Announcement

Collapse
No announcement yet.

Exchange 2007 Planning & Setup (:

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2007 Planning & Setup (:

    Hey everyone! I'm starting a new project, this should be a lot of fun but I'd like to get some opinions. What I'm going for is to create a brand new Exchange 2007 setup from scratch while allowing OWA from the internet. Let me break down the current topology of the network so this makes more sense (all imaginary examples of course hehe).

    Branch Office (subnet 144.144.3.x)
    Internet T1 (random external IP from ISP)
    |
    |
    Firewall (144.144.3.254)
    |
    |____Clients (144.144.3.x)
    |
    |
    Point-To-Point T1 to main office
    |
    |
    Main Office (subnet 144.144.1.x)
    |
    |____Clients (144.144.1.x)
    |
    |____Exchange 2007 (144.144.1.5)
    |
    |____Other Servers (DC etc.) (144.144.1.x)


    Okay now onto the details, I cannot put any server in the Branch office, all servers must be located in the Main office. So I can port forward on the firewall to the 144.144.1.x subnet but I cannot put a physical server in the DMZ port on that firewall or anywhere on the 144.144.3.x subnet. So as far as security is concerned what should I do? Do I just put an edge server in the 144.144.1.x subnet and port forward to it from the 144.144.3.x subnet internet firewall? Are there cheaper alternative to edge servers in this scenario? Should ISA server be used somewhere to play a role here?

    Basically I'm trying to find out what would be cheapest setup while offering fairly good security for OWA in this scenario? What would be required?


    Thanks for any input/tips/suggestions!

  • #2
    Re: Exchange 2007 Planning & Setup (:

    Sorry for the delay in a reply.

    Edge isn't for OWA it is just for SMTP traffic.
    http://technet.microsoft.com/en-us/l...EXCHG.80).aspx

    Don't "port forward" just create a VPN from the branch office to the main office using a different subnet. This leaves the second lot of clients connecting back to the main office as well.
    Users can then use RPC/HTTPS (with outlook) or just OWA back to the Exchange server.
    You don't need Edge or ISA really if money is a sticking point. OWA is secure enough out of the box, with all patches (obviously disclaimers go here!)


    This would give you:

    Clients (144.144.2.x) RPC/HTTPS or OWA
    |
    |
    "Point-To-Point" T1 to main office
    |
    |
    Main Office (subnet 144.144.1.x)
    |
    |____Clients (144.144.1.x)
    |
    |____Exchange 2007 (144.144.1.5)
    |
    |____Other Servers (DC etc.) (144.144.1.x)
    |
    Main Office (subnet 144.144.1.x)

    |
    |VPN
    |
    Internet T1 (random external IP from ISP)
    Branch Office (subnet 144.144.3.x) RPC/HTTPS or OWA
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Exchange 2007 Planning & Setup (:

      Okay so without an Edge server at all, or the VPN, you can still have a home user use https OWA while they are at home on their own PC's/ISP to check their mail??

      Also I'm confused about the VPN, the 144.144.3.x office is identical to the 144.144.2.x office except it happens to have a firewall and an internet T1 line. None of the internal communication between these 3 offices goes over the internet. It's all private point-to-point links so why not just port forward straight to the server from the other office? Hope that makes sense...

      Also, since I want to setup Antispam / Antivirus solutions before it gets into the users mailbox, can this be accomplished correctly without the edge server?

      Thanks!!

      Comment


      • #4
        Re: Exchange 2007 Planning & Setup (:

        Yep, they connect to the Client Access server (aptly named eh! )

        If you want to scan the mail before it gets to a mailbox then you could put something on your HT servers if you wanted.

        Port Forwarding is probably the wrong description. As long as you get traffic between everything then that is fine - http://en.wikipedia.org/wiki/Port_forwarding
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Exchange 2007 Planning & Setup (:

          okay so basically I can actually get away with having OWA/HT/CA/antivirus/antispam all built into one server to save money... I don't have to purchase seperate servers to accomplish any of these features? Do you have any recommendations for the antivirus/antispam or other security related ideas? Backups?

          Thanks for all the advice so far, this should be fun!! (:

          Comment


          • #6
            Re: Exchange 2007 Planning & Setup (:

            Well...
            It depends on how many users and size of data really. You can have everything on one box but it has to be powerfull.
            SBS has everything on for example but, at this site, we have 2 pair of CCR clusters, plus 2 pair of load balanced CA/HT. We have a pair of PineApps for hygiene inbound plus BlackSpider externally and McAfee Groupshield internally.

            Personally.. and these things are always based parly on this. I like Trend and McAfee (although I don't scan the mailbox servers).
            There are other people on here, some with a lot more experience than me so they will probably post their thoughts too.
            I started using Avast as my desktop AV and quite like it so may test out their options too.
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: Exchange 2007 Planning & Setup (:

              Alrighty cool thx, yeah this is basically only for like 30-40 users or so I don't think any of the traffic is too heavy. It is possible to purchase/afford a second server but it would need to be worth it as in it would need to add some level of security or functionality to the email system that's seriously lacking compared to a one server approach.

              Comment


              • #8
                Re: Exchange 2007 Planning & Setup (:

                SBS2008 looks good for that many users.
                cheers
                Andy

                Please read this before you post:


                Quis custodiet ipsos custodes?

                Comment


                • #9
                  Re: Exchange 2007 Planning & Setup (:

                  Okay so if I only have ONE server for all of this, will the viruses and spam still be filtered somehow before they make it into the actual mailboxes and everything? Even though it's on the same server? If that server has Mail Security etc. on it.

                  Comment

                  Working...
                  X