RE: rpc over http

  • From: Rick Boza <rickb@xxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 23 Aug 2005 08:34:48 -0400

It¹s also very easy to manage via a GPO for your corporate systems (i.e.,
laptops).  

It does present challenges for non-corporate managed systems, but why would
you want them hitting you via anything other than OWA anyhow?  If they are
non-managed (or unmanaged) then they should be classified as untrustworthy
WRT virus, spyware, malware, and/or other security concerns.


On 8/23/05 5:49 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote:

> http://www.MSExchange.org/
> However, managing the PKI yourself is much more secure, and isn't that why
> you're using SSL in the first place?
>  
> Tom
> www.isaserver.org
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> MVP -- ISA Firewalls
> 
>  
> 
>>  
>>  
>> 
>>  From: Simon Butler [mailto:simon@xxxxxxxxxxxx]
>> Sent: Tuesday, August 23, 2005 1:05 AM
>> To:  [ExchangeList]
>> Subject: [exchangelist] RE: rpc over  http
>> 
>>  
>> http://www.MSExchange.org/
>>  
>> Setting up RPC over HTTPS makes no difference to the  current users or the
>> way that your network currently operates. Until you  are ready to deploy the
>> feature the users will not see any  difference.
>>  
>>  
>>  
>> One server can act as the RPC over HTTPS server for both  internal and
>> external clients. However if you don't want to change the client
>> configuration each time they come in to the office, use a generic name for
>> the  certificate and name of the server (mail.domain.com or something like
>> that)  and then configure split DNS.
>> Split DNS will allow you to resolve  mail.domain.com to the internal IP
>> address on your network, while  mail.domain.com will resolve to the public IP
>> address outside.
>>  
>> That will make it totally transparent to the users. I  have deployed it in
>> the past where the first the users knew of it was when  they got email when
>> they started Outlook before connecting to the VPN.
>>  
>>  
>>  
>> The only other suggestion I strongly recommend is to use  a real purchased
>> certificate instead of a home grown certificate. While you  can do it with a
>> self issued certificate, it causes more work and headaches,  whereas a cheap
>> purchased certificate (rapidssl starterssl is perfect) gets  round a lot of
>> the problems. 
>>  
>>  
>>  
>> Simon.
>>  
>>  
>>  
>>  
>> 
>> --
>> Simon Butler
>> MCP, MCSA, MVP:Exchange
>> Senior  Systems Administrator
>> Amset IT Solutions Ltd.
>> 
>> e:  simon@xxxxxxxxxxxx
>> w: www.amset-it.com
>> w: www.amset.info
>>  
>>  
>> 
>>  
>>  
>> 
>>  From: Jeff Bushberg [mailto:jeff@xxxxxxxxx]
>> Sent: 23 August 2005 06:35
>> To:  [ExchangeList]
>> Subject: [exchangelist] rpc over  http
>> 
>>  
>> http://www.MSExchange.org/
>>  
>>  
>> 
>> I am planning on implementing rpc over http
>> I  have dc server and exchange server, will all users
>> be forced  to use rpc over http?
>>  
>> 
>> When I make registry changes on  the exchange server for RPC proxy
>> does that effect my current RPC  authentication or does that effect only
>> rpc over http  requests?
>>  
>> 
>> Can one  exchange server act as a internal server for lan clients
>> and simultaneously  act as a external rpc over http server
>  
> 
>  
>  
> 
> Thanks in advance,  Jeff
> ------------------------------------------------------
> List  Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange  Newsletters: http://www.msexchange.org/pages/newsletter.asp
> ------------------------------------------------------
> Visit  TechGenix.com for more information about our other  sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You  are currently subscribed to this MSEXchange.org Discussion List as:
> exchange-list3@xxxxxxxxxxxx
> To unsubscribe visit  http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to  listadmin@xxxxxxxxxxxxxx
> ------------------------------------------------------
> List Archives:  http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange  Newsletters: http://www.msexchange.org/pages/newsletter.asp
> ------------------------------------------------------
> Visit  TechGenix.com for more information about our other  sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You  are currently subscribed to this MSEXchange.org Discussion List as:
> tshinder@xxxxxxxxxxx
> To unsubscribe visit  http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to  listadmin@xxxxxxxxxxxxxx
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> rickb@xxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx


-- 
Rick Boza
Protechnica ­ Technology Solutions Simplified
email: rickb@xxxxxxxxxxxxxxx
407-656-9744
Visit us on the web at http://www.protechnica.net



Other related posts: