Re: frontend/backend question
From: tck (anonymous_at_discussions.microsoft.com)
Date: 09/24/04
- Next message: Ben Winzenz [Exchange MVP]: "Re: frontend/backend question"
- Previous message: Ben Winzenz [Exchange MVP]: "Re: Exchagne 2000 - SMTP Outbound emails"
- In reply to: Tony: "Re: frontend/backend question"
- Next in thread: Ben Winzenz [Exchange MVP]: "Re: frontend/backend question"
- Reply: Ben Winzenz [Exchange MVP]: "Re: frontend/backend question"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 24 Sep 2004 14:09:39 -0700
I have this exact configuration....your outlook clients on
the inside will still continue to access the BE. You
already have the outlook client configured in the mail
profile to go to your back end. I have a frontEnd server
in its own dmz for my owa users and it also routes all
inbound and outbound mail so the only server that talks to
the back end is the front end. Don't be afraid to put
your front end in the dmz, just follow the security
procedures and lock it down.
>-----Original Message-----
>Outlook 2002 is only inside accessing the BE inside,
that was my concern i
>don't want clients trying to connect to the FE on the
dmz only to be proxied
>to the BE, (which they won't be able to). I have read
many scenarios on a
>FE/BE config and ISA is the recommended way: noted,
however we have decided
>against that purchase. We only want to setup OWA for our
users when outside.
> We want the http requests from outside the organization
to be auth'd at the
>FE in the DMZ. We have a choice of RPC or anonymous. I
refuse to use
>anonymous. I am not that excited about using RPC either
but we are unwilling
>to purchase the ISA server at this point in time.
>
>I am told that the second alternative to ISA is placing a
FE on the DMZ,
>allowing ssl traffic from outside clients to FE, allowing
DNS, LDAP and
>necessary RPC ports to the backend and DC from the FE.
This is what we are
>trying to accomplish. I am simply curious about
clicking 'this is a
>front-end server'. is this only going to proxy http or
are all my Outlook
>clients going to try and start connecting to the FE.
>Note: For the installation i placed the FE is 'Inside'
with the rest of our
>servers.
>
>Thank you for replying.
>Tony
>
>"Mark Arnold [MVP]" wrote:
>
>> On Fri, 24 Sep 2004 09:43:03 -0700, "Tony"
>> <Tony@discussions.microsoft.com> wrote:
>>
>> >Hello,
>> >I have just finished installing a second exchange
server on our domain. it
>> >is inside the firewall right now but it will
eventually go into the dmz. I
>> >only want to install a frontend so that we can have
our users authenticate
>> >there when they are outside and want to use OWA.
>> >Question:
>> >by checking 'this is a front end server' on the newly
installed exchange
>> >machine will this cause any problems with my inside
outlook clients accessing
>> >the existing (backend) server? I still want Outlook
2002 clients to remian
>> >connected to the inside (backend) server directly. I
don't want them proxied
>> >through the front.
>> >
>> >Thanks again
>> >Tony
>> >
>> You do not need a Front End server for your
environment. Never put an
>> FE into a DMZ, it renders the DMZ useless, certainly if
there are
>> other servers in that network.
>>
>> Far better would be to use ISA2004 and put that into
the DMZ (as a
>> workgroup / DC of its own forest)
>>
>> What protocol do you intend to use OLXP for anyway? You
can't use MAPI
>> from outside the firewall and the use of POP/IMAP has
no bearing, you
>> just point them at the ISA and then use a publishing
rule.
>>
>> Come hell or high water, do not put the FE into a DMZ.
>>
>>
>.
>
- Next message: Ben Winzenz [Exchange MVP]: "Re: frontend/backend question"
- Previous message: Ben Winzenz [Exchange MVP]: "Re: Exchagne 2000 - SMTP Outbound emails"
- In reply to: Tony: "Re: frontend/backend question"
- Next in thread: Ben Winzenz [Exchange MVP]: "Re: frontend/backend question"
- Reply: Ben Winzenz [Exchange MVP]: "Re: frontend/backend question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
