[isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Thu, 11 Jan 2007 09:06:48 +1100
ISA, Exchange 2007 and Perimeter NetworksI seriously hope that they have take
different paths and these are not limitations on the software or it is going to
mean a nice little redesign and break from custom..
Greg
----- Original Message -----
From: Jason Jones
To: isapros@xxxxxxxxxxxxx
Sent: Thursday, January 11, 2007 8:25 AM
Subject: [isapros] ISA, Exchange 2007 and Perimeter Networks
Hi All,
I heard today from an Exchange MVP colleague that members of the Exchange
team (Scott Schnoll) are saying that they (Microsoft) do not support placing
the new Exchange 2007 Client Access Server (like the old Exch2k3 FE role) role
into a perimeter network. Has anyone else heard the same? This sounds very
similar to Exchange admins of old when they didn't really understand modern
application firewalls like ISA could do - RPC filter anyone???
http://groups.google.co.uk/group/microsoft.public.exchange.design/browse_thread/thread/4ecab9cb8e50015e/4db165c21599cf9b?lnk=st&q=cas+dmz+isa&rnum=2&hl=en#4db165c21599cf9b
I have just about managed to convince Exchange colleagues (and customers) of
the value of placing Exchange FE servers in a separate security zone from BE
servers, DC's etc and now I here this.
Are the Exchange team confusing the old traditional DMZ's with what ISA can
achieve with perimeter networks?
From what I believe, it is good perimeter security practice to place servers
which are Internet accessible into different security zones than servers that
are purely internal. Therefore, the idea of placing Exchange 2003 FE servers in
an ISA auth access perimeter network with Exchange 2003 BE servers on the
internal network has always seemed like a good approach. It also follows a good
least privilege model.
Is this another example of the Exchange and ISA teams following different
paths????
Please tell me that I am wrong and that I am not going to have to start
putting all Exchange roles, irrespective of security risk, on the same network
again!!!!
Comments?
Cheers
JJ
Other related posts:
- » [isapros] ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
- » [isapros] Re: ISA, Exchange 2007 and Perimeter Networks
