Setting up an OWA Server

BCHCAdmin
BCHCAdmin used Ask the Experts™
on
Hello - we are currently on Exchange 2003.  We will be implementing some new IronPort email and web filtering.  We will also be creating a DMZ (utilizing a Cisco ASA).  We actually have a tech company coming in to set all that up.  Anyway, what we are going to want to do is set up an OWA server in the DMZ.  I want to be able to allow some users access to email remotely as well as using it for email with smart phones.  Could someone point me in the right direction as far as getting this OWA server setup?  Do I just get another license of Exchange and install it on another box which will go in the DMZ?   This is where I am confused?  Is there an option during install for making this second exchange server utilized for OWA?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Yes, you will need to setup another server with OWA in the scenerio you described. We have an internal Exchnage server that handles all MAPi requests and a webmail server loaded with exchnage and configured with OWA only to handle Https and smart phone traffic. We also have another bes server for blackberries
You'll install it as a second Exchange server, and then configure it to act as a frontend for OWA.  Here's a guide that will walk you through the steps.
http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html

Microsoft's recommendation can be found here.
http://technet.microsoft.com/en-us/library/cc713326.aspx

In short, Microsoft recommends creating an OWA frontend behind your firewall and not in the DMZ.  Then configure an ISA reverse proxy in the DMZ.  If you only have one exchange server, then it's not absolutely necessary to install the 'frontend' server for OWA.  You can set up OWA on the exchange server, and then publish this through the ISA server.

If taking this approach, then install ISA, and afterwards, create the rules for publishing exchange.
http://www.isaserver.org/tutorials/Microsoft_ISA_Server_Part_I__introduction_installation_configuration_Web_caching_and_Internet_access.html
http://technet.microsoft.com/en-us/library/cc713326.aspx

Just to sum it up, I don't want to steer you away from your plan, especially if company policy deems it so.  I simply wanted to present another option, as well as the information you needed for the specific scenario requested.  Just be sure to secure and disable any unused services/ports regardless or which route you choose.  At that point, you've done what you can to secure it.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial