Link to home
Start Free TrialLog in
Avatar of Gavin Tech
Gavin TechFlag for United Kingdom of Great Britain and Northern Ireland

asked on

OWA 2007 - What makes my setup secure?

I have been researching the best way to implement OWA on a Exchange 2007 server.
I have decided to put a Mail Transport server in my dmz, and then the CAS and Exchange 2007 on another server in my lan.

What makes this setup secure/safe from attack?
I need to let my boss know what makes me think this setup is safe.
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image
Hello gpersand,

Surely you would put an edge transport server in your DMZ that way you only need to expose a small AD subset using ADAM (which is useless to the human eye) and you only have to open a couple of ports to make it work (you set up an Edge subscription on an internal Exchange server to the Edge Transport Server)

Regards,

PeteLong
Avatar of Gavin Tech
Gavin Tech
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

If my DMZ edge transport server is compromised, wont that give full access to the lan?
ASKER CERTIFIED SOLUTION
Avatar of consultkhan
consultkhan
Flag of Saudi Arabia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image
I don't think the Edge is meant to be completely unprotected.  This particular definition of DMZ would likely include a firewall on both sides.  Also, the Edge server is not meant to be a member of your domain.