Re: Active Directory, Exchange 2000 and ISA on the same server.
- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 20 May 2002 12:02:05 -0500
Hey guys,
It is possible and just about everything works (still some questions
about the IMer). Obviously, it's a poor security practice, but it can be
done, as I've done it :-)
HTH,
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Mark T. Barringer [mailto:Mark@xxxxxxxxxxxxx]
Sent: Monday, May 20, 2002 9:48 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Active Directory, Exchange 2000 and ISA on the
same server.
http://www.ISAserver.org
The best reason is to show that a firewall cannot be secure if the
firewall server itself contains sensitive data. Basically, the firewall
server should be a member server without any other responsibility beyond
ISA. If it has other duties, additional configuration is required to
ensure ISA is truly "protecting" data on the firewall server itself, as
well as data behind it. These additional configurations may impair your
ability to configure ISA as you desire for other servers.
The biggest "real" reason I can give you is that certain Exchange 2000
functions will require port 80 and the default website to be functional.
Part of what you must do to get all of this to run on the same server
would be to change the port used by the default (or any) website, so
that ISA may listen on the default port 80. While Exchange's Outlook
Web Access may be altered to use another port, Exchange's 2000 Instant
Messaging cannot. Also, the Public Folder interface used in the
Exchange System manager will require a port 80 connection to the \PUBLIC
virtual directory to function correctly.
You are far better off and have much more room to create if you use a
web server located behind ISA, not on it. You are also greatly reducing
the likelihood of a web based attack if there is no web server on the
ISA server. Hope this helps.
-Mark
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Monday, May 20, 2002 10:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Active Directory, Exchange 2000 and ISA on the
same server.
http://www.ISAserver.org
Unfortunately, you won't find such a thing.
SBS2K is exactly that and more.
Granted, it's not a "best practice", but neither is it non-functional.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Leonard Rawbone" <leonard.rawbone@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, May 20, 2002 2:02 AM
Subject: [isalist] Active Directory, Exchange 2000 and ISA on the same
server.
http://www.ISAserver.org
Hi, one of my clients has decided to load to above three services on one
server and I need some whitepaper etc just to show him why it cant be
done apart from the obvious reasons.
Thanx
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Mark@xxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
