltm, .dif, .slk, .xlam, .xla Controls Stylesheets, Scripts .css, .js, .uls, .wsc, .htt, .htc, .dir Image Management Images .gif, .jpg, .jpeg, .tif, .tiff, .bmp, .wmf, .emf, .png, .ico, .xbm, Digital Media Audio, Video files .aiff, .au, .wav, .ra, .mid, .nix, .mp3, .m3u, .asx, .avi, .mpeg, .mp2, .mov, .ivf, .lsx, .asx, .swf, .iii Archives Archive files .z, .tgz, .gz, .sit, .tar, .zip, .cs, .rar, .arj, .lzh, . cab, .hqx, .ace, .ear Certificates Certificate files .p10, .p12, .p7m, .p7s, .p7b, .p7r, .cer, .crl, . sst, .pko, .cat, .stl Characterization of the OWA Application We know from experience that OWA workflows are characterized by the following co ntent: 10 If we examine the workflows in OWA, we know that some of this content is compres sible, while some is not. Some of this content is cacheable, while some is not. And so we form the basis of our Application Templa te. In summary, we want to configure the Application Template for the following features. A check indicates we want to enable the fea ture. The Default appears last and is a catch all for traffic that has not been characterized by our Application units. OWA Compression Caching Rewrite Filter Responder AppFw Server Pages Documents Controls Images Digital Media Archives Certificates Default 11 From the NetScaler GUI, select NetScaler AppExpert Applications. Select Add. Enter the Application Template Name. In this example, Outlook Web Access. OWA Application Units Configuration of the OWA Application Template involves defining Application Unit s for OWA Traffic. An Application Unit defines a subset of traffic that you are interested in apply ing template policies to. For example Images or Documents, or specific portions of content. Definition of Application units are

Request based, in that the expressions are built upon Request based rules. Select Add again, and enter the Application Unit. An Application Unit describes the Interesting Traffic or a type of content. In this example, Application Unit is Server Pages, identified by the rule expression: URL == /*.asp || URL == /*.aspx || URL == /*.htm || URL == /*.html || URL == /*.msp || URL == /*.mspx || URL == /*.mht || URL == /*.mhtml || URL == /*.xhtml || URL == /*xml ||. 12 Add the remaining Application Unit categories. 13 After all of the Application units have been added, enable Compression. Select Add Policy: Name: <policy name> Action: COMPRESS Expression: ns_true (Advanced Free Form) Select Create. Make sure the compression policy is selected. Click Ok. (In this example, our policy name is OWA_compress) 14 Enable Caching. Select Insert Policy. Policy Name: NOPOLICYCACHE. Select Invoke: New Policy Label. Cache Policy Label: OWA_ cache_label. Select Insert Policy: Select New Policy: Name: <policy name> Action: CACHE Expression: TRUE (Advanced Free Form) In this example, the cache policy name will be OWA_ cache_policy.

