Ok. I understand this and have fought it but the NCUA auditors have stated that my BE or really only Exchange server is Internet facing and can be accessed via the Internet.
I see the request coming into my Firewall my Firewall redirects smtp traffic to my Ironport my Ironport redirects to the Exchange server and life is good. My users are using Smart(dumb) phones and are accessing via ActiveSync which is just a ???glorified OWA access and that is hitting the Firewall and being redirected directly to the Exchange IIS server and responses are sent back. It is this part or a direct OWA request that I need to shore up, correct??? So if I am understanding my traffic correctly this is the traffic that needs to go into the DMZ and be redirects to the Exchange Server. But what would this device be??? That is my confusion. That is what I need to get clear in my head so I can explain it. Once I get the NCUA audit responded to I can move forward with going to 2010 Exchange?? Any takers to teaching a dumb dog new tricks? From: Patrick Salmon [mailto:[email protected]] Posted At: Friday, March 30, 2012 8:28 AM Posted To: [email protected] Conversation: Adding an Exchange 2003 Front End server? Subject: Re: Adding an Exchange 2003 Front End server? FWIW, and not so much to add salt to the wound but hopefully to add incentive to upgrading: if you're subject to regulations such as HIPAA then FE/BE ootb is a very bad thing. Chances are high you'll not only fail an audit which is looking for PII exposure, but the fines that go along with will make the upgrade costs trivial. FE/BE transfer is, by default, TCP80, ie totally in the clear. Unless you go to the trouble of setting it up over an IPSec connection, which is the way I'd always do it, you're creating an avoidable risk. Even if you're not subject to regulatory issues it's still bad practice to have anything in the clear. MS looooooooong since fixed this one. Better to upgrade and be done with it. Oh, and Bob: yes. I heard there was bacon out here ;-) On Thu, Mar 29, 2012 at 6:04 PM, Andrew S. Baker <[email protected]> wrote: The remainder of posts will be people strongly agreeing with what Ken has stated, unless you concede now that this is a bad idea. Once that hurdle is cleared, and you've moved in the direction of a different approach, there may be one or more observations about moving to Exchange 2010 or something that is vendor supported. But, we all understand budget woes, so that might be a less lengthy/fierce battle. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Thu, Mar 29, 2012 at 3:15 PM, [email protected] <[email protected]> wrote: I currently only have one Exchange 2003 standard server in my environment. I would like to add an Exchange 2003 standard front endserver in a DMZ I am creating. What do I need to do? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
