Exchange 2007 without ISA for OWA & Outlook Anywhere?

mike2401
mike2401 used Ask the Experts™
on
We are building an Exchange 2007 from scratch for our 500 users.

We need to provide remote access through OWA and Outlook Anywhere for 100 remote laptop users.

ISA server can be used to permit these remote connections.  We currently have experience with ISA.
 
Can this be done equally as well without an ISA server?
 
At first glance, it occurred to me that not having an ISA server would save us cost and complexity.

If we decide to skip the ISA server for these functions, what am I sacrificing?  Pros / Cons?

Any and all comments very much appreciated.

Thanks,
Mike
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Expert of the Year 2007
Expert of the Year 2006
Commented:
Perfectly possible to run E2007 without ISA.
You lose some of the control over access to the features - for example you cannot enable a feature for a user internally and block them from external access.

Simon.

Commented:
You certainly do not need ISA and I don't know where you might have got the impression that you did.
Open 443 to the CAS and enable Outlook Anywhere on it.

Pros? You save on ISA and make it a little less compex.
Cons? You (arguably) make it a little less secure but given that you're accessing over HTTPS already with form based auth for OWA and are asking questions makes me happier that you're aware of the problems and making an effort.

That's not the norm around here!
Keith AlabasterEnterprise Architect
Top Expert 2008

Commented:
On the converse side, you lose one of the best proxy servers on the market today which ISA undoubtedly is. No getting away though from the fact that ISA is not cheap - its licenced by processor on the host where it is installed. You should note also that if you were to run ssl to ISA and the ssl from isa to the OWA service, you would also need two SSL certificates No ISA - only one cert needed.

I assume you were not anticpating using ISA as a firewall but just as a forward/reverse proxy server?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
Yeah, ISA is a waste of cash if it's a single use item (and I subscribe to the Alton Brown attitude to uni-taskers)
But wrapped up as part of your overall infrastructure it's a damn cost-effective solution and something worth considering.

But that's an infrastructure design question rather than a specific Exchange question.
You wouldn't believe the flames I get when I suggest that someone looks at their business processes rather than do some damn fool thing with their Exchange.
Keith AlabasterEnterprise Architect
Top Expert 2008

Commented:
'off-post this question has been linked in the ISA topic area also'

Expert of the Year 2007
Expert of the Year 2006

Commented:
The main reason I have had to deploy an ISA is with my financial services clients where the network security team (who are often larger than IT support) have a hard policy that they will not budge on that nothing inside the firewall is directly exposed to the internet. The ISA can be placed in the DMZ which keeps them quiet. Put an Edge Server in there as well and they are quite happy.
What I haven't tried yet is an ISA and Edge on the same box...

Simon.

Author

Commented:
Thanks all.  

Based on czcdct's comment about it being a 'waste of cash as a single use item', and Sembee's comment about losing features, I'm now entertaining using the ISA server(s) we have for web proxying for OWA and Outlook anywhere as well.  I think I'm going to close this call and open a fresh one asking opinions for this approach.

Thanks again.
Mike
Keith AlabasterEnterprise Architect
Top Expert 2008

Commented:
?

Author

Commented:
Keith, did the question mark mean: "where are my points?"   I'm kinda new to Expert's Exchange, so I might not be aware of customary practice.

I asked a somewhat general opinion oriented question and split the points between the two people who I thought made the best point..

Is it generally better to split the points between everyone who made a contribution?

Sorry if I offended; I did appreciate your contribution.
Mike

Commented:
No, no.
I just think Keith has a blonde moment.
Keith AlabasterEnterprise Architect
Top Expert 2008

Commented:
lol. no I didn't expect any points (nor am I blonde).

I had typed something, changed my mind and backspaced over it all. God knows why I hit the submit button though. Going through the male menopause I think :)

Author

Commented:
I'm glad.

I continue to be impressed with the kindness and expertise of those willing to lend a hand and help others.

Regards,
Mike
Keith AlabasterEnterprise Architect
Top Expert 2008

Commented:
I expect I speak for us all when I say you're welcome. ISA server is my game really rather than Exchange but quite often ISA comes up as a side-product in a question (like here) so maybe I'll see you there at some time in the future.

Keith

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial