I think when you consider some of the other options on the market for
SSL termination and reverse proxy, you'll find that ISA 2006 is a
reasonable choice. If you are anything other than the very smallest of
shops, I wouldn't necessarily call it overkill to at least consider
deploying Standard Edition.  

Standard Edition is cheap relative to other products and integration is
extremely easy, especially if you already have a Microsoft investment
(server licenses, support). It gets a lot more expensive when you step
up to Enterprise high availability configurations, though.

Since you are a Cisco shop, there are some options for SSL termination
there too. Content Services Switch comes to mind, but that is not
cheap. 

Damon Cassell
MITRE


 

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Randy Hall
Sent: Thursday, January 04, 2007 4:41 PM
To: Focus-MS
Subject: How to deploy Microsoft OWA without using ISA?

We have been using OWA2000 for a few years now.  The front end server
sits in a DMZ and communicates to the backend server with a very
painfully developed access list.  In addition, you need two factor
authentication to even get to the login screen.

I recently attended a Microsoft presentation of the new architecture of
Outlook 2007.  The one thing that stuck out to me was that you can no
longer put the front end server in a DMZ.  It has to be on the internal
network.  The recommended way to publish OWA is ISA2006.

I don't currently have ISA2006 anywhere in my network and we are a very
heavy Cisco shop.  What options do I have for publishing OWA?
Purchasing ISA2006 for this one application seems a bit overkill.

Any help or guidance would be appreciated.  Google turns up lots of
hits for doing this with ISA but doesn't give any alternative.

Randy Hall - Sr. Security Engineer - CISSPĀ 
The Virginian Pilot - (757) 446-2754


Reply via email to