Re: New Exchange 2k3 Deployment
From: Neil Hobson [MVP] (neil.hobson_at_nospam.silversands.co.uk)
Date: 06/23/04
- Next message: zilinglius: "About Workflow Designer"
- Previous message: Neil Hobson [MVP]: "Re: exchange 2003 IM service?"
- In reply to: MartinHTN: "Re: New Exchange 2k3 Deployment"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 23 Jun 2004 08:55:43 +0100
IMO, any Exchange server (FE or BE) in a DMZ is nuts. There are so many
ports that need to be opened, the firewall becomes pointless.
I'd say there are two ways forward here:
1. Just have a back-end server and open up SMTP, OWA, etc, as you've all
already said. Preferably put in an SMTP gateway if possible. OWA straight
into an internal network is a no-no for some companies, but it only requires
a single port (should be HTTPS 443 preferably).
2. If you want to go the FE route the keep the FE on the internal network.
Put an ISA server in the DMZ and totally lock it down. Publish the FE
server with ISA, using SSL on both the ISA and FE servers. ISA can break
the SSL connection, inspect the contents, and then re-SSL the connection.
This also only requires single ports to be opened and is the recommended
method.
Of course, it's all down to your security attitude. And budget. :-)
-- Neil Hobson Exchange MVP For Exchange news, links and tips, check: http://www.msexchangeblog.com "MartinHTN" <m@ht.n> wrote in message news:OGKJeZFWEHA.4032@TK2MSFTNGP11.phx.gbl... > Michael: > > I'm not a networking guru, but from my understanding, putting the exchange > server inside your network would be safer than in the DMZ. But I think your > concern is about opening ports for smtp, owa, etc...into your internal > network. If that's your concern, then you do need a front-end/back-end setup > or some type of network appliance/firewall sitting in the DMZ that proxies > requests for your Exchange server. > > Regards, > Martin > > "Michael Mendoza" <MichaelMendoza@discussions.microsoft.com> wrote in > message news:81CABC77-4EAF-4266-9226-0978302E0A18@microsoft.com... > > I'm still a bit hesitant about placing exchange on the inside rather than > in the dmz.....is it a fairly common practice to put it on the internal > network? > > > > "MartinHTN" wrote: > > > > > Michael: > > > > > > That sounds totally legit to me. If you only have a small base of users, > > > like the <400 you mentioned, then I would also recommend that you look > to > > > outsource your Internet SMTP mail to a company like MessageLabs > > > (http://www.messagelabs.com/home/default.asp). It might be more cost > > > effective for a small company to do so, that way viruses and spam won't > > > consume too much of the sys admin's time. > > > > > > I'd also recommend that you not skimp on the server hardware. Make sure > it > > > has some type of RAID (1 or 5 is most common) and that your databases > and > > > log files are setup per MS recommendations for the best performance. You > > > don't want a crashed hard disk to destroy your entire Exchange database. > > > Also, don't get caught up in purchasing third-party backup tools. For a > > > small Exchange shop, using the built-in Windows backup tools should be > > > sufficient. > > > > > > Regards, > > > Martin > > > > > > "Michael Mendoza" <MichaelMendoza@discussions.microsoft.com> wrote in > > > message news:8901546E-71A7-4AE0-A6EF-8D9D4CCF4DCF@microsoft.com... > > > > I just got off the phone w/ MS sales and was gonna double-check their > > > recommendations w/ you all. > > > > > > > > I'll have a relatively small userbase of no more than 400 so based on > that > > > I was told I should use Exchange 2k3 Standard and I do not need a > > > Front-end/back-end setup. I was also told to place the server on the > inside > > > of my network, only opening smtp, https for owa, etc. > > > > > > > > Does this all sound reasonable? Thanks in advance for the help. > > > > > > > > > > >
- Next message: zilinglius: "About Workflow Designer"
- Previous message: Neil Hobson [MVP]: "Re: exchange 2003 IM service?"
- In reply to: MartinHTN: "Re: New Exchange 2k3 Deployment"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
