As I mentioned in my original e-mail, we have a relay server that already exists and serves the public side of e-mail. The FE server would be the internal gateway to the public mail server and OWA link to ISA.
With our topology the purpose of an FE server is not a performance concern. Originally it was a case of best practices for security, but now ISA is not on the DMZ we lose the main security benefit. I agree it is nice to isolate the key functionality from mail flow, which means that an internet Mail related issues will not impact the backend (viruses/Spam etc.). Of course a reboot to the backend may be necessary to fix the problem, but if money is not the concern then why not isolate this? Below I will answer my own question, and maybe it will make it easier for Ed, as he does like to blow the "speak to a consultant" or "PSS" horn rather than discuss an issue generally. I understand what the issues are, this is a case of a scenario that will work several ways, regardless of our bandwidth utilization, end user balance, mail flow quantities etc. 1. We may not be using ISA in the DMZ now, but we probably will once the Proxy replacement is moved from ISA. Therefore it is easier to have the infrastructure setup do that now, rather than have to re-invest the time later when it is no longer fresh in the mind. 2. It may not offer real security protection, but it is still better security having the OWA published on the ISA box than on an Exchange Server. 3. The internet mail flow functionality is now isolated from the backend server, therefore the chances of a backend reboot are lessened. Not to mention Spam/viruses are more likely to shut down the less critical FE server before it shuts down the backend. 4. Internal OWA requests are managed by the FE server, instead of hitting the BE to be re-directed if the account is not managed on that server. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Friday, March 04, 2005 7:33 AM To: Exchange Discussions Subject: RE: FE BE with ISA, do we need the FE? The real reason for an OWA FE is to "hide" the mailbox servers from the internet. If you don't have a FE server, you will have to allow access to all your mailbox servers from the internet and have the mailbox servers names in public DNS. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Boyd, Nathan Sent: Thursday, March 03, 2005 6:22 PM To: Exchange Discussions Subject: FE BE with ISA, do we need the FE? We are migrating a single site Exchange 5.5 to 2003 in co-existence, with an already established Native AD. Our original design was to have ISA installed in the DMZ, behind a firewall, secure publishing OWA and configured to a 2003 internal FE OWA server, that would also replace the old Exchange 5.5 Internet Message Connection. Since then we have had to use our ISA server internally to replace an old Proxy server. Therefore I would be interested if you guys think it is still worth configuring a FE server in this scenario. The benefits as I see them are: Future Scalability, we could move the ISA box back to the DMZ (if we purchase BlueCoat) Single Namespace, if we move ISA to DMZ and for ISA to publish from, The FE box can provide the Internet Mail Flow to our Mail Gateway, thus freeing performance for the Exchange DBs. Thanks, Nathan _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
