I spoke with Melissa Travers, the MVP Lead for both ISA and Exchange, and she said the Exchange group¹s MVP site was really, really good, and that the Exchange group themselves is quite active. Being they are the Exchange group, I can see why they would have a decent portal. ;) I suggested that if there were a single sourced, Microsoft controlled MVP site where we could ³browse through² other MVP list content, that issues like this (the perceptions surrounding what Exchange will and won¹t support and why) would be much easier to manage, and that ³the right people² from both sides could engage each other in a positive way when two technologies collide like this. To me, this is a major shortcoming in the MVP program overall. Given the fact that the MVP program was created in order to provide a collaborative environment for various technologies, it seems like a horrible waste of a perfect opportunity to expand that environment out to the MVP¹s and product teams in other product competencies. The fate of the ISA-MVP list is testament to that. So, in the absence of a coordinated effort on Microsoft¹s part to wrap it¹s collective arms around the MVP¹s and product teams, I¹ll see if I can get on the Exchange MVP list and begin a dialog of exactly what is going on here. But I¹ll need to get immersed in Ex2007 first, which I¹ve just not had the time to do. The promise of true unified messaging in 2007 was a major draw to me, but given the apparent narrow PBX support and lack of official functionality documentation, the rush to explore has lost it¹s luster. t On 2/26/07 6:02 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all: > Documentation always follows the product, which is barely on the streets. > I¹ve seen some regarding WM6, but the basic concepts are the same. > ..coming soon to a website near you? > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On > Behalf Of Jason Jones > Sent: Monday, February 26, 2007 3:31 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > Hi All, > > Anyone (Tim?) had chance to look at the least privilige approach with Exchange > 2007 yet? > > From what I am hearing the "CAS not supported in perimeter" statement is based > more on "we haven't tested it yet" more than "we don't think it is a good > idea". > > I have a few customers looking at placing the entire Exchange architecture > behind ISA (very untrusted LANs) - I have done this with Exch2k3, but has > anyone looked at this for Exch2k7? > > I am guessing this is not supported either, but documentation is very thin on > the ground with reference to 2k7 and periemeter networking.... > > Cheers > > JJ > > > > > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On > Behalf Of Thor (Hammer of God) > Sent: 15 January 2007 15:27 > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > Right you are... The analogy fits when you use ³comparative logic² as opposed > to just thinking of the zone in singularity... Compared to the areas on either > side of the DMZ, it should be easy to discern any activity at all in the DMZ > itself- particularly hostile activities. There are strict policies about what > can go on in the Korean DMZ, as there should be in one¹s network DMZ. > Internet traffic is chaotic, and I don¹t even bother trying to determine what > is going on out on my Internet segment- I can¹t control it anyway (other than > my policy of implementing router ACL¹s to match inbound/outbound traffic > policies at my border router). Internal traffic isn¹t chaotic, but it is > hard to monitor for ³hostile² packets given the sheer volume and type of > traffic being generated by internal users, servers, services, etc to any > number of different hosts and clients. But in the DMZ, you should be able to > immediately notice when something out of the ordinary is going on. For > instance, if I see POP3 logon traffic, I know something is FUBAR, as I don¹t > support POP3 in my DMZ at all. If I see modal enumeration by way of a null > session, I know something is going on. And etc, etc. > > So, to me, it fits, and that is the term I choose to use. I won¹t be changing > ;) > > t > > > On 1/15/07 6:40 AM, "Gerald G. Young" <g.young@xxxxxxxx> spoketh to all: > The DMZ in Korea itself isn¹t crawling with military. Either side of it is, > ensuring that the definition of a demilitarized zone is observed and > maintained. Before the advent of DMZs in networking, a DMZ meant an area from > which military forces, operations, and installations were prohibited. > Essentially, it¹s a wide empty area that constitutes a border with forces on > either side pointing guns into it. > > I¹ve always thought the adaptation of the acronym to the world of networking a > bit strange. ³Oh! We got activity in our networked DMZ! Kill it!² J > > > Cordially yours, > Jerry G. Young II > Product Engineer - Senior > Platform Engineering, Enterprise Hosting > NTT America, an NTT Communications Company > > 22451 Shaw Rd. > Sterling, VA 20166 > > Office: 571-434-1319 > Fax: 703-333-6749 > Email: g.young@xxxxxxxx > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On > Behalf Of Amy Babinchak > Sent: Sunday, January 14, 2007 7:08 PM > To: isapros@xxxxxxxxxxxxx > Subject: RE: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > > That's what it means to me too. Can't see the Korean no mans' land as > qualifying as a DMZ when it's crawling with military. > > > > In this conversation we have to take into consideration that CAS also includes > the capability to provide access to folders and files right in OWA. This may > be the thing that the Exchange team thinks throws a monkey wrench into the > secure deployment of CAS in a a DMZ. > > > > > > From: isapros-bounce@xxxxxxxxxxxxx on behalf of Jason Jones > Sent: Sat 1/13/2007 6:46 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > For me, DMZ means scary place completely untrusted, perimeter network means > less scary place trusted to a degree, but strongly controlled > > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On > Behalf Of Thor (Hammer of God) > Sent: 12 January 2007 23:51 > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > Interesting... Probably a good idea for us to actually articulate what we > really mean when we say DMZ. > > I guess to some it means ³free for all network² but for me, it should be the > network where you have the most restrictive policies controlling each service > so that it is obvious when malicious traffic hits the wire. Thoughts> > t > > > On 1/12/07 3:30 PM, "Steve Moffat" <steve@xxxxxxxxxx> spoketh to all: > That¹s what I thought, now it¹s what I know?. > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On > Behalf Of Jim Harrison > Sent: Friday, January 12, 2007 6:35 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > Aside from normal router & switch ACLs, ISA is the single line of defense. > ³..we don¹t need no stinking DMZs² > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On > Behalf Of Steve Moffat > Sent: Friday, January 12, 2007 12:12 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > Ahh?just had a thought. > > It¹s all labeling. > > Jason, and others (not Jason¹s fault), have been using the term DMZ. > > Historically, is the term DMZ not taken literally as being completely > firewalled off from the trusted networks, and what Jason is talking about is > trusted network segmentation. > > I betcha that¹s why the Exchange team don¹t support it?they think it¹s a > typical run of the mill DMZ? > > Jim, isn¹t MS¹s Internal network segmented by usin ISA?? Including your mail > servers? > > S > > All mail to and from this domain is GFI-scanned. > > > > > > > > All mail to and from this domain is GFI-scanned. >