 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Exchange Server / Design / November 2005FE and OWA
Some questions about FE and OWA 1. Can I setup FE server on my LAN in a trusted network and when its working in there OK move it to DMZ and open all required ports. All I'm thinking its easer to install OS join the Domain, install Exchange do all the basic configs for IIS etc... 2. I want to use SSL to secure data from FE to client and use IPSec to secure data from FE to BE so dos this mean that my CA server needs to be in DMZ ie on FE server or in my trusted network. 3. Correct me if I'm wrong here FE needs to be a member of DOMAIN As you can se here I'm going to use DMZ scenario as ISA is not possible yet for me . Thanks for your advice. 1. Yes, can do this, but repeat: not recommended to put OWA/FE in DMZ. It's an Exchange server, needs access to DCs/GCs and backend mailbox servers on a number of ports. 2. If you do put a FE in DMZ, IPSec is the way to go. CA Server only issues certs, you need to make sure the client can verify the certs. Publish CRLs at a reachable location. If you already have a webserver in DMZ, that'd be a good location to publish the CRL (in addition to wherever else you're publishing it now.. ). And don't place your CA server in the DMZ. - I would say simply get a cert from a commercial CA if the OWA cert is the only reason you're setting up a CA. Much more cost-effective given what some CAs charge these days. 3. FE needs to have Exchange. Exchange cannot be installed on standalone boxes (boxes that aren't members of the domain). One secure way is to use something like a SSL appliance/gateway/vpn like Whale if budget is not a constraint.  SignatureBharat Suneja MCSE, MCT www.zenprise.com blog: www.suneja.com/blog ----------------------------------------- > Some questions about FE and OWA > [quoted text clipped - 13 lines] > > Thanks for your advice. Bharat, I have installed another Exchange Server in to my organisation today and OWA its working fine but I cannot start POP3 and IMAP and don't know why both of them are running fine on the BE Server. The only difference between the FE and BE I have ticked the box on the FE to say this is a FE Server nothing else. My BE its a clustered environment. Any ideas. > 1. Yes, can do this, but repeat: not recommended to put OWA/FE in DMZ. > It's an Exchange server, needs access to DCs/GCs and backend mailbox [quoted text clipped - 30 lines] >> >> Thanks for your advice. Not sure what you mean by "cannot start POP3 and IMAP... " - Are those services running on the FE? Are the POP3 and IMAP4 virtual servers running (Check in ESM)? - If they are, can you telnet to ports 110 (POP3) and 143 (IMAP4)? - Do you have connectivity from FE to BE server(s)? (*important to check this if FE is in DMZ or if you're using IPSec between FE/BE) If yes, you're OK on the FE side. On the backend cluster: - do you have POP3 and IMAP4 virtual servers created in the EVS? (Not created by default in Exchange Server 2003). - You also need to create cluster resources for each of these. - Check "Adding IMAP4 and POP3 Resources" in the Admin Guide. Note: POP3 and IMAP4 services should be set to start manually on each cluster node. http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3AdminGuide/71af 5548-6347-46b0-b943-ca43ef230305.mspx SignatureBharat Suneja MCSE, MCT www.zenprise.com blog: www.suneja.com/blog ----------------------------------- > Bharat, > [quoted text clipped - 42 lines] >>> >>> Thanks for your advice. Its all working now, on my FE POP3 and IMAP ware disabled as Services so I changed them to automatic and now all is working fine. Thanks. > Not sure what you mean by "cannot start POP3 and IMAP... " > - Are those services running on the FE? Are the POP3 and IMAP4 virtual [quoted text clipped - 57 lines] >>>> >>>> Thanks for your advice. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.