Select Create, Apply Changes, Close. Note: Now, the OWA_cache_ label can be re-used for the other Application Template Units. 15 To enable compression for other Application units, reuse the policy created in the previous step. Compression: select OWA_compress To enable caching for other Application Units, re-use the policy created in the previous step. Caching: Insert Policy. Policy Name: NOPOLICYCACHE Invoke: OWA_cache_label 16 Make sure you take this opportunity to Save the configuration. The Default Application Unit is a Catch-All for content that was not previously expressed in an Application Unit. Compression and Caching should be turned on as a default. After all of the Application units have been entered and the features configured, the Application Template will look like the following: Ordering of Application Units Order of Application Units matters from a top-down methodology. The first Applic ation Unit at the top of the list takes precedence. The next Application Unit in the list takes next p recedence, and so forth. The Default Application Unit appears last for all traffic that was not expressed in an Application unit. The Application units can be reordered by moving them up and down in the GUI interfa ce. Use the Move Up & Move Down buttons to re-order Application Units. Move them to the top of the list for higher precedence, or to the bottom of the list for lower precedence. 17 A couple final steps to complete the picture. We need to add the Front-end

VIP and Back-end servers. Select Configure Public Endpoints. Select Add. Select Configure Public Endpoints. Select Add. Add the IP Address and Port that the public users will access the Application with. Name: <endpoint name> Public IP Address: x.x.x.x Protocol: HTTP Port: 80 Select Ok. OWA Public Endpoint Configuration - HTTP The Front-End configuration, or public endpoints configuration, is the public fa cing IP Address(es) that users will use to access the Application. 18 Select Configure Backend Services. Select the Service Group tab. Select Add. Add the Servers by IP Address or Name, and Port Numbers the Servers use. Name: <server name> Server IP Address: x.x.x.x Port: 80 Protocol: HTTP These are the servers that we will load balance. Select the http-ecv monitor, in the monitor tab. Select Ok. OWA Load Balancing Configuration - HTTP Configuring backend services is the place where we add the backend servers to se nd traffic to. When the Application Template was created, a Load Balancing virtual server (vserver) was also created transparently. It is during the configuration of the backend services that we ca n change the default load balancing settings. Select the Methods and Persistence tab to set the Load Balancing method and Persistence method to be used. Select Ok. 19 To enable SSL or HTTPS for

