 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Exchange Server / Design / April 2005Front-end, Back-end, ISA2004
I am completing a migration for a farily large organization (1300 mailboxes), with high mail volume (100k a day) and high OWA utilization. I was planning a NLB cluster on the front end, and a clustered ISA2004 solution for serving up OWA. Here is my question. I have 2 appliances for SMTP relay, so can I use ISA for only serving up OWA and HTTPS over RPC? I was reading over the installation documentation, and it seems that MS wants ISA to do everything. Do I have to do this? Do I want to? Also, what is the preferred config for the 2003 Server with ISA. A machine it its own workgroup authenticating via radius? Thanks for the help! Ralph We do lots of installs where ISA is just used for OWA/OMA/EAS/RPC over HTTPS, etc. It's a good design, and I wouldn't expect SMTP to necessarily route through ISA. We tend to implement specific content/AV software for SMTP, not ISA. The preferred config depends largely on what the org wants to do. If ISA is to be used for the above, then I'd suggest looking into implementing 2 x NICs on the ISA box - one goes to the DMZ, and one goes to the Internal network. This way you can use ISA to authenticate users via forms-based authentication prior to the users making any connection to the Exchange servers.  SignatureNeil Hobson Exchange MVP For Exchange news, links, and tips, check: http://www.msexchangeblog.com >I am completing a migration for a farily large organization (1300 >mailboxes), [quoted text clipped - 16 lines] > > Ralph Neil, thanks for the response. A couple of questions for you: When using ISA with 2 nic's (one in dmz and one to internal network), would the ISA machine be part of the internal domain, or would it be in a workgroup? I have not yet installed ISA2004, but I recently read an article saying that the only way to get ISA to work in web proxy mode was to install ISA on a machine that has only 1 nic installed. I'm guessing from your post that this is not true. Are there any special installation instructions for web proxy mode only? Thanks very much. -Ralph > We do lots of installs where ISA is just used for OWA/OMA/EAS/RPC over > HTTPS, etc. It's a good design, and I wouldn't expect SMTP to necessarily [quoted text clipped - 28 lines] > > > > Ralph We configure ISA to be a member of the internal domain. This architecture allows ISA to provide both web and server publishing and also to act as a full application layer firewall. Quite often this is used to compliment the existing firewall implementation which customers don't want to give up, understandably. Therefore, ISA is sort of 'in series' with the existing firewall, but only doing the OWA/OMA/EAS stuff, etc. SignatureNeil Hobson Exchange MVP For Exchange news, links, and tips, check: http://www.msexchangeblog.com > Neil, thanks for the response. > [quoted text clipped - 53 lines] >> > >> > Ralph |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.