We are a small company and I have read some of the recommended best practices, but was wondering If we really need to deploy a front and backend server. We want to be able to send and receive email to our new smart phones. We have a firewall with a DMZ that houses our web server I had never looked at OWA before ,but it is working inside the firewall. I mapped an external IP to the Internal IP of the exchange server, but I do not get any response at all. Any ideas on this?

For most organizations with a few hundred users or less, you do NOT need an FE server. If you use ActiveSync and you have FBA (forms based authentication for OWA) enabled, there is a work-around you need to do in the Registry and IIS to get ActiveSync devices to work, but you do not need the FE. I suspect your OWA issue from outside your firewall is related to the firewall, not to the fact that you do not have a FE server.

Hi Jim, Is it possible to implement Direct Push for mobile clients without FE server? Thank you.

First, thank you for confirming that we don't need a FE server. We too are less than 100 total people in the company and less than that have e-mail. I am having issues at the firewall, is there anything other than standard SSL ports that need to be opened up for OWA? Thanks in advance, haven't setup OWA before and this is first Exchange 2007 implementation as well.

Hi, Just to confirm, it is possible to do direct push with only one server. You don't have to have a FE BE topology. Cheers Nathan

What sort of issues are you having with the firewall. Basically you only need 443 open for OWA access. Cheers Nathan

"For most organizations with a few hundred users or less, you do NOT need an FE server. If you use ActiveSync and you have FBA (forms based authentication for OWA) enabled, there is a work-around you need to do in the Registry and IIS to get ActiveSync devices to work, but you do not need the FE. I suspect your OWA issue from outside your firewall is related to the firewall, not to the fact that you do not have a FE server". Hi Jim, I am the Netadmin for an organization that has 1 server total. It is running Exchange 2003. I need to give users access to OWA from the wan. Money for new server hardware, OS, Exchange and licensing is not in the budget. The Server is behind aLinux firewall. All of the articles that I am reading say that you should deploy a frontend/backend/ server senario. This is the first posting that someone has said that you don't need to. I just want to clarify that what you meant in the above posting applies to OWA, or just tomobile users using Exchange Active Sync. I would like to just forward port 443 (not 80)directlyto the Exchange server and configure certificate services, Forms Based Authentication and IIS accordingly. It just seems to me that with all of the additional ports that you have to open between the front end and the back end server, that it isn't that much more secure anyway. Please advise, Thanks, Mel Schroyer

Hi, I would agree with Jim. You are fine setting things up how you want for both OWA and Exchange ActiveSync. A front end server provides benifits by taking the load of the MB servers (for example where a lot of SSL traffic occurs). It also means that with multiple back end servers, users only need remember one URL (not related to where their MB is actually stored). Security wise, I would say that the FE server should not be in the perimeter (DMZ) anyway because as you say, way too many ports. I would rather put a reverse proxy like ISA in front of it. In the end your method will be fine and is what hundreds of smaller shops do. Cheers Nathan