Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1123
  • Last Modified:

Exchange 2007 Edge or Client Access Server in DMZ?

I have two servers for Exchange 2007 and a Cisco ASA 5500. I want to put one of these Exchange servers in the DMZ and the other in the inside network. I need to provide OWA and Outlook Anywhere to users on the Internet. The ASA will perform firewall and some content filtering prior to packets arriving into the DMZ.

I thought I had this figured out, but I"m now confused. Is it better to put the Edge server in the DMZ and have all the other roles on the server in the inside network, or do I scrap the Edge server role completely and put the Client Access Server in the DMZ and the other roles in the inside network?

Thanks in advance.
0
ovidbailey
Asked:
ovidbailey
  • 2
2 Solutions
 
SteveH_UKCommented:
Put the edge server in the DMZ.  If you only have two servers, keep the Client Access Server in the internal network and publish the HTTPS port only.

The edge server role must be on a server by itself and is not normally an AD member.
0
 
SembeeCommented:
CAS is not supported in a DMZ.
The only server that is supported in a DMZ is Edge because it is not a domain member.
You don't have to put something in the DMZ to provide remote access to the server. Simply open the one port required (443). Trying to put OWA in to the DMZ does nothing to improve the security of the network, it actually reduces it.

Simon.
0
 
SteveH_UKCommented:
Agree with Sembee entirely.
0
 
ovidbaileyAuthor Commented:
Thanks, guys! Back to Plan A with the Edge server in the DMZ.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now