RE: FE Server / OWA Hardware question

  • From: "Simon Butler" <simon@xxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 18 Nov 2005 23:49:13 -0000

What do you think putting a front-end server does for you? Increase your
security? With the large number of ports that you have to open in the
firewall, plus other changes to the configuration of the Exchange org,
the security "gains" are lost. Your machine in the DMZ gets compromised
and the attacker has a clear run in to your network. 
A dmz is no place for a member of the production domain.
Every machine in the DMZ you should be prepared to loose at a moments
notice and replace with another. 
The most common reason for wanting to put a server in the DMZ is to
avoid exposing the Exchange server directly to the Internet. 
If that is the case you would be better of spending the cash on
something like an ISA server installed on a machine that is part of a
workgroup. That will publish what you need to the internet and limit
your exposure. 
For many of my smaller clients I am content to just open port 25 (smtp)
and 443 (https) to the internet. It is far easier to monitor those two
ports than the large number of ports that you need to open for a domain
member to function properly.
Simon Butler
MCP, MCSA, MVP:Exchange
Amset IT Solutions Ltd.

e: simon@xxxxxxxxxxxx


From: EIS Lists [mailto:eis_lists@xxxxxxxxxxxxx] 
Sent: 18 November 2005 22:53
To: [ExchangeList]
Subject: [exchangelist] FE Server / OWA Hardware question

Hi -


I am constructing a small E2k3 environment (roughly 150 users total).
However, I would like to place a FE server in the DMZ and leave the BE
server inside the local network. I also want to setup an OWA host (that
is, an IIS server). 


Is it possible to put these on the same box? What are the potential
problems with that?

What type of hardware should I be looking at for that? (E.g, Dell
PowerEdge 850 3.0GHz with 80GB SATAs in RAID1 and 2GB RAM)

Am I increasing the risk to the box if I also host other IIS sites on

Should I give those services different public addresses?



List Archives:
Exchange Newsletters: 
Visit for more information about our other sites:
You are currently subscribed to this Discussion List as:
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx 

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.4/175 - Release Date:

Other related posts: