http://www.msexchange.org -------------------------------------------------------Ravi, First thing.. You cannot put the CAS servers DMZ. That is an unsupported configuration. Microsoft already has a white paper published for securing client access servers here http://technet.microsoft.com/en-us/library/bb400932%28EXCHG.80%29.aspx and http://technet.microsoft.com/en-us/library/bb400932.aspx This should also help, http://www.msexchange.org/articles_tutorials/exchange-server-2007/security-m essage-hygiene/hardening-exchange-server-2007-part1.html If you want another layer of security for securing your CAS infrastructure on internet, then there are some third party options available in market. I do not recommend anything but I have seen RSA being used as 2FA for most of the companies. Regards, Milind -----Original Message----- From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Ravi Dogra Sent: 20 July 2011 0:28 To: exchangelist@xxxxxxxxxxxxx Subject: [ExchangeList] Exchange Secure OWA and Active Sync - DMZ Architecture http://www.msexchange.org -------------------------------------------------------Hello, I am looking to make OWA and Active Sync available in most secured way. here is my current network architectur:- CCR mailbox cluster HUB+CAS (installed on same node) We have single firewall and have two segregated networks (say 'production' and 'internet'). I intend to configure something like frontend server so that OWA and Active Sync services can be made available. I am not sure what solution will be best considering security aspect. Please suggest. -- RD ------------------------------------------------------- List Archives: //www.freelists.org/archives/exchangelist/ MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/ MSExchange Blogs: http://blogs.msexchange.org/ ------------------------------------------------------- Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------- To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------- List Archives: //www.freelists.org/archives/exchangelist/ MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/ MSExchange Blogs: http://blogs.msexchange.org/ ------------------------------------------------------- Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------- To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp Report abuse to listadmin@xxxxxxxxxxxxxx