We use a Network Appliance NetCache in the DMZ as a reverse proxy & SSL front end. Internet OWA users hit the NetCache with HTTPS, and the NetCache decrypts and forwards HTTP to a front-end server. Works great, but was a little pricey.
Also, because OWA likes to send out absolute URLs, there is a widget you have to install in IIS on the front-end server that makes it change the outputted URLS from "http:" to "https:". This has the side effect of making that front-end server unusable from inside traffic. Come to think of it, I guess you could add another OWA virtual site and not install the widget on it. Untested. If the NetCache is too pricey for you, and you've got someone with unix experience, you can do much the same thing with squid on linux or BSD. -----Original Message----- From: Erick Thompson [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 6:05 PM To: Exchange Discussions Subject: OWA front end server - licensing and security I'm setting up OWA in my organization, and I have two choices. I can set up Exchange on the web server (in the DMZ), and specify it as a front end server, or I can open port 80 to the primary Exchange server. From a security standpoint, I really like the first option, but I'm thinking that I need a second Exchange Enterprise license. Am I correct in this? Am I being too paranoid about opening port 80 through to the internal Exchange server? I've never liked the idea of raw traffic entering my LAN.... Thanks, Erick _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
