Exchange 2010 with TMG using RODC in DMZ
Posted on 2013-05-12
In our previous environment we had an Exchange 2003 dual server configuration with the Front end in a DMZ (provided by a hardware firewall) and the back end in our internal LAN, running on a windows 2003 R2 domain. We have now rolled out a single server Exchange 2010 environment with Windows 2008 R2 domain level and have a TMG 2010 server awaiting deployment as the Exchange "front end". Our environment has changed somewhat in the last few months - since upgrading to 2008 domain level we have deployed an RODC in the DMZ and have a number of servers connecting to it providing various services (IIS etc); which leads me to the question!
What would be the best configuration for me to use to present the exchange services through the TMG for the outside and inside access? The TMG server needs to sit in the DMZ, and i would think now the best option would be to join it to the domain using the RODC server, or would it be best to set the TMG up as a secondary RODC Server? We currently provide OWA, Outlook Anywhere and limited IMAP services to exchange; SMTP is locked down to only allow connections from our third party spam/av provider so unsure if i would need to direct that through the TMG as well or just leave SMTP pointing directly at the Exchange server?
Finally - would i be best using a single NIC setup or a dual NIC configuration, with one in the DMZ and one directly to the internal LAN?