Troy Tate 0 pts. | Sep 14 2009 3:48PM GMT

Can you provide more details about your environment (e.g. banking, finance, defense contractor, etc.)? This might give us more insight into what concerns you might have. There is a lot of different traffic that has to go to/from domain controllers. Are the DC’s currently on a separate firewalled subnet?


Thomas1991 25 pts. | Sep 14 2009 4:19PM GMT

At this time we have DCs in own zone. Member servers (another zone) of that DC will consist only of hub, cas, and mbx. The major concern is that due to Exchange high dependence on AD it will create additional load on firewalls, increase management and complexity. Also several ports require to be open between the two zones.
From the simplicity point of view one zone makes sense. However form the security point of view, layered approach (two zones) should be applied.


Mrdenny 44825 pts. | Sep 14 2009 4:31PM GMT

Typically people will install Exchange within the firewall, and only put the Edge Transport servers in the DMZ.


Thomas1991 25 pts. | Sep 14 2009 4:45PM GMT

Mrdenny I understand. In our case we will not deploy Edge Transport servers.


mrdenny 44825 pts. | Sep 16 2009 2:54AM GMT

Then you’ll need a lot of ports open between the Exchange server and the domain controllers in order to allow Exchange to authenticate.

Please complete the following information:

REGISTER / LOG-IN TO DISCUSS

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Submit your e-mail address below to continue

E-mail: 

E-mail: 

Handle:   

Password: 

Forgot Password?

Create Handle: 

Your handle identifies you in ITKnowledgeExchange. Max 30 char.

Create Password: 

Confirm Password: 

Yes, I agree to the IT Knowledge Exchange  Terms and Conditions.

hidden modal window