Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Exchange Server / Design / January 2007

Tip: Looking for answers? Try searching our database.

Thoughts on SMTP edge design (E2k7)

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Scott - 11 Jan 2007 17:15 GMT
All,

I'm putting together an E2k7 solution for a large organization (120k users)
that will be split across to hub sites (60k/60k).  I'm looking at using the
Edge Transport/Edge Sync process with ADAM for perimiter security.
Considering security and availability are the top 2 requirements for this
facility, I've thought about utilizing an appliance such as the IronPort
X1000 as the 1st point of entry.

My question is, if Ironport is the way to go, would the Edge services be an
overkill considering the Ironports do basically the same thing?  One of my
concerns is placing ADAM out in the premiter, even if the user accounts are
hashed, etc...

Any input is appreciated.  If you've looked at similar solutions, I'd be
curious what your determining factors would be.

Scott
Reply to this Message
Mark Arnold [MVP] - 11 Jan 2007 21:24 GMT
>All,
>
[quoted text clipped - 14 lines]
>
>Scott

If you are using an Ironport device then you have no use for Edge.
Not sure what else I need to say.
Why are you coming here for advice on a design this large? Surely your
customer has a Premier Support contract and MCS days where they could
have given you a much more fluffier statement and probably convinced
you to use Edge instead?
Reply to this Message
Scott - 12 Jan 2007 18:26 GMT
Mark,

Boy if you only knew the half of it...   Its been requested and denied on
multiple occasions.  Sometimes the gov't just doesn't understand the
logistics of planning an enterprise Exchange infrastructure.  Especially one
that involves migrating 110 different Exchange 5.5 organizations into a
single Exchange 2007 org.  Its what I like to call in ths business....  a
slow moving train wreck.  :)

I pretty much understood the same thing you said, just wanted to get a quick
sanity check.

Thanks,

Scott

>>All,
>>
[quoted text clipped - 25 lines]
> have given you a much more fluffier statement and probably convinced
> you to use Edge instead?
Reply to this Message
Mark Arnold [MVP] - 12 Jan 2007 19:26 GMT
Ahh, government, say no more.
The Ironport subscription that you will purchase and install will
provide a far greater level of security than the Exchange will offer
out of the box.
You could do a comparrison for them though. Get all the pricing for
Forefront from Microsoft and the Ironport. Put that together in a
proposal, make it a gazillion pages of text, government folk just love
massive tomes, and see what drops out.
It's not just Exchange you need to think of. Not sure if you knew that
the Edge isn't the be all and end all of the Microsoft offering.

>Mark,
>
[quoted text clipped - 41 lines]
>> have given you a much more fluffier statement and probably convinced
>> you to use Edge instead?
Reply to this Message
workinghard@news.postalias - 14 Jan 2007 10:18 GMT
Interesting topic.  One of the big issues we see in deploying IT solutions
is lack of knowledge,sometimes lack of funding  (partly driven by the fact
that organizations can't put a price value on services/IT)  and that
government (and other?) organisations are not (hat well managed and driven
by rationale and efficiency as is often assumed :-)

We're looking at Exchange Hosted Filtering (EHF) . One of the remarks there
we get is We need to be able to work "seamlessly" when for some reason that
services no longers works (remarks made by management range from being
blacklisted by MS hating ISP's, Armed conflicts where  US owend IT
infrastructure is also targeted, including cyber terorrism etc ...) So what
I suggested is that they implement a ETS where the mail coming from the EHF
will normally just flow trough (or be filtered again). They can add a MX
record with lower priority as in a backup mail server or mal relay queue ...
I know could lead to the lower priority MX record being targeted by spammers
but that is where the Edge should perform it's filtering role. It is also
the policy that external mail must arive on a mail gateway in a perimeter.
The cost is not to high (even if the Edge will never be used) because it
give's 'm peace of mind and they get Forefront  for the anti virus as well
with the Exchange Enterprise call. They are now using Brightmail (IronPort
is the appliance version of that) and it works really well. So Exchange
Hosted Filtering and Edge will have to prove themselves. What is lacking in
Edge is reporting. A big plus of Brightmail is also is easy of use extreem
low false positive ratio.

> Ahh, government, say no more.
> The Ironport subscription that you will purchase and install will
[quoted text clipped - 56 lines]
>>> have given you a much more fluffier statement and probably convinced
>>> you to use Edge instead?
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.