RPC over HTTP, VPN or something else....??
OK, I got my Exchange server up and running and I am toying with the idea of opening up RPC over HTTP to allow access to the server from the outside world. I've read some conflicting statements over how secure it is. Plus the fact that is says HTTP and not HTTPS gives me the heebeejeebies...
I don't have enough client licenses through my firewall to support as many VPN connections as I have, nor can I afford as many as I need. And, Microsoft's VPN to me is like their antivirus software... It will stop something but it isn't true protection...
Any suggestions as to how I can give my people access to Exchange without compromising security, to much as I know any hole to the server is a risk...???
Thanks!
I don't have enough client licenses through my firewall to support as many VPN connections as I have, nor can I afford as many as I need. And, Microsoft's VPN to me is like their antivirus software... It will stop something but it isn't true protection...
Any suggestions as to how I can give my people access to Exchange without compromising security, to much as I know any hole to the server is a risk...???
Thanks!
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Your Exchange server should be configured to use SSL, I think it is so by default.
As a part of setting up RPC over Http on an Outlook client you will have the option to enforce SSL connections by checking the box by "Connect using SSL only, and then select Mutually authenticate the session when connecting with SSL."
HTH
Simon
As a part of setting up RPC over Http on an Outlook client you will have the option to enforce SSL connections by checking the box by "Connect using SSL only, and then select Mutually authenticate the session when connecting with SSL."
HTH
Simon
Purchase a SAN certificate from public CA inculde the follwing names:
autodiscover.domain.com
FQDN ( mail.domain.com this is where your MX record points).
hostname ( netbois).
local name ( servername.domain.local)
Install this certificate into your exchange server, ( and ISA/TMG server if there is).
enable outlook anywhere ( it is enabled by default).
If all your outlook clients are 2007 and above, it is by default configured to user secure connection (https).
in firewall side ( if not ISA/TMG), you have o forward 443 traffic to exchange IP address.
autodiscover.domain.com
FQDN ( mail.domain.com this is where your MX record points).
hostname ( netbois).
local name ( servername.domain.local)
Install this certificate into your exchange server, ( and ISA/TMG server if there is).
enable outlook anywhere ( it is enabled by default).
If all your outlook clients are 2007 and above, it is by default configured to user secure connection (https).
in firewall side ( if not ISA/TMG), you have o forward 443 traffic to exchange IP address.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial