• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1154
  • Last Modified:

Edge Server for Exchange 2010 and Sharepoint 2010

Hello,
I am installing a new SharePoint Server Farm in my organization and also upgrading Exchange 2003 to 2010. I want to setup a Microsoft TMG Server as the Edge Server on a DMZ behind an existing ASA.

I plan on using the Edge to do reverse proxy roles for SharePoint and also handle Outlook Anywhere and OWA; the edge server will not be doing any spam filtering as my Barracuda will already do that.

Now my question is does this sound like a variable thing to do or should I just spend the extra money and have a second Edge Server.
Also, should the server be on the domain or not? I have read articles that say to do one or the other and I would image it would be best to not have it on the domain.

Any other thoughts are always appreciated.

Thanks,
-Mike
0
BAYCCS
Asked:
BAYCCS
  • 3
  • 2
  • 2
1 Solution
 
Ahmed ShahbaSystem ArchitectCommented:
Hi,
It's okay to do that .
and it should be Workgroup .
<:>Regards,
<::>Ahmed <:>
0
 
BAYCCSAuthor Commented:
Ok great I thought so but just wanted to double check.

One last thing, where to the SSL certs get installed? I would think the Edge but I just want to double check...

Thanks,
-Mike
0
 
pwindellCommented:
No it shouldn't be a workgroup!!!
A huge amount of the secureity provided by TMG comes from the fact that it is a Domain Member,...not becuase it isn't.
Debunking the Myth that the ISA Firewall Should Not be a Domain Member
http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html
That was written in the context of ISA2006, but it applies to ISA2004 all the way up to TMG.
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
BAYCCSAuthor Commented:
See this is why I had to ask, I have actually read that article but still am torn with everything that I have read.

0
 
Ahmed ShahbaSystem ArchitectCommented:
Hi,
At the edge, you can install Forefront TMG as a domain member or in workgroup mode. As a domain member, Its recommend that you install Forefront TMG in a separate forest (rather than in the internal forest of your corporate network), with a one-way trust to the corporate forest.
This may help the internal forest from being compromised, even if an attack is mounted on the forest of the Forefront TMG computer. There are some limitations with this deployment.
Please check Microsoft Article for before decied the deployment scenario :
http://technet.microsoft.com/en-us/library/cc995141.aspx 
Regards,
Ahmed.
0
 
BAYCCSAuthor Commented:
How about the SSL Certs, where do they go on the Edge or the servers that the Edge is reverse proxing to?
0
 
pwindellCommented:
The TMG Team has never recommended a separate forest that they have ever told me about and I have had access to them since April of 2004.  If the product can not be developed to be safe as an Edge Firewall in a Single Forest / Single Domain then it should be scrapped.  
Two forests are hardly ever recommended in any situation.   Will multiple forests ever be recommended,...yes,...but it is the exception to the rule and not common.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now