Hosting Multiple Email Domains on Exchange 2003 behind ISA 2006

ABMRhinofart
ABMRhinofart used Ask the Experts™
on
Ok experts here is my thing. I have been asked by the powers that be, to setup our exchange server to host the email for multiple child companies. (They all have different domain names. company1.com , company2.eu, etc) That's all fine and Dandy. I have exchange setup and working for the domains, and mail flows nicely. But the thing is, they have now come to me and stated they want to be able to do SSL encryption on the emails, and setup RPC/HTTPS like I had setup and running on our primary domain already. Is it simply a matter of purchasing the proper SSL certificates for the websites, installing those certificates into the ISA Certificate Store, and then on the Exchange server as well? I have been reading an article from Thomas Shinder, in which he has multiple systems setup as a DC, CA, and Exchange server all on the same box. Seeing as I am running this setup on an ESXi Server anyways, would that be the best route for me to follow? A separate DC,CS, and Exchange server behind the ISA 2006 machine for each and every email domain they want me to host?

I currently have the following rough setup.
ISA Server
An AD with 2 DCs (redundancy) with multiple UPNs for each of the email domains.
A Front End Exchange Server
A Back End Exchange Server setup with receipient policies for all of the domains we want to host
Any help or a point in the right direction would be greatly appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2011

Commented:
Not sure I follow all of that perfectly but,
Yes,...separate Cert for each Site,...separate External IP# for each Cert/Site combination,...separate Publishing Rule for each Site.
But in many cases you can use the same listener in each Rule.  But you can use separate Listeners if you want.  It just depends on how things work out as you are doing this.
If you used a common namespace (child1.company.com. child2.company.com. child3.company.com) then you can use a single Wildcard Cert for everything.  It would even be the same IP# and Port for everything.  You separate the Sites in IIS by using Hosts Headers (aka Common Name, aka Public Name).
I don't think there is anything stopping you from doing that because the Mail Domain has nothing to do with the AD Domain and has nothing to do with the Public Domain,...they are all three completely separate things.
It could be structured like this theoretically:
Wild Card Cert for everything = *.company.com
The Public DNS would point all three Public Hosts to the same IP#
   Domain Zone = company.com
    host  child1 = 120.34.50.23
    host  child2 = 120.34.50.23 or CNAME child2 = child1
    host  child3 = 120.34.50.23 or CNAME child3 = child1
Child 1
   AD Domain = child1.company.com
   Public Domain = www1.company.com
   Mail Domain = *@child1.com
Child 2
  AD Domain = child2.company.com
   Public Domain = www2.company.com
   Mail Domain = *@child2.com
Child 3
  AD Domain = child3.company.com
   Public Domain = www3.company.com
   Mail Domain = *@child3.com
 Use a separate Publishing Rule for each Site. The Rules, I believe, would be identical except for the Common Name (Public Name) used in the Rule.  I listed that off the top of my head so you would want to check everything over good before you try any of it.
You don't have to do the naming exactly as I did.  I only did it that way to show how the different types of names do not have to match in the spelling.
Most Valuable Expert 2011

Commented:
To stay inline with your AD Domains names the example could look like this:

Child 1
 AD Domain = company1.com
  Public Domain = www1.company.com
  Mail Domain = *@company1.com
Child 2
 AD Domain = company2.com
  Public Domain = www2.company.com
  Mail Domain = *@company2.com
Child 3
 AD Domain = company3.com
  Public Domain = www3.company.com
  Mail Domain = *@company3.com
 

Author

Commented:
Those scenarios would work if everything was part of the same namespace. But unfortunately all of the domains are completely different. For example I have say, JohnsPizza.com, perryspizone.com and markjohenrybob.com. I have all of the domains running on a single exchange install, as I followed the instructions on MSExchange.org in regards to hosting multiple email domains on a single exchange server, and have all that part working, it's just the publishing of the multiple OWA sites, and SSL that has me scratching my head a little. All of the domains email work when publishing via POP3, or IMAP
Most Valuable Expert 2011
Commented:
There is not just one way to approach it.   The URL they access OWA with has nothing to do with the Mail Domain,..or the AD Domain.
You could have just one https://mail.bigservice.net/exchange  and everyone one of those could work off it (johnspizza.com, perryspizone.com, markjohenrybob.com).  OWA identifies the mailbox based on the Users' Credentials,..not any domain name.  The mail Domain is identified by the Email Address associated with the Mail box,..not by the OWA URL.
You could use 3 Hosts Headers in IIS to associate with the same OWA Site,...then create three different Publilshing Rules that (in reality) all point to the same OWA Site.  You would use a Cert for each "web domain" that would each have its own External IP#.   It only needs one listener becase a Listener can have multple IP#s and multiple Certs and can be reused for multiple Rules.  However remember that this is all for "eye candy",...there is no functional mandate for it. You could use a single FQDN like I showed in the paragraph above.
Lastly ISA and Exchange were both never designed to operate like an Internet Provider,...they were both designed (and still are) to operate the way a Corporation operates.

Author

Commented:
I thank you very much for your help. After reading your last comment, and then going back and reading the others, it all became fairly clear to me. Thanks again!
Garry.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial