Thanks for the tips. Ok. So no reason to put an FE in the DMZ. What about the IIS box? Can you place the IIS box in the DMZ? Can you run OWA on a non-domain IIS machine? Does do anything to enhance security? Also, re your suggestion of an ISA box: would some other sort of proxy machine work just as well? -- nme _____ From: Simon Butler [mailto:simon@xxxxxxxxxxxx] Sent: Friday, November 18, 2005 3:49 PM To: [ExchangeList] Subject: [exchangelist] RE: FE Server / OWA Hardware question http://www.MSExchange.org/ What do you think putting a front-end server does for you? Increase your security? With the large number of ports that you have to open in the firewall, plus other changes to the configuration of the Exchange org, the security "gains" are lost. Your machine in the DMZ gets compromised and the attacker has a clear run in to your network. A dmz is no place for a member of the production domain. Every machine in the DMZ you should be prepared to loose at a moments notice and replace with another. The most common reason for wanting to put a server in the DMZ is to avoid exposing the Exchange server directly to the Internet. If that is the case you would be better of spending the cash on something like an ISA server installed on a machine that is part of a workgroup. That will publish what you need to the internet and limit your exposure. For many of my smaller clients I am content to just open port 25 (smtp) and 443 (https) to the internet. It is far easier to monitor those two ports than the large number of ports that you need to open for a domain member to function properly. Simon. -- Simon Butler MCP, MCSA, MVP:Exchange Amset IT Solutions Ltd. e: simon@xxxxxxxxxxxx w: www.amset-it.com w: www.amset.info _____ From: EIS Lists [mailto:eis_lists@xxxxxxxxxxxxx] Sent: 18 November 2005 22:53 To: [ExchangeList] Subject: [exchangelist] FE Server / OWA Hardware question http://www.MSExchange.org/ Hi – I am constructing a small E2k3 environment (roughly 150 users total). However, I would like to place a FE server in the DMZ and leave the BE server inside the local network. I also want to setup an OWA host (that is, an IIS server). Is it possible to put these on the same box? What are the potential problems with that? What type of hardware should I be looking at for that? (E.g, Dell PowerEdge 850 3.0GHz with 80GB SATAs in RAID1 and 2GB RAM) Am I increasing the risk to the box if I also host other IIS sites on it? Should I give those services different public addresses? Thanks. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: exchange-list3@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.4/175 - Release Date: 11/18/2005 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: eis_lists@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.4/175 - Release Date: 11/18/2005 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.4/175 - Release Date: 11/18/2005