the OWA Public Endpoints, select Add. Add the IP Address and Port that the public users will access the OWA Application with. Name: <endpoint name> Public IP Address: x.x.x.x Protocol: SSL Port: 443 Select the SSL Tab and Configure the NetScaler certificate to be used on the front-end public connections. Select Ok. OWA Public Endpoint Configuration - HTTPS The NetScaler Application Switch can be used as a secure SSL or HTTPS gateway to the OWA Applications. A NetScaler server certificate can be created using the SSL Certif icate Wizard by navigating SSL, Certificate Wizard. in the GUI to NetScaler 20 Select the Application Template Name, Click on Add. Add a new Application Unit for the redirect. Name: Https_Redirect Rule: URL == /* Select Create. Move it to the top of all Application Units. OWA HTTP-to-HTTPS Redirect To turn the OWA HTTP Portal into a secure HTTPS portal, a simple redirect needs to be added to the Application Template, which can be enabled and disabled at any time. Enable Responder. Select Insert Policy. Policy Name: NOPOLICYRESPONDER. Select Invoke: New Policy Label. 21 Create Responder Policy Label: http-to-httpsresponder. Select Insert Policy: Select New Policy: Name: http_to_https_ policy Action: http_to_https_ action Expression: HTTP. REQ.HEADER(Host). CONTAINS(strategic) && !CLIENT.SSL.IS_SSL

Select New Action: Name: http_to_https_ action Type: Redirect Expression: https:// strategic.citrixlabs.com/ + HTTP.REQ.URL Bypass Safety Check Select Create, Create, Create, Apply Changes to the Application Unit, then Close. 22 When complete, the Application Template can be viewed in the Application Template Visualizer. Application Visualizer When an Application Template is complete, all of the policies that are configure d can be viewed in the Application Visualizer. The Visualizer provides an end-to-end view of the Applic ation Flow from the Client to the Server. 23 To Export the Application Template, highlight the Application Template name, select Export. Exporting Application Templates Application Templates can be exported so that they can be shared, uploaded to th e Citrix Community Website, modified by others, and imported into other NetScaler switches to simpl ify and ease deployment. 24 To Import the Application Template, click on Application, select Import. When importing a template, you will need to Add or Select the Public Endpoints and Backend Service Groups. Importing Application Templates Application Templates can be imported into the Citrix NetScaler Application Swit ch. Templates can be downloaded from the Citrix Community Website or from local or network storage. Select the template to import. Templates are stored in <name>.gz file format. 25 Appendix A - NetScaler Configuration NetScaler set ns config -IPAddress 10.217.105.51 -netmask 255.255.255.0

enable ns feature LB CS CR CMP SSLVPN GSLB SSL CF IC REWRITE AppFw RESPONDER HTM LInjection enable ns mode FR L3 CKA TCPB Edge USNIP PMTUD set interface 0/1 -speed AUTO -autoneg ENABLED -haMonitor ON -trunk OFF -lacpMod e DISABLED -throughput 0 -bandwidthHigh 0 bandwidthNormal 0 set interface 1/1 -speed AUTO -flowControl RX -autoneg ENABLED -haMonitor ON -tr unk OFF -lacpMode DISABLED -throughput 0 bandwidthHigh 0 -bandwidthNormal 0 set interface 1/2 -speed AUTO -flowControl RX -autoneg ENABLED -haMonitor ON -tr unk OFF -lacpMode DISABLED -throughput 0 bandwidthHigh 0 -bandwidthNormal 0 set interface 1/3 -speed AUTO -flowControl RX -autoneg ENABLED -haMonitor ON -tr unk OFF -lacpMode DISABLED -throughput 0 bandwidthHigh 0 -bandwidthNormal 0 set interface 1/4 -speed AUTO -flowControl RX -autoneg ENABLED -haMonitor ON -tr unk OFF -lacpMode DISABLED -throughput 0 bandwidthHigh 0 -bandwidthNormal 0 set interface 1/5 -speed AUTO -flowControl RX -autoneg ENABLED -haMonitor