 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Exchange Server / Design / December 2006ISA Server 2006 and Exchange 2003/2007 on same machine
I am looking at deploying Exchange Server utilizing the Front End/Back End topology. It would seem to me that ISA Server 2006 could perform the Front-End portion of the topology. Is this so or would it be necessary to have an additional Exchange 2003 server machine as outlined in the Front-End/Back-End topology Guide? Could Exchange 2003/2007 coexist on the same machine with ISA Server 2006 and what security implications might that have? I suspect co-existence is not a problem, but would like feedback from anyone who has put them both on the same machine, and what pitfalls there might be. I will obviously have to consider a 64-bit machine for a ISA Server 2006/Exchange Server 2007 machine.  SignatureEdward Ray CCIE Security, CISSP, GCIA Gold, GCIH Gold, MCSE+Security, PE Donn't do it. ISA is a firewall product that disables *all* raffic in and out of itself right out of the box. Exchange relies on a lot of communication with AD. You'd have to open too many ports on ISA. ISA needs to be on it's own computer. Put it this way, would you consider loading Exchange on a Cisco PIX? > I am looking at deploying Exchange Server utilizing the Front End/Back > End topology. It would seem to me that ISA Server 2006 could perform [quoted text clipped - 8 lines] > there might be. I will obviously have to consider a 64-bit machine for > a ISA Server 2006/Exchange Server 2007 machine. > Donn't do it. ISA is a firewall product that disables *all* raffic in and > out of itself right out of the box. Exchange relies on a lot of > communication with AD. You'd have to open too many ports on ISA. ISA needs > to be on it's own computer. > > Put it this way, would you consider loading Exchange on a Cisco PIX? I did some research; it is possible to have ISA Server 2006 in a front-End Exchange Server Configuration w/o installing Exchange on top of it. Since I will only have one Exchange Server for the time being and I already have a Postfix Mail Gateway, there is no need for for a Front-End Server. You are yalking about a different scenario here. When someone here mentions an Exchange FE/BE scenario, it is assumed that it means Exchange as both the FE and BE. My answer still stands. Don't install anything else on the ISA box. Just because it runs on Windows doesn't mean it can run a bunch of stuff. ISA has one function, it protects yur network. >> Donn't do it. ISA is a firewall product that disables *all* raffic in >> and out of itself right out of the box. Exchange relies on a lot of [quoted text clipped - 8 lines] > and I already have a Postfix Mail Gateway, there is no need for for a > Front-End Server. It is not recommended to install anthing else on an ISA box including Exchange whether or not the technology supports. As Asher mentioned the ISA blocks traffic right out the box and you don't want to be messing with opening all the necessary ports for Exchange to function correctly. I recently read a thread about a month ago about a user who was trying to get his Exchange box to work and we found out the issue was because it was installed on the ISA box. The ISA box should be dedicated on single box with no other roles. James Chong MCSE | M+, S+, MCTS, Security+ msexchangetips.blogspot.com ftp://mail.msexchange911.net/ > You are yalking about a different scenario here. When someone here > mentions an Exchange FE/BE scenario, it is assumed that it means Exchange [quoted text clipped - 16 lines] > > and I already have a Postfix Mail Gateway, there is no need for for a > > Front-End Server. You would still need an Exchange server to perform the FE tasks if that is the configuration you wish to deploy. The ISA Server would not "replace" the Exchange FE server, but merely provide firewall\proxying functions for it so the Exchange FE server is not directly exposed to connections from the Internet. The ISA and Exchange FE combo (but on separate servers please) provide yet two more layers of abstraction and security between the users\abusers on the Internet and your Exchange mailbox\BE servers. >I am looking at deploying Exchange Server utilizing the Front End/Back End >topology. It would seem to me that ISA Server 2006 could perform the [quoted text clipped - 8 lines] >I will obviously have to consider a 64-bit machine for a ISA Server >2006/Exchange Server 2007 machine. You do not need a FE Exchange for this scenario. see Thomas Schindler's article at http://isaserver.org/tutorials/ISA-Firewall-Publishing-OWA-RPC-HTTP-Single-IP-Ad dress-Part5.html SignatureEdward Ray CCIE Security, CISSP, GCIA Gold, GCIH Gold, MCSE+Security, PE > You would still need an Exchange server to perform the FE tasks if > that is the configuration you wish to deploy. The ISA Server would not [quoted text clipped - 21 lines] >>I will obviously have to consider a 64-bit machine for a ISA Server >>2006/Exchange Server 2007 machine. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.