Getting way OT here for the list, hence the subject change...... Actually, in a virtualized environment, you can / would set up multiple network cards on the physical machine. Each network card has the ability to be confined to a specific virtual network within the virtual world. The physical network card simply acts as a bridge between a physical network and virtual one configured within the virtual environment... The virtual networks cannot talk to each other unless they're configured to do so (like through a virtual ISA server with two virtual NICs installed).
This actually opens the possibility of creating a two layer firewall with DMZ segment (and DMZ machines / services) all within a single box. Three physical adapters... One for the Internet, one for the internal network and one for the Vmware management interface... The DMZ network, associated virtual machines and virtual network adapters is all...virtual. VMWare actually uses this configuration as an example in their ESX server config guide (p166 of the server config PDF). The question comes down to whether you trust the virtual network environment is secure. According to Vmware, they've designed the virtual network layer with security in mind... However, I personally don't know how, or how well, it's been tested.... I assume that MS's Virtual Server product has similar capabilities... Again, the security question comes down to whether you trust the layer that controls binding physical adapters to their virtual counterparts. So long as things are secure at that level, then the rest of the system wouldn't be any less secure than what physical boxes provide. That's the big 'if'................. Now back to your regularly scheduled Exchange discussions... :) Joe Pochedley Software suppliers are trying to make their software packages more user-friendly... Their best approach, so far, has been to take all the old brochures, and stamp the words, 'user-friendly' on the cover." - Bill Gates. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander Kooi Sent: Thursday, September 14, 2006 5:29 PM To: Exchange Discussions Subject: [Possible Junk Mail] RE: Licensing for OWA FE/BE servers Importance: Low Nice job of putting words in my mouth. I never said that it was by default a catastrophe, I said it sounds like one looking for a place to happen, and if you disagree that putting multiple apps in multiple VMs on the same hardware using the same NICs as your firewall is not at all opening a door to bigger and scarier security breaches, then by all means you are free to your opinion. I believe that you would be wrong in that position however. Please note that I am not saying that it CANNOT be done, or even that he SHOULD not do it, simply that I feel that most experts would not recommend it. And my apologies for the typo, it is in fact 5 total licenses as you point out. Just my opinion. Tim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Webb, Andy Sent: Thursday, September 14, 2006 3:18 PM To: Exchange Discussions Subject: RE: Licensing for OWA FE/BE servers Why is that by default a catastrophe? It all depends on the hardware, the number of users, etc. etc. etc. And it's not 6 licenses, it's 4 in addition to the physical, so 5 total. Correct about it requiring the Enterprise version. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander Kooi Sent: Thursday, September 14, 2006 1:44 PM To: Exchange Discussions Subject: RE: Licensing for OWA FE/BE servers I think we're getting a ways off topic from the OP here, but R2 does not allow for this. Enterprise Edition of R2 is what allows for 6 total Windows licenses on a box. And on a side note, while it may be physically possible, I really hope you aren't considering running ISA on a VM with other apps in other VMs on the same hardware outside of a lab. That sounds like a catastrophe looking for a place to happen. Tim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig A. Mills Sent: Thursday, September 14, 2006 1:12 PM To: Exchange Discussions Subject: RE: Licensing for OWA FE/BE servers I agree with the exchange license but understood that the w2k3 R2 license allowed 5 vituals on the same license so you could have exchange and ISA on the same box but different virtuals. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander Kooi Sent: Thursday, September 14, 2006 10:50 AM To: Exchange Discussions Subject: RE: Licensing for OWA FE/BE servers No. You need a separate license for Exchange for every running instance of Exchange, whether virtual or not. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig A. Mills Sent: Thursday, September 14, 2006 12:22 PM To: Exchange Discussions Subject: RE: Licensing for OWA FE/BE servers Is it true that if you use w2k3 R2 you can put all of these on one server as virtuals and one license? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jerry Abouelnasr Sent: Wednesday, September 13, 2006 1:17 PM To: Exchange Discussions Subject: Re: Licensing for OWA FE/BE servers Yes. I don't know if you will find Exchange on an ISA Server as a common configuration out there. Not saying it can't be done (I wonder if that's supported?), but it seems like it would add a great deal of complexity to run it on what is effectively a firewall. If you can't get a 3rd server for whatever reason, you would probably be better served just doing the secure publishing through ISA to your single back-end server. On 9/13/06, Hawkins, Geni P <[EMAIL PROTECTED]> wrote: > Best bet, in my opinion, is actually three servers: run ISA 2004 on > one, run OWA on a second as a front end server, and run the Exchange > mailbox stores on a third backend server. It seems like a lot of servers for a > smaller enterprise, but it's the most secure way to do it. I don't run > my FE on my ISA server, myself. ISA just authenticates and hands off > to the FE. > > > Thanks, > > Geni Hawkins > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Michael Henry > Sent: Wednesday, September 13, 2006 12:56 PM > To: Exchange Discussions > Subject: RE: Licensing for OWA FE/BE servers > > Yes > > I am still researching a smart and secure way to provide this service > to users. > > Regards, Michael > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Jerry Abouelnasr > Sent: Wednesday, September 13, 2006 1:20 PM > To: Exchange Discussions > Subject: Re: Licensing for OWA FE/BE servers > > Does this mean that you are installing Exchange onto your ISA server > and configuring it as a FE server? > > On 9/13/06, Michael Henry <[EMAIL PROTECTED]> wrote: > > Currently, we have a single enterprise license on the dedicated BE > > server. > > > > In setting up OWA, FE will be on the ISA 2004 server (separate > server). > > > > Do I need a separate license for the FE or is that included with BE > > server use? > > > > Thank you to all who answered the previous OWA question about > security. > > > > Regards, Michael > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > To subscribe: > > http://e-newsletters.internet.com/discussionlists.html/ > > To unsubscribe send a blank email to > [EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