ON -tr unk OFF -lacpMode DISABLED -throughput 0 bandwidthHigh 0 -bandwidthNormal 0 set interface 1/6 -speed AUTO -flowControl RX -autoneg ENABLED -haMonitor ON -tr unk OFF -lacpMode DISABLED -throughput 0 bandwidthHigh 0 -bandwidthNormal 0 set interface 1/7 -speed AUTO -flowControl RX -autoneg ENABLED -haMonitor ON -tr unk OFF -lacpMode DISABLED -throughput 0 bandwidthHigh 0 -bandwidthNormal 0 set interface 1/8 -speed AUTO -flowControl RX -autoneg ENABLED -haMonitor ON -tr unk OFF -lacpMode DISABLED -throughput 0 bandwidthHigh 0 -bandwidthNormal 0 add ns ip 10.217.104.209 255.255.255.0 -vServer DISABLED add vlan 200 bind vlan 200 -ifnum 1/7 bind vlan 200 -IPAddress 10.217.104.209 255.255.255.0 add vrID 60 bind vrID 60 -ifnum 1/2 set locationParameter -context geographic -q1label Continent -q2label Country -q 3label Region -q4label City -q5label ISP -q6label Organization add policy expression app_0_ApplicationsOutlookWebAccess ns_true add policy expression app_u_OutlookWebAccessServerPages ns_true add policy expression app_o_OutlookWebAccess ns_true add policy expression app_u_OutlookWebAccessDocumentManagement ns_true add policy expression app_u_OutlookWebAccessControls ns_true add policy expression app_u_OutlookWebAccessImageManagement ns_true add policy expression app_u_OutlookWebAccessDigitalMedia ns_true 26 add policy expression app_u_OutlookWebAccessArchiveFiles ns_true add policy expression app_u_OutlookWebAccessCertificates ns_true add policy expression app_u_OutlookWebAccessHttps_Redirect ns_true add server 10.217.105.152 10.217.105.152 add cs policy app_cs8 -rule SYS.EVAL_CLASSIC_EXPR(\URL == \/*\\) add cs policy app_cs9 -rule SYS.EVAL_CLASSIC_EXPR(\URL == \/*.asp\ || URL == \/*.aspx \ || URL == \/*.htm\ || URL == \/*.html\ || URL == \/*.xml\ || URL == \/*.msp\ || URL == \/*.mspx\ || URL == \/*.mht\ || URL == \ html\ || URL == \/*.xhtml\\) add cs policy app_cs10 -rule SYS.EVAL_CLASSIC_EXPR(\URL == \/*.txt\ || URL == \/*.doc \ || URL == \/*.docx\ || URL == \/*.vcf\ || URL == \/*.mdb\ || URL == \/*.ps\ || URL == \/*.mpp\ || URL == \/*.cdf\ || URL == \/ \ || URL == \/*.ins\ || URL == \/*.man\ || URL

== \/*.latex\ || URL == \/*.spl\ || URL == \/*.hta\ || URL == \/*.ppt\ || URL == \/* \ || URL == \/*.dot\ || URL == \/*.dotx\ || URL == \/*.docm\ || URL == \/*.dotm\ || URL == \/*.rtf\ || URL == \/*.wps\ || URL == \/*.po URL == \/*.potx\ || URL == \/*.pptm\ || URL == \/*.potm\ || URL == \/*.thmx\ || URL == \/*.ppsx\ || URL == \/*.ppsm\ || URL == \/*. | URL == \/*.ppam\ || URL == \/*.pdf\ || URL == \/*.csv\ || URL == \/*.prn\ || URL == \/*.xsn\ || URL == \/*.xls\ || URL == \/*.x | URL == \/*.xlt\ || URL == \/*.xltx\ || URL == \/*. xlsb\ || URL == \/*.xlsm\ || URL == \/*.xltm\ || URL == \/*.dif\ || URL == \/*.slk\ L == \/*.xlam\ || URL == \/*.xla\\) add cs policy app_cs11 -rule SYS.EVAL_CLASSIC_EXPR(\URL == \/*.css\ || URL == \/*.js\ || URL == \/*.uls\ || URL == \/*.wsc\ || URL == \/*.htt\ || URL == \/*.htc\ || URL == \/*.dir\\) add cs policy app_cs12 -rule SYS.EVAL_CLASSIC_EXPR(\URL == \/*.gif\ || URL == \/*.jpg \ || URL == \/*.jpeg\ || URL == \/*.tif\ || URL == \/*.tiff\ || URL == \/*.bmp\ || URL == \/*.wmf\ || URL == \/*.png\ || URL == \/*. | URL == \/*.xbm\\) add cs policy app_cs13 -rule SYS.EVAL_CLASSIC_EXPR(\URL == \/*.aiff\ || URL == \/*.au \ || URL == \/*.wav\ || URL == \/*.ra\ || URL == \/*.mid\ || URL == \/*.nix\ || URL == \/*.mp3\ || URL == \/*.m3u\ || URL == \/*.a URL == \/*.avi\ || URL == \/*.mpeg\ || URL == \/*.mp2\ || URL == \/*.mov\ || URL == \/*.ivf\ || URL == \/*.lsx\ || URL == \/*.asx\ L == \/*.swf\ || URL == \/*.iii\\) add cs policy app_cs14 -rule SYS.EVAL_CLASSIC_EXPR(\URL == \/*.z\ || URL == \/*.tgz\ | | URL == \/*.gz\ || URL == \/*.sit\ || URL == \/*.tar\ || URL == \/*.zip\ || URL == \/*.cs\ || URL == \/*.rar\ || URL == \/*.arj\ == \/*.lzh\ || URL == \/*.cab\ || URL == \/*.hqx\ || URL == \/*.ace\ || URL == \/*.ear\\) add cs policy app_cs15 -rule SYS.EVAL_CLASSIC_EXPR(\URL == \/*.p10\ || URL == \/*.p12 \ || URL == \/*.p7m\ || URL == \/*.p7s\ || URL == \/*.p7b\ || URL == \/*.p7r\ || URL == \/*.cer\ || URL == \/*.crl\ || URL == \ t\ || URL == \/*.pko\ || URL == \/*.cat\ || URL == \/*.stl\\) add serviceGroup OWAServers HTTP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO cltTimeout 180 -svrTimeout 360 -CKA YES -TCPB YES -CMP YES set rewrite param -undefAction NOREWRITE add cmp policy OWA_compress -rule ns_true -resAction COMPRESS add lb vserver app_0_ApplicationsOutlookWebAccess HTTP 0.0.0.0 0 -persistenceTyp e COOKIEINSERT -persistenceBackup SOURCEIP -lbMethod ROUNDROBIN -cltTimeout 180 -downStateFlush DISABLED add lb vserver app_u_OutlookWebAccessServerPages HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180 -downStateFlush DISABLED add lb vserver app_o_OutlookWebAccess HTTP 0.0.0.0 0 -persistenceType NONE -cltT imeout 180 -downStateFlush DISABLED add lb vserver app_u_OutlookWebAccessDocumentManagement HTTP 0.0.0.0 0 -persiste nceType NONE -cltTimeout 180 -downStateFlush DISABLED add lb vserver app_u_OutlookWebAccessControls HTTP 0.0.0.0 0 -persistenceType NO NE -cltTimeout 180 -downStateFlush DISABLED add lb vserver app_u_OutlookWebAccessImageManagement HTTP 0.0.0.0 0 -persistence Type NONE -cltTimeout 180 -downStateFlush DISABLED add lb vserver app_u_OutlookWebAccessDigitalMedia HTTP 0.0.0.0 0 -persistenceTyp e NONE -cltTimeout 180 -downStateFlush DISABLED 27 add lb vserver app_u_OutlookWebAccessArchiveFiles HTTP 0.0.0.0 0 -persistenceTyp e NONE -cltTimeout 180 -downStateFlush

DISABLED add lb vserver app_u_OutlookWebAccessCertificates HTTP 0.0.0.0 0 -persistenceTyp e NONE -cltTimeout 180 -downStateFlush DISABLED add lb vserver app_u_OutlookWebAccessHttps_Redirect HTTP 0.0.0.0 0 -persistenceT ype NONE -cltTimeout 180 -downStateFlush DISABLED add cs vserver OWA Public HTTP 10.217.105.220 80 -cltTimeout 180 add cs vserver OWA Public SSL SSL 10.217.105.220 443 -cltTimeout 180 set ns rpcNode 10.217.105.51 -password 8a7b474124957776a0cd31b862cbe4d72b5cbd598 68a136d4bdeb56cf03b28 -encrypted -srcIP 10.217.105.51 add responder action http_to_https_action redirect \https://strategic.citrixlabs.c om/\ + HTTP.REQ.URL -bypassSafetyCheck YES add responder policy http_to_https_policy HTTP.REQ.HEADER(\Host\).CONTAINS(\strategi c\) && !CLIENT.SSL.IS_SSL http_to_https_ action add responder policy http_to_https_responder_policy HTTP.REQ.HEADER(\Host\).CONTAIN S(\strategic\) && !CLIENT.SSL.IS_SSL http_to_https_action add responder policylabel http_to_https_responder bind responder policylabel http_to_https_responder http_to_https_policy 100 END set responder param -undefAction