Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2007 Edge or Client Access Server in DMZ?

Posted on 2007-11-28
4
Medium Priority
?
1,119 Views
Last Modified: 2010-05-18
I have two servers for Exchange 2007 and a Cisco ASA 5500. I want to put one of these Exchange servers in the DMZ and the other in the inside network. I need to provide OWA and Outlook Anywhere to users on the Internet. The ASA will perform firewall and some content filtering prior to packets arriving into the DMZ.

I thought I had this figured out, but I"m now confused. Is it better to put the Edge server in the DMZ and have all the other roles on the server in the inside network, or do I scrap the Edge server role completely and put the Client Access Server in the DMZ and the other roles in the inside network?

Thanks in advance.
0
Comment
Question by:ovidbailey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 1000 total points
ID: 20371727
Put the edge server in the DMZ.  If you only have two servers, keep the Client Access Server in the internal network and publish the HTTPS port only.

The edge server role must be on a server by itself and is not normally an AD member.
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 1000 total points
ID: 20372527
CAS is not supported in a DMZ.
The only server that is supported in a DMZ is Edge because it is not a domain member.
You don't have to put something in the DMZ to provide remote access to the server. Simply open the one port required (443). Trying to put OWA in to the DMZ does nothing to improve the security of the network, it actually reduces it.

Simon.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20372633
Agree with Sembee entirely.
0
 

Author Closing Comment

by:ovidbailey
ID: 31411596
Thanks, guys! Back to Plan A with the Edge server in the DMZ.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question