?
Solved

Edge Server for Exchange 2010 and Sharepoint 2010

Posted on 2010-09-21
7
Medium Priority
?
1,149 Views
Last Modified: 2012-06-21
Hello,
I am installing a new SharePoint Server Farm in my organization and also upgrading Exchange 2003 to 2010. I want to setup a Microsoft TMG Server as the Edge Server on a DMZ behind an existing ASA.

I plan on using the Edge to do reverse proxy roles for SharePoint and also handle Outlook Anywhere and OWA; the edge server will not be doing any spam filtering as my Barracuda will already do that.

Now my question is does this sound like a variable thing to do or should I just spend the extra money and have a second Edge Server.
Also, should the server be on the domain or not? I have read articles that say to do one or the other and I would image it would be best to not have it on the domain.

Any other thoughts are always appreciated.

Thanks,
-Mike
0
Comment
Question by:BAYCCS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 11

Expert Comment

by:Ahmed Shahba
ID: 33732560
Hi,
It's okay to do that .
and it should be Workgroup .
<:>Regards,
<::>Ahmed <:>
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 33734432
Ok great I thought so but just wanted to double check.

One last thing, where to the SSL certs get installed? I would think the Edge but I just want to double check...

Thanks,
-Mike
0
 
LVL 29

Accepted Solution

by:
pwindell earned 2000 total points
ID: 33734513
No it shouldn't be a workgroup!!!
A huge amount of the secureity provided by TMG comes from the fact that it is a Domain Member,...not becuase it isn't.
Debunking the Myth that the ISA Firewall Should Not be a Domain Member
http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html
That was written in the context of ISA2006, but it applies to ISA2004 all the way up to TMG.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 5

Author Comment

by:BAYCCS
ID: 33735072
See this is why I had to ask, I have actually read that article but still am torn with everything that I have read.

0
 
LVL 11

Expert Comment

by:Ahmed Shahba
ID: 33741689
Hi,
At the edge, you can install Forefront TMG as a domain member or in workgroup mode. As a domain member, Its recommend that you install Forefront TMG in a separate forest (rather than in the internal forest of your corporate network), with a one-way trust to the corporate forest.
This may help the internal forest from being compromised, even if an attack is mounted on the forest of the Forefront TMG computer. There are some limitations with this deployment.
Please check Microsoft Article for before decied the deployment scenario :
http://technet.microsoft.com/en-us/library/cc995141.aspx 
Regards,
Ahmed.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 33770063
How about the SSL Certs, where do they go on the Edge or the servers that the Edge is reverse proxing to?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 33772818
The TMG Team has never recommended a separate forest that they have ever told me about and I have had access to them since April of 2004.  If the product can not be developed to be safe as an Edge Firewall in a Single Forest / Single Domain then it should be scrapped.  
Two forests are hardly ever recommended in any situation.   Will multiple forests ever be recommended,...yes,...but it is the exception to the rule and not common.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For SharePoint sites, particularly public-facing ones, there are times when adding JavaScript, Meta Tags, CSS Styles or other content to the page <head> section is more practical than modifying master pages.  For instance, you could add the jQuery l…
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question