My question is this. I am beginning my upgrade from Exchange 2003 to Exchange 2010. Currently our 2003 configuration is a front-end/back-end setup with the the front-end server hosting OWA access. I know that Microsoft does not support the CAS server being in the DMZ and they want you to use a proxy such as ISA or TMG. My boss, however, is pushing me to put the CAs server in the DMZ anyway. Our firewall can open ports by application and we won't have to open a bunch of random ports just tell it to let active directory access from the CAS server to the inside. I don't want to do this so I need some data to support not putting the CAS server in the DMZ. Besides the fact that it's unsupported and Microsoft won't help if we ever need to call them.