Re: Exchange with ISA

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 10/30/04

  • Next message: Miha Pihler: "Re: Exchange OWA with ISA" 
    Date: Sat, 30 Oct 2004 23:14:46 +0200

    Hi,

    If you use Front-End server the user never touches the back-end server.
    Front end server will be used as proxy between the user and back-end server.
    This way you can make sure that there is no external access from the
    internet to the server that hold mailboxes and other user's information.

    On ISA you can perform authentication before user even gets to Front-End
    (for this ISA will have to be member of domain). When client sends his
    username and password ISA check if the credentials are OK (user account is
    valid, password is correct, ...). If everything is OK user is granted access
    to OWA (Exchange front-end)...

    For security reasons, you should use SSL certificate to protect passwords
    that are passed by clients on the internet to OWA. You can configure SSL
    Bridge on ISA (SSL certificate is installed on ISA). After ISA gets the
    request it can decrypt it and check the content (e.g. what is inside the
    HTTP packet -- and you can limit access to only few directories on OWA --
    e.g. http://owa.server.com/exchange* and other used for OWA. If client
    request any other directory on that website you can redirect them to any
    other site (e.g. your company policy site).
    Now you can decide how you will pass the traffic from the ISA to OWA. You
    can again use certificate or use IPSec or just pass it in clear text...

    I hope this helps,

    Mike

    "bengt" <bengt@discussions.microsoft.com> wrote in message
    news:C312D8AF-2DF8-4809-B0F8-71F19D5173AA@microsoft.com...
    > Microsoft recommends a scenario where you put ISA server in a DMZ and
    > publish
    > OWA from an Exchange Front-end server on the inside. Looking at it
    > strictly
    > from a security point of view, is there any diffence in publishing the
    > Back-end server instead and skip the Front-end server? I meen if you
    > manage
    > to hack the Front-end server you´re already inside?

  • Next message: Miha Pihler: "Re: Exchange OWA with ISA"

    Relevant Pages

    • Re: odd owa issue
      ... Since you access the OWA from external thru ... On the SBS 2003 Server open the Server Management console. ... Please open the ISA management console, ...
      (microsoft.public.windows.server.sbs)
    • RE: ISA Error ID 21174
      ... many remote services such as RDP, OWA and Companyweb no longer worked. ... in ISA server 2000 or 2004 web publishing rules. ... Which version is the ISA Server, ...
      (microsoft.public.windows.server.sbs)
    • Re: ISA 2006 mit RSA - Publishing mit Standardauthentifizierung
      ... Ich habe einen Exchange 2007 Server mit Formularbasierter Authentifizierung ... Folgender Fehler wird im ISA Log angezeigt: ... Absichern des OWA Front End mit RSA Agent for Web incl SSO. ...
      (microsoft.public.de.german.isaserver)
    • RE: ICMP error when trying to access OWA on SBS 2003 Premium
      ... we do not need to configure the certificate or ISA ... OWA publish rule or IIS manually. ... On the SBS 2003 Server open the Server Management console. ... Click the "Connect to the Internet" link. ...
      (microsoft.public.windows.server.sbs)
    • RE: ICMP error when trying to access OWA on SBS 2003 Premium
      ... we do not need to configure the certificate or ISA ... OWA publish rule or IIS manually. ... On the SBS 2003 Server open the Server Management console. ... Click the "Connect to the Internet" link. ...
      (microsoft.public.windows.server.sbs)