NOOP set cache parameter -memLimit 2048 -via NS-CACHE-8.0: 51 -verifyUsing HOSTNAME_AND _IP -maxPostLen 0 -enableBypass YES undefAction NOCACHE add cache contentGroup DEFAULT -quickAbortSize 4194303 -minHits 0 add cache contentGroup BASEFILE -relExpiry 86000 -weakNegRelExpiry 600 -quickAbo rtSize 4194303 -maxResSize 256 -memLimit 2 -minHits 0 add cache contentGroup DELTAJS -relExpiry 86000 -weakNegRelExpiry 600 -insertAge NO -quickAbortSize 4194303 -maxResSize 256 -memLimit 1 -minHits 0 -pinned YES add cache policy OWA_cache_policy -rule TRUE -action CACHE -storeInGroup DEFAULT add cache policy OWA_cache_docs -rule TRUE -action CACHE -storeInGroup DEFAULT add cache policy OWA_cache_controls -rule TRUE -action CACHE -storeInGroup DEFAU LT add cache policy OWA_cache_images -rule TRUE -action CACHE -storeInGroup DEFAULT add cache policy OWA_cache_digimedia -rule TRUE -action CACHE -storeInGroup DEFA ULT add cache policy OWA_cache_archives -rule TRUE -action CACHE -storeInGroup DEFAU LT add cache policy OWA_cache_default -rule TRUE -action CACHE -storeInGroup DEFAUL T add cache policylabel OWA_cache_label -evaluates REQ bind cache policylabel OWA_cache_label -policyName OWA_cache_policy -priority 10 0 -gotoPriorityExpression END bind serviceGroup OWAServers 10.217.105.152 80 -serverID 15280 bind lb vserver app_0_ApplicationsOutlookWebAccess OWAServers bind lb vserver app_u_OutlookWebAccessServerPages OWAServers bind lb vserver app_o_OutlookWebAccess OWAServers bind lb vserver app_u_OutlookWebAccessDocumentManagement OWAServers bind lb vserver app_u_OutlookWebAccessControls OWAServers 28 bind lb vserver app_u_OutlookWebAccessImageManagement OWAServers bind lb vserver app_u_OutlookWebAccessDigitalMedia OWAServers bind lb vserver app_u_OutlookWebAccessArchiveFiles OWAServers bind lb vserver app_u_OutlookWebAccessCertificates OWAServers bind lb vserver app_u_OutlookWebAccessHttps_Redirect OWAServers bind lb vserver app_o_OutlookWebAccess -policyName OWA_compress bind lb vserver app_u_OutlookWebAccessDocumentManagement -policyName OWA_compres

s bind lb vserver app_u_OutlookWebAccessControls -policyName OWA_compress bind lb vserver app_u_OutlookWebAccessDocumentManagement -policyName OWA_cache_d ocs -priority 100 -gotoPriorityExpression END -type REQUEST bind lb vserver app_u_OutlookWebAccessControls -policyName OWA_cache_controls -p riority 100 -gotoPriorityExpression END -type REQUEST bind lb vserver app_u_OutlookWebAccessImageManagement -policyName OWA_cache_imag es -priority 100 -gotoPriorityExpression END -type REQUEST bind lb vserver app_u_OutlookWebAccessDigitalMedia -policyName OWA_cache_digimed ia -priority 100 -gotoPriorityExpression END -type REQUEST bind lb vserver app_u_OutlookWebAccessArchiveFiles -policyName OWA_cache_archive s -priority 100 -gotoPriorityExpression END -type REQUEST bind lb vserver app_o_OutlookWebAccess -policyName OWA_cache_default -priority 1 00 -gotoPriorityExpression END -type REQUEST bind lb vserver app_u_OutlookWebAccessHttps_Redirect -policyName http_to_https_r esponder_policy -priority 100 -gotoPriorityExpression END bind cs vserver OWA Public SSL app_u_OutlookWebAccessHttps_Redirect -policyName ap p_cs8 -priority 50 bind cs vserver OWA Public SSL app_u_OutlookWebAccessServerPages -policyName app_c s9 -priority 100 bind cs vserver OWA Public SSL app_u_OutlookWebAccessDocumentManagement -policyNam e app_cs10 -priority 200 bind cs vserver OWA Public SSL app_u_OutlookWebAccessControls -policyName app_cs11 -priority 300 bind cs vserver OWA Public SSL app_u_OutlookWebAccessImageManagement -policyName a pp_cs12 -priority 400 bind cs vserver OWA Public SSL app_u_OutlookWebAccessDigitalMedia -policyName app_ cs13 -priority 500 bind cs vserver OWA Public SSL app_u_OutlookWebAccessArchiveFiles -policyName app_ cs14 -priority 600 bind cs vserver OWA Public SSL app_u_OutlookWebAccessCertificates -policyName app_ cs15 -priority 700 bind cs vserver OWA Public SSL app_o_OutlookWebAccess bind lb monitor http-ecv OWAServers add route 0.0.0.0 0.0.0.0 10.217.105.1 -distance 205 -cost 65535 set ssl parameter -encryptTriggerPktCount 45 add ssl certKey ns-server-certificate -cert ns-server.cert -key ns-server.key add ssl certKey NS2CA.keypair -cert NS2CA.cer -key NS2CA.key add ssl certKey NS2Server.keypair -cert NS2Server.cer -key NS2Server.key bind ssl vserver OWA Public SSL -certkeyName NS2Server.keypair bind ssl vserver OWA Public SSL -certkeyName NS2CA.keypair -CA 29 set uiinternal CSVSERVER OWA Public SSL -rule used as an application endpoint set uiinternal EXPRESSION app_0_ApplicationsOutlookWebAccess -uiinfo P%Applicatio ns^ET%PE^CS%OWA Public SSL^ set uiinternal EXPRESSION app_u_OutlookWebAccessServerPages -uiinfo P%app_0_Appli cationsOutlookWebAccess^ET%PE^PR%100^ CS%OWA Public SSL^ -rule URL == \/*.asp\ || URL == \/*.aspx\ || URL == \/*.htm\ || UR = \/*.html\ || URL == \/*.xml\ || URL == \/*.msp\ || URL == \/*.mspx\ || URL == \/*.mht\ || URL == \/*.mhtml\ || URL == \/*.x set uiinternal EXPRESSION app_o_OutlookWebAccess -uiinfo ET%PE^P%app_0_Applicatio nsOutlookWebAccess^CS%OWA Public SSL^ set uiinternal EXPRESSION app_u_OutlookWebAccessDocumentManagement -uiinfo P%app_

0_ApplicationsOutlookWebAccess^ET%PE ^PR%200^CS%OWA Public SSL^ -rule URL == \/*.txt\ || URL == \/*.doc\ || URL == \/*.docx || URL == \/*.vcf\ || URL == \/*.mdb\ || URL == \/*.ps\ || URL == \/*.mpp\ || URL == \/*.cdf\ || URL == \/*.fif\ || URL == \/ \ || URL == \/*.man\ || URL == \/*.latex\ || URL == \/*.spl\ || URL == \/*.hta\ || URL == \/*.ppt\ || URL == \/*.pptx\ || URL == \/*. | URL == \/*.dotx\ || URL == \/*.docm\ || URL == \/*.dotm\ || URL == \/*.rtf\ || URL == \/*.wps\ || URL == \/*.pot\ || URL == \/*.pot URL == \/*.pptm\ || URL == \/*.potm\ || URL == \/*.thmx\ || URL == \/*.ppsx\ || URL == \/*.ppsm\ || URL == \/*.pps\ || URL == \/*.p | URL == \/*.pdf\ || URL == \/*.csv\ || URL == \/*.prn\ || URL == \/*.xsn\ || URL == \/*.xls\ || URL == \/*.xlsx\ || URL == \/*. | URL == \/*.xltx\ || URL == \/*.xlsb\ || URL == \/*. xlsm\ || URL == \/*.xltm\ || URL == \/*.dif\ || URL == \/*.slk\ || URL == \/*.xlam\ L == \/*.xla\ set uiinternal EXPRESSION app_u_OutlookWebAccessControls -uiinfo P%app_0_Applicat ionsOutlookWebAccess^ET%PE^PR%300^CS %OWA Public SSL^ -rule URL == \/*.css\ || URL == \/*.js\ || URL == \/*.uls\ || URL == .wsc\ || URL == \/*.htt\ || URL == \/*.htc\ || URL == \/*.dir\ set uiinternal EXPRESSION app_u_OutlookWebAccessImageManagement -uiinfo P%app_0_A pplicationsOutlookWebAccess^ET%PE^PR %400^CS%OWA Public SSL^ -rule URL == \/*.gif\ || URL == \/*.jpg\ || URL == \/*.jpeg\ URL == \/*.tif\ || URL == \/*.tiff\ || URL == \/*.bmp\ || URL == \/*.wmf\ || URL == \/*.png\ || URL == \/*.ico\ || URL == \/*.xbm\ set uiinternal EXPRESSION app_u_OutlookWebAccessDigitalMedia -uiinfo P%app_0_Appl icationsOutlookWebAccess^ET%PE^PR%500 ^CS%OWA Public SSL^ -rule URL == \/*.aiff\ || URL == \/*.au\ || URL == \/*.wav\ || UR = \/*.ra\ || URL == \/*.mid\ || URL == \/*. nix\ || URL == \/*.mp3\ || URL == \/*.m3u\ || URL == \/*.asx\ || URL == \/*.avi\ || = \/*.mpeg\ || URL == \/*.mp2\ || URL == \/*. mov\ || URL == \/*.ivf\ || URL == \/*.lsx\ || URL == \/*.asx\ || URL == \/*.swf\ || = \/*.iii\ set uiinternal EXPRESSION app_u_OutlookWebAccessArchiveFiles -uiinfo P%app_0_Appl icationsOutlookWebAccess^ET%PE^PR%600^ CS%OWA Public SSL^ -rule URL == \/*.z\ || URL == \/*.tgz\ || URL == \/*.gz\ || URL == .sit\ || URL == \/*.tar\ || URL == \/*.zip\ || URL == \/*.cs\ || URL == \/*.rar\ || URL == \/*.arj\ || URL == \/*.lzh\ || URL == cab\ || URL == \/*.hqx\ || URL == \/*.ace\ || URL == \/*.ear\ set uiinternal EXPRESSION app_u_OutlookWebAccessCertificates -uiinfo P%app_0_Appl icationsOutlookWebAccess^ET%PE^PR%700^C S%OWA Public SSL^ -rule URL == \/*.p10\ || URL == \/*.p12\ || URL == \/*.p7m\ || URL \/*.p7s\ || URL == \/*.p7b\ || URL == \/*. p7r\ || URL == \/*.cer\ || URL == \/*.crl\ || URL == \/*.sst\ || URL == \/*.pko\ || = \/*.cat\ || URL == \/*.stl\ set uiinternal EXPRESSION app_u_OutlookWebAccessHttps_Redirect -uiinfo P%app_0_Ap plicationsOutlookWebAccess^ET%PE^PR%50 ^CS%OWA Public SSL^ -rule URL == \/*\ 30 www.citrix.com Citrix Worldwide Worldwide headquarters Citrix Systems, Inc. 851 West Cypress Creek Road Fort Lauderdale, FL 33309 USA T +1 800 393 1888 T +1 954 267 3000 Regional headquarters

Americas Citrix Silicon Valley 4988 Great America Parkway Santa Clara, CA 95054 USA T +1 408 790 8000 Europe Citrix Systems International GmbH Rheinweg 9 8200 Schaffhausen Switzerland T +41 52 635 7700 Asia Pacific Citrix Systems Hong Kong Ltd. Suite 3201, 32nd Floor One International Finance Centre 1 Harbour View Street Central Hong Kong T +852 2100 5000 Citrix Online division 5385 Hollister Avenue Santa Barbara, CA 93111 USA T +1 805 690 6400 www.citrix.com About Citrix Citrix Systems, Inc. (Nasdaq:CTXS) is the global leader and the most trusted nam e in application delivery infrastructure. More than 200,000 organizations worldwide rely on Citrix to deliver any application to use rs anywhere with the best performance, highest security and lowest cost. Citrix customers include 100% of the Fortune 100 compa nies and 98% of the Fortune Global 500, as well as hundreds of thousands of small businesses and prosumers. Citrix has approxima tely 6,200 channel and alliance partners in more than 100 countries. Annual revenue in 2006 was $1.1 billion. Citrix, NetScaler, GoToMyPC, GoToMeeting, GoToAssist, Citrix Presentation Server, Citr ix Password Manager, Citrix Access Gateway, Citrix Access Essentials, Citrix Access Suite, Citrix SmoothRoaming and Citrix Subscription Advan tage and are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries. UNIX is a registered trademark of The Open Group in the U.S. and other countries. Microsoft, Windows and Windows Server are registered trademarks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks and registered trademarks are property of their respective owners.