RE: FE Server / OWA Hardware question
- From: "EIS Lists" <eis_lists@xxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Fri, 18 Nov 2005 16:18:36 -0800
Thanks for the tips. Ok. So no reason to put an FE in the DMZ. What about
the IIS box? Can you place the IIS box in the DMZ? Can you run OWA on a
non-domain IIS machine? Does do anything to enhance security?
Also, re your suggestion of an ISA box: would some other sort of proxy
machine work just as well?
-- nme
_____
From: Simon Butler [mailto:simon@xxxxxxxxxxxx]
Sent: Friday, November 18, 2005 3:49 PM
To: [ExchangeList]
Subject: [exchangelist] RE: FE Server / OWA Hardware question
http://www.MSExchange.org/
What do you think putting a front-end server does for you? Increase your
security? With the large number of ports that you have to open in the
firewall, plus other changes to the configuration of the Exchange org, the
security "gains" are lost. Your machine in the DMZ gets compromised and the
attacker has a clear run in to your network.
A dmz is no place for a member of the production domain.
Every machine in the DMZ you should be prepared to loose at a moments notice
and replace with another.
The most common reason for wanting to put a server in the DMZ is to avoid
exposing the Exchange server directly to the Internet.
If that is the case you would be better of spending the cash on something
like an ISA server installed on a machine that is part of a workgroup. That
will publish what you need to the internet and limit your exposure.
For many of my smaller clients I am content to just open port 25 (smtp) and
443 (https) to the internet. It is far easier to monitor those two ports
than the large number of ports that you need to open for a domain member to
function properly.
Simon.
--
Simon Butler
MCP, MCSA, MVP:Exchange
Amset IT Solutions Ltd.
e: simon@xxxxxxxxxxxx
w: www.amset-it.com
w: www.amset.info
_____
From: EIS Lists [mailto:eis_lists@xxxxxxxxxxxxx]
Sent: 18 November 2005 22:53
To: [ExchangeList]
Subject: [exchangelist] FE Server / OWA Hardware question
http://www.MSExchange.org/
Hi –
I am constructing a small E2k3 environment (roughly 150 users total).
However, I would like to place a FE server in the DMZ and leave the BE
server inside the local network. I also want to setup an OWA host (that is,
an IIS server).
Is it possible to put these on the same box? What are the potential problems
with that?
What type of hardware should I be looking at for that? (E.g, Dell PowerEdge
850 3.0GHz with 80GB SATAs in RAID1 and 2GB RAM)
Am I increasing the risk to the box if I also host other IIS sites on it?
Should I give those services different public addresses?
Thanks.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
exchange-list3@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.4/175 - Release Date: 11/18/2005
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
eis_lists@xxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.4/175 - Release Date: 11/18/2005
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.4/175 - Release Date: 11/18/2005
Other related posts:
