If you have a front-end-back-end arrangement, the front-end server is your OWA server, and would be the one you'd put in a DMZ. The problem is that a front-end server needs access to several services, such as Active Directory, to do its job. Because of the number of ports you must open between a front-end server and a global catalog server and back-end Exchange servers (all of them!), I don't think it makes a whole lot of sense to put a front-end server in a DMZ.
Ed Crowley MCSE+Internet MVP kcCC+I Tech Consultant hp Services Protecting the world from PSTs and Bricked Backups! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Anthony L. Sollars Sent: Tuesday, July 16, 2002 11:29 AM To: Exchange Discussions Subject: RE: OWA Setup on a different machine on XCH2000 SP2 I am designing this exact system, but my plan is to use a front end exchange server on the intranet and a back-end OWA web server on the internet segmented in a DMZ. If this box does get compromised I don't want it having free access to the rest of my intranet. Do I have to have Enterprise edition Exch2k to have my OWA on a separate server? -TOny -----Original Message----- From: Ed Crowley [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:59 AM To: Exchange Discussions Subject: RE: OWA Setup on a different machine on XCH2000 SP2 The advantage of deploying a front-end server is that your mailbox server isn't touched directly by an Internet user. That is, you can configure your firewall to allow HTTPS only to the OWA server. It's not a huge security benefit, in my opinion, but it might make you sleep better. I agree with leaving the front-end server in the intranet and allowing HTTPS (SSL) only from the Internet. Ed Crowley MCSE+Internet MVP kcCC+I Tech Consultant hp Services Protecting the world from PSTs and Bricked Backups! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeffrey Dubyn Sent: Tuesday, July 16, 2002 2:24 AM To: Exchange Discussions Subject: RE: OWA Setup on a different machine on XCH2000 SP2 Just curious - isn't the fact that OWA is being used at all mean that the box is exposed to the Internet, even if it's NAT'ed behind a firewall? The idea is to use this via the Internet, not an Intranet. Thanks! Jeff -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Crowley Sent: Monday, July 15, 2002 11:37 PM To: Exchange Discussions Subject: RE: OWA Setup on a different machine on XCH2000 SP2 I don't think there are any security benefits unless you're going to expose it to the Internet. Ed Crowley MCSE+Internet MVP kcCC+I Tech Consultant hp Services Protecting the world from PSTs and Bricked Backups! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeffrey Dubyn Sent: Monday, July 15, 2002 5:18 PM To: Exchange Discussions Cc: 'Michael A. Brown'; Stan Martin Subject: OWA Setup on a different machine on XCH2000 SP2 We are looking to configure OWA for use with our lone Exchange 2000 server (SP2). Are there any security benefits to configuring this on a different machine than the Exchange server? Also, do we need to have the Enterprise Edition of Exchange 2000 and configure it as a front-end server to do this? Thanks! _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
