No announcement yet.

New Exchange Server Setup Questions

  • Filter
  • Time
  • Show
Clear All
new posts

  • New Exchange Server Setup Questions

    Hello all:

    I am hoping you can help me with a basic question regarding setting up an exchange server. Until now, my small organization has been using the POP mailboxes our domain host provided when we contracted with them. This has met our needs but we are now interested in deploying an exchange server.

    Currently we run our own webserver which is located in a DMZ with the balance of our network in side a secure section. This secure network includes the AD server.

    In doing some research, it seems that exchange relies heaviliy on AD to setup mailboxes for the users. While I am sure this will make things easy to setup new users and mailboxes. However, I have questions about how the AD and exchange servers will communicate. Everything I have seen shows the mailservers to be in the DMZ. This makes sense to me as this server is more at risk than I would like to make our secure network but how does my AD server create a new mailbox on an exchange server in the DMZ? Am I supposed to move my AD server to the DMZ? This seems unnecessarily risky. Should my mailserver be in the secure network? Again this seem a bit risky with opening more ports to the secure network.

    Can someone provide guidance around where the exchange server should be located, in the DMZ or secure?

  • #2
    Re: New Exchange Server Setup Questions

    While posting in the Exchange 2003 section of this forum I assume you want to install a Exchange 2003 server. First question would be why you want to install such a old version? It will be out of support realy soon.

    Now to your question. Normally a Exchange server is placed inside your internal network not in the DMZ. Depending on what feature and from what side you want to use them more configuration is needed probably also in the DMZ or at the firewalls connecting to the DMZ and the Internet.


    • #3
      Re: New Exchange Server Setup Questions

      depends on what you want to do.

      If you're only ever going to have internal staff accessing your exchange server, just put it in the network, forget the DMZ.

      you just need to open port 25 inbound to the server.

      if you want OWA and Outlook anywhere access, then consider putting the ClientAccess role server in the DMZ, and having the mailbox role inside the network.

      Or, just put ISA/forefront in the DMZ, then have your entire exchange environment ont he secure network.

      We'd really need a lot more information though..
      Please do show your appreciation to those who assist you by leaving Rep Point


      • #4
        Re: New Exchange Server Setup Questions

        Thanks for the point in the right direction guys. I am looking at installing the 2003 version as the hardware we are currently using is only an x86 system and it seems 2007 and newer require an upgrade to x64 architecture.

        From the sounds of it, we will start with the mailserver inside our network as we don't truly need outlook anywhere access at this time. If that changes I might have to look into other options.


        • #5
          Re: New Exchange Server Setup Questions

          As was suggested earlier, you could place the back-end server on the LAN and the front-end server in the DMZ. This is what we do.
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.


          • #6
            Re: New Exchange Server Setup Questions

            Originally posted by gforceindustries View Post
            As was suggested earlier, you could place the back-end server on the LAN and the front-end server in the DMZ. This is what we do.
            If that is an Exchange front end server, not an ISA server, why do you do that? Do you think it has increased your network security? If so, you are badly mistaken.

            On the original question...

            What you do with a web server and what you should do with an internal resource like Exchange are two different things. A web server belongs in a DMZ because it is accepting mainly anonymous connections. However Exchange is mainly accepting traffic from internal resources so should be only installed on the internal network.

            Also, with regards to the hardware - unless you are installing Exchange on to a very old machine, at least three or four years old, then it will be 64 bit. You haven't been able to buy a pure 32 bit server for at least three years.

            Simon Butler
            Exchange MVP

            More Exchange Content:
            Exchange Resources List:
            In the UK? Hire me:

            Sembee is a registered trademark, used here with permission.