• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Deployment (OWA DMZ)

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Installation >> Deployment (OWA DMZ) Page: [1]
Login
Message << Older Topic   Newer Topic >>
Deployment (OWA DMZ) - 11.Dec.2006 4:42:28 PM   
Cameron.Frasnelly

 

Posts: 3
Joined: 11.Dec.2006
Status: offline
Scenario:

Deploy Client Access role on a server in the DMZ for OWA access from the outside. (I'm not sure if this role has to be part of the domain????)

Deploy a server with Client Access, Hub Transport and Mailbox roles for Outlook and OWA access inside.

Email will pass directly from 3rd party Relay to Hub Transport internally.

Any thoughts on this configuration? 
Post #: 1
RE: Deployment (OWA DMZ) - 12.Dec.2006 6:17:11 AM   
Henrik Walther

 

Posts: 6928
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
Hi Cameron,

All Exchange 2007 Server roles except the Edge Transport role should be part of the Active Directory domain, and it's therefore recommended you place all roles (including CAS and Hub Transport) on the internal network. Only ISA Servers and the Edge Transport server should be deployed in the DMZ.


_____________________________

HTH
Henrik Walther
Lead Moderator/author
MSExchange.org

Follow me on Twitter!

(in reply to Cameron.Frasnelly)
Post #: 2
RE: Deployment (OWA DMZ) - 12.Dec.2006 9:22:55 AM   
mimitche

 

Posts: 4
Joined: 14.Jul.2005
From: US
Status: offline
Cameron-

I'd strongly recommend against putting the CAS server in the DMZ.  Two issues-
  • The number of ports you'd have to open up  between the domain member CAS server in the DMZ and Exchange servers/DCs/DNS Servers in the Corp network is excessive and would be a security risk.
  • Each mailbox server needs a CAS server in its own AD site, so if you did this you'd have to add the DMZ subnet to one of your internal AD sites.
The best solution is to put an ISA server in the DMZ for handling OWA/Outlook Anywhere/Activesync traffic; the only port you'd need to open with this is 443 from the ISA server to your internal CAS server.

Regards,
Mike

(in reply to Cameron.Frasnelly)
Post #: 3
RE: Deployment (OWA DMZ) - 12.Dec.2006 11:08:41 AM   
Cameron.Frasnelly

 

Posts: 3
Joined: 11.Dec.2006
Status: offline
Thank you both for your thoughts!

(in reply to mimitche)
Post #: 4
RE: Deployment (OWA DMZ) - 25.Dec.2006 10:27:55 AM   
sifu128

 

Posts: 23
Joined: 4.Oct.2005
From: NC
Status: offline
Just to let you know that we not longer recommend or support the Client Access Server role in the DMZ. You must put it inside and configure your firewall ports accordingly.

Dave

(in reply to Cameron.Frasnelly)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Installation >> Deployment (OWA DMZ) Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter