Exchange 2007 Webmail
Hello all,We currently have one exchange 2007 server running and few people have requested OWA access when they are traveling. I know that you I can enable OWA on this one server but I am hesitant because of the security risk and server load that it will encounter soon as I enable OWA and single point of failure. Management approve another server to be build for OWA access. I am thinking about putting this server out on the DMZ, but I am hearing from other people that said do not put it out on the DMZ. Does Anyone have any suggestion on how this should be implemented. Thanks,Jepoy
October 27th, 2009 5:18pm

You should implement the Client Access Server on your intranet. You should put a reverse proxy (ISA Server 2006) in your DMZ and publish your client access services through ISA (OWA, ActiveSync, Outlook Web Access, Autodiscover, Availability, Exchange Web Services). ISA decrypts, inspects and re-encrypts all traffic from the Internet to your CAS servers.With Exchange 2000 and 2003, there once was a recommendation to put front end servers in the DMZ. Quite difficult to achieve, and you firewall would more or less resemble a swiss cheese. There is an excellent article about this on You had me at EHLO:Wednesday, October 21, 2009 9:27 AM Don't put CAS in the Perimeter network! http://msexchangeteam.com/Jon-Alfred Smith MCTS: Messaging | MCSE: S+M
Free Windows Admin Tool Kit Click here and download it now
October 27th, 2009 5:35pm

Jepoy, OWA only runs on Exchange Server.You willneed a front-end and back-end config.Might want to rethink the DMZ idea - many feel it's moresecure behind the firewall, as you don't have to open up ports between DMZand LAN.... Have a good day, Sachin Shetty| MCP|MCTS|MCITP-EMA|
October 27th, 2009 5:36pm

Jepoy,If you going to do it then make sure you put URLScan on ISA if you are going to do this. That's not thedefault.Have a good day, Sachin Shetty| MCP|MCTS|MCITP-EMA|
Free Windows Admin Tool Kit Click here and download it now
October 27th, 2009 5:44pm

Looks like the easies way is to build another one and just put it internaly... Which eliminate DMZ and do a stright port forwarding from the Firewall on to the ssl connection...Thanks,Jeff
October 27th, 2009 7:00pm

Jeff,I too think better way do as mentioned above which is easier.Have a good day, Sachin Shetty| MCP|MCTS|MCITP-EMA|
Free Windows Admin Tool Kit Click here and download it now
October 28th, 2009 12:51pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics