Solved

Edge Server for Exchange 2010 and Sharepoint 2010

Posted on 2010-09-21
7
1,144 Views
Last Modified: 2012-06-21
Hello,
I am installing a new SharePoint Server Farm in my organization and also upgrading Exchange 2003 to 2010. I want to setup a Microsoft TMG Server as the Edge Server on a DMZ behind an existing ASA.

I plan on using the Edge to do reverse proxy roles for SharePoint and also handle Outlook Anywhere and OWA; the edge server will not be doing any spam filtering as my Barracuda will already do that.

Now my question is does this sound like a variable thing to do or should I just spend the extra money and have a second Edge Server.
Also, should the server be on the domain or not? I have read articles that say to do one or the other and I would image it would be best to not have it on the domain.

Any other thoughts are always appreciated.

Thanks,
-Mike
0
Comment
Question by:BAYCCS
  • 3
  • 2
  • 2
7 Comments
 
LVL 11

Expert Comment

by:ahmedabdelbaset
ID: 33732560
Hi,
It's okay to do that .
and it should be Workgroup .
<:>Regards,
<::>Ahmed <:>
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 33734432
Ok great I thought so but just wanted to double check.

One last thing, where to the SSL certs get installed? I would think the Edge but I just want to double check...

Thanks,
-Mike
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 33734513
No it shouldn't be a workgroup!!!
A huge amount of the secureity provided by TMG comes from the fact that it is a Domain Member,...not becuase it isn't.
Debunking the Myth that the ISA Firewall Should Not be a Domain Member
http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html
That was written in the context of ISA2006, but it applies to ISA2004 all the way up to TMG.
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 
LVL 5

Author Comment

by:BAYCCS
ID: 33735072
See this is why I had to ask, I have actually read that article but still am torn with everything that I have read.

0
 
LVL 11

Expert Comment

by:ahmedabdelbaset
ID: 33741689
Hi,
At the edge, you can install Forefront TMG as a domain member or in workgroup mode. As a domain member, Its recommend that you install Forefront TMG in a separate forest (rather than in the internal forest of your corporate network), with a one-way trust to the corporate forest.
This may help the internal forest from being compromised, even if an attack is mounted on the forest of the Forefront TMG computer. There are some limitations with this deployment.
Please check Microsoft Article for before decied the deployment scenario :
http://technet.microsoft.com/en-us/library/cc995141.aspx 
Regards,
Ahmed.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 33770063
How about the SSL Certs, where do they go on the Edge or the servers that the Edge is reverse proxing to?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 33772818
The TMG Team has never recommended a separate forest that they have ever told me about and I have had access to them since April of 2004.  If the product can not be developed to be safe as an Edge Firewall in a Single Forest / Single Domain then it should be scrapped.  
Two forests are hardly ever recommended in any situation.   Will multiple forests ever be recommended,...yes,...but it is the exception to the rule and not common.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Pimping Sharepoint 2007 without Server-Side Code Part 1 One of my biggest frustrations with Sharepoint 2007 in the corporate world is that while good-intentioned managers lock down the more interesting capabilities of Sharepoint programming in…
Summary In SharePoint 2010 it is easy to create custom color themes to jazz up a site. Theme colors can also be created in PowerPoint 2010 with a few clicks. But how do the chosen colors actually look in the SharePoint site? The attached PowerPoint…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question