Exchange 2010: ActiveSync Design

We're considering introducing Exchange 2010 ActiveSync into our environment.  For one of the domains, we have 2 Exchange 2010 multirole servers running CAS, HUB, and Mailbox.  We also run F5 load balancers.  

For security reasons (and not performance), we're considering adding 2 dedicated CAS servers for ActiveSync.  We would have 2 for redundancy. They would sit on the internal network.  The F5 would sit on the DMZ and act as a reverse proxy.  

My question: Is having dedicated CAS servers for ActiveSync more secure than running ActiveSync off the multirole servers?  It seems like dedicated CAS servers would have a smaller attack surface.
LVL 8
bsohn417Asked:
Who is Participating?
 
Don S.Commented:
Not really.  The attack surface comes from the CAS role.  I don't think the surface changes weather it is on the mailbox server or not.  That said, for performance and management/backup-retore reasons it is generally best practice to seperate the Mailbox role from the CAS role.
0
 
ash007Commented:
It wont matter if its multirole or single role
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.