Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Internet / Remote Access

Posted on 2006-11-22
Medium Priority
Last Modified: 2010-03-06
Hi Everyone,

We have an Exchange server and is using most of the benefits (shared contacts, calendars, etc) ..
We want to open the Exchange server on the internet and want the best and most secure option available ..

I believe opening Exchange for "full Exchange features" will become too slow over the internet and could be more susceptible for virus and hacking attacks.

A thought is to open Exchange only for I-MAP from the internet, and only use the full functionality (contacts, calendars, etc) over the local-LAN.

I have the following questions, which should be able to help us determining the best solution:
1.  Is it possible to run "full-Exchange" features over the internet without sacrificing security and operation-speed?
2.  I read an article where Microsoft suggests a "front-end" and "back-end" Exchange server - for security ..
For which scenario will this be advised?
3.  Will Exchange be happy with I-MAP access (from the internet) and normal Exchange access from within the office?  Which ports should we open on the firewall for I-MAP to be operational?

Any help and advise will be highly appreciated.

Regards, Rupert

Question by:Rupert Eghardt
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
LVL 22

Accepted Solution

WMIF earned 336 total points
ID: 17999695
what version are you running?  i just recently got my 2003 exchange configured to run rpc over https and it is working beautifully.  the clients dont even notice a difference.  do you have the outlook web access enabled?

Author Comment

by:Rupert Eghardt
ID: 17999776
We are running version 2003
I haven't configured Outlook web access as yet, if I remember correctly, you need a front-end server to do this securely?

We configured terminal services in the meantime, but the problem users have, is that they have to be online all the time to work on e-mail messages.  They want to be able to compose and read-messages offline, and only go online to receive & send ...

And then the other problem with TS access is that they can't upload and download files, as they are bound to the remote session all the time.

Any idea how we can overcome these issues?
Regards, Rupert
LVL 104

Assisted Solution

Sembee earned 332 total points
ID: 17999803
IMAP doesn't really give you the full experience of Exchange. While it is better than POP3 access it is still pretty poor.

Microsoft always suggest a frontend/backend, but that is not required and isn't deployed for security. Microsoft usually suggest an ISA server to increase the security of the network. It is perfectly possible for a single server to be deployed in a secure manner without compromising your data.

You haven't said how many users you will be running over the internet connection, but with cached mode the load is very small. I have sites where I am running 30 or more users over a very slow connection. I can run cached mode over dial up, so if you have broadband you should be able to support many more users.

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

LVL 22

Expert Comment

ID: 18000024
yup, ive got 2003 in single server and havent had any problems.

Author Comment

by:Rupert Eghardt
ID: 18001514
Hi Simon,

I think the idea is now take shape.

I understand that I-MAP doesn't give the experience of the full Exchange invironment, but could work for just reading mail, viewing your mailbox on Exchange, etc?

Outlook Web-Access will give you the full functionality, and the users will hardly realize the difference.

The issue we still have is that users don't want to be connected all the time, while composing new message, etc.
I.o.w. they want to work off-line and online dial-in to Send / Receive.

What I gather from the information above, a user will have to be connected to the internet to use the Outlook Web-Access functionality?

I-MAP then seems the way to go, or is there another way to have Outlook synchronising with Exchange from the internet, without using a web-interface.

The user should be able to dial-up, connect, download messages, disconnect.  Do what ever they need to, for as many hours as they want ... then connect to send and retrieve mail.

The only thing I am not certain of, is how to configure Outlook to use the same mailbox, for "local Exchange connectivity" and "remote IMAP connectivity"  .. so that the user will have as little intervention as possible with the switch from "local" to "remote / internet" access.

Please advise

Regards, Rupert
LVL 10

Assisted Solution

budchawla earned 332 total points
ID: 18002925
Hi rupertvz,

the functionality you mention is available if users are connecting from their own laptops / desktops (via Outlook, as if they were on the LAN).

As WMIF mentioned, the feature is called RPC over HTTPS and allows Outlook to securely connect to Exchange and sync mailboxes, calendars, contacts etc even if the user isn't in the office. This will happen wherever they are, whenever they are connected to the internet, so they can compose messages offline etc.

This is a much better alternative to IMAP, since it provides complete functionality and is seamless. You can leave the laptops set to RPC/HTTPS even when they are in the office, so you don't need to reconfigure PCs.

This was WMIF's link to Sembee's page :-) What am I doing here? :-) 

You might want to look at the microsoft KB article "How to configure RPC over HTTP in Exchange Server 2003" at and "Configuring Outlook 2003 for RPC Over HTTP" at 

Good luck!
LVL 104

Expert Comment

ID: 18003952
Exchange has been built with remote working in mind.

OWA does require a connection all the time while you write the email, but Outlook configured to use RPC over HTTPS and cached mode does not. I have written emails on planes before, landed, connected my laptop to the internet and then sent the emails. I have a full copy of my mailbox on the laptop and can make changes to my calendar and contacts. Next time I connect to the internet, those changes are synchronised to my mailbox on the Exchange server.

I would suggest that you try setting up some of the features that have been outlined and experience it for yourself. Working remotely with Exchange and having the full feature set is not the problem that you might think.


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question