|
|
|
date: Wed, 14 Nov 2007 09:06:04 -0800,
group: microsoft.public.exchange.design
back
Add Front-End Server
Hi,
Currently have Exchange 2003 SP2 running on a HA Cluster. I have been
tasked with a project to enable OWA for remote users. We also in the future,
want to add an ISA server, behind our checkpoint firewall, for publishing
OWA, RPC over HTTPS, etc.
But at present, only have enought funds to enable OWA.
That being the case, I would like to put in a Front-End Exchange box, for
the actual OWA communication. While it will also be behind the firewall and
on our network ( I know best practise is DMZ, but not there yet) I am
wondering about the actual configuration.
I assume I just install another Exchange box, and then state that it is
front-end.?? I would also think that the SSL Certificate request, is created
from the front-end box, and installed on the front-end box??
My other question would relate to email flow. Do I direct external email
flow, to the front-end box, and then to back-end, or do I leave email
delivery alone?? If I have to change it, I would have to make some firewall
changes, etc.
Any pointers on this would be greatly appreciated. If I am looking at the
design wrong, please feel free to critique.
Thanks,
date: Wed, 14 Nov 2007 09:06:04 -0800
author: Hutch
Re: Add Front-End Server
Responses inline.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------------------------
"Hutch" wrote in message
news:8AD4F03F-C5F3-4725-BFA9-C05E12E5CD5A@microsoft.com...
> Hi,
>
> Currently have Exchange 2003 SP2 running on a HA Cluster. I have been
> tasked with a project to enable OWA for remote users. We also in the
> future,
> want to add an ISA server, behind our checkpoint firewall, for publishing
> OWA, RPC over HTTPS, etc.
>
> But at present, only have enought funds to enable OWA.
>
> That being the case, I would like to put in a Front-End Exchange box, for
> the actual OWA communication. While it will also be behind the firewall
> and
> on our network ( I know best practise is DMZ, but not there yet) I am
> wondering about the actual configuration.
>
> I assume I just install another Exchange box, and then state that it is
> front-end.?? I would also think that the SSL Certificate request, is
> created
> from the front-end box, and installed on the front-end box??
Configuring Exchange Front-End Servers
http://technet.microsoft.com/en-us/library/aa997801.aspx
Yes, SSL cert requests created from the FE - make sure the subject name is
the external fqdn. If you have existing cert for that fqdn issued by a
third-party/commerical CA, you can simply export that from the existing
server(s) with the private key, and install on the FE.
>
> My other question would relate to email flow. Do I direct external email
> flow, to the front-end box, and then to back-end, or do I leave email
> delivery alone?? If I have to change it, I would have to make some
> firewall
> changes, etc.
SMTP is not "front-ended", unlike other protocols (HTTP, IMAP, POP3... ).
You could have the FE handle inbound/outbound email.
For outbound: Create a SMTP Connector for address space * (if one doesn't
already exist), add the SMTP VS on the Front-End as a Bridgehead.
- To ensure the single FE is not a single point of failure, create another
SMTP Connector for * with a higher cost, add the SMTP VS from the BE
server/EVS as a Bridgehead.
For inbound email: Point external MX record to the FE's A record. You could
also create additional MX record with higher Preference and point it to A
record of the EVS or another SMTP/Exchange server in your environment.
>
> Any pointers on this would be greatly appreciated. If I am looking at the
> design wrong, please feel free to critique.
>
> Thanks,
date: Wed, 14 Nov 2007 10:15:26 -0800
author: Bharat Suneja [MVP]
|
|
