Solved

Edge Server for Exchange 2010 and Sharepoint 2010

Posted on 2010-09-21
7
1,145 Views
Last Modified: 2012-06-21
Hello,
I am installing a new SharePoint Server Farm in my organization and also upgrading Exchange 2003 to 2010. I want to setup a Microsoft TMG Server as the Edge Server on a DMZ behind an existing ASA.

I plan on using the Edge to do reverse proxy roles for SharePoint and also handle Outlook Anywhere and OWA; the edge server will not be doing any spam filtering as my Barracuda will already do that.

Now my question is does this sound like a variable thing to do or should I just spend the extra money and have a second Edge Server.
Also, should the server be on the domain or not? I have read articles that say to do one or the other and I would image it would be best to not have it on the domain.

Any other thoughts are always appreciated.

Thanks,
-Mike
0
Comment
Question by:BAYCCS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 11

Expert Comment

by:ahmedabdelbaset
ID: 33732560
Hi,
It's okay to do that .
and it should be Workgroup .
<:>Regards,
<::>Ahmed <:>
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 33734432
Ok great I thought so but just wanted to double check.

One last thing, where to the SSL certs get installed? I would think the Edge but I just want to double check...

Thanks,
-Mike
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 33734513
No it shouldn't be a workgroup!!!
A huge amount of the secureity provided by TMG comes from the fact that it is a Domain Member,...not becuase it isn't.
Debunking the Myth that the ISA Firewall Should Not be a Domain Member
http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html
That was written in the context of ISA2006, but it applies to ISA2004 all the way up to TMG.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Author Comment

by:BAYCCS
ID: 33735072
See this is why I had to ask, I have actually read that article but still am torn with everything that I have read.

0
 
LVL 11

Expert Comment

by:ahmedabdelbaset
ID: 33741689
Hi,
At the edge, you can install Forefront TMG as a domain member or in workgroup mode. As a domain member, Its recommend that you install Forefront TMG in a separate forest (rather than in the internal forest of your corporate network), with a one-way trust to the corporate forest.
This may help the internal forest from being compromised, even if an attack is mounted on the forest of the Forefront TMG computer. There are some limitations with this deployment.
Please check Microsoft Article for before decied the deployment scenario :
http://technet.microsoft.com/en-us/library/cc995141.aspx 
Regards,
Ahmed.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 33770063
How about the SSL Certs, where do they go on the Edge or the servers that the Edge is reverse proxing to?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 33772818
The TMG Team has never recommended a separate forest that they have ever told me about and I have had access to them since April of 2004.  If the product can not be developed to be safe as an Edge Firewall in a Single Forest / Single Domain then it should be scrapped.  
Two forests are hardly ever recommended in any situation.   Will multiple forests ever be recommended,...yes,...but it is the exception to the rule and not common.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sharepoint List View 6 44
User Profile Issue in SHarePoint 9 75
How to view calendars overlay in list view in SharePoint 2010? 1 151
How to share an InfoPath Form on-line 2 24
We had a requirement to extract data from a SharePoint 2010 Customer List into a CSV file and then place the CSV file into a directory on the network so that the file could be consumed by an AS400 system. I will share in Part 1 how to Extract the Da…
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question