Re: Advantage of RPC over HTTP

From: Al Mulnick (amulnick_No_SPAM_at_ncDOTrr.com)
Date: 10/11/04 

Date: Mon, 11 Oct 2004 14:41:57 -0400

No, no performance gain.
Security? No, not really other than you get SSL if configured by default
using recommended practices.

The reason it exists is to solve a particular problem. How do you get
Outlook functionality through a corporate network to an ASP hosted Exchange
server? How about that same client from a hotel room?
MS RPC is somewhat proprietary and more importantly you cannot guarantee
that all networks in your path will allow that type of traffic. Sure, you
could just lock your servers to particular ports. But then how does that
play with an AD-Aware client? Not so well, since you now also have to allow
traffic from the unprotected network to your protected ASP network to all of
your DC/GC/DNS servers (maybe not DNS in many cases, but not all). What if
you wanted to offer your corporate users the ability to remotely access
their mailbox while in a hotel room, or at home without the added overhead
and expense of a VPN?

RPC/HTTP(S) really is a way of simplifying the communications by
standardizing on a well known protocol (HTTP/S) and reducing the amount of
allow rules you need to configure. Coupled with ISA, you can really
simplify it further. And now, most recently, you can even use the FQDN of
the Exchange host to specify your mail server :)

Added security? No, not really. It helps though, since you can simplify
what you're working with. Simplicity makes it easier to secure IMHO. And
since it's RPC traffic encapsulated in HTTP(S), then it's not really faster
and if anything, could be a little slower while the packets are encapsulated
and decomposed at sending/receiving.

Some great information can be found at
http://www.microsoft.com/exchange/libarary and you may find some useful
information located on msdn as well.

Al

"Chris Cairns" <ccairns@hampton-hampton.com> wrote in message
news:%23$XMWz7rEHA.3276@TK2MSFTNGP10.phx.gbl...
>I was just curious are there any perfomance advantages of RPC over HTTP?
>Security? I noticed that once configured outlook tends to attempt an RPC
>over HTTP connection first no matter where the client is located.
>
>
>
>
>

Relevant Pages

  • [Full-disclosure] [MU-200704-01] Pre-Authentication Vulnerability in Mac OS X RPC ru
    ... Mac OS X Server v10.3.9, ... Mac OS X Server v10.4.9 ... It must be running in order to make RPC calls. ... All users of RPC on OS X are recommended to immediately apply the security ...
    (Full-Disclosure)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... Sorry giving you good advice and improving the security your network offended you. ... this to my server it works fine, anytime a port is open it leaves a security ... > connect via RPC over HTTP with no luck. ... I have tried this on several> machines ...
    (microsoft.public.windows.server.sbs)
  • Re: ADAM - dsacls
    ... wrt security principals... ... resolving OK for DSACLS dumps then I would guess that the RPC ... error is coming when you try to do the permissions change as DSACLS ... Is your server a member server in a domain? ...
    (microsoft.public.windows.server.active_directory)
  • Re: HTTPS/RPC statement...What do you think?
    ... Could you elaborate on your security concerns with RPC over HTTP. ... > machine running RPC on your network (Which in a windows network is how ... NSPI and NSPI Proxy services on your Exchange Server ...
    (microsoft.public.exchange2000.protocols)
  • security-basics Digest of: get.123_145
    ... VPN to ASP a security risk? ... Re: Multiple IPSec tunnels? ... Subject: Security NT Server ... VPN to ASP a security risk? ...
    (Security-Basics)