Hi all
I administer a small network, watchguard firewall, 6 servers, and 40 desktops behind it. All servers are on WinStandard2003, and we run Exchange Server standard 2003 SP2.
The Exchange server is set up as a single server, and has OWA on it. Also it serves as a domain controller. The only other domain controller serves as a backup server. The remaining 4 servers are our apps/file servers. Our OWA/mail/DC server has an SSL certificate deployed, and we have several users using ActiveSync.
I have recently been told that having OWA on the Exchange server, and a domain controller to boot represent a high security risk.
Given that it is time to replace our 2 domain controller servers (they are about to get off warranty), I wanted to get some suggestions as to what the best architecture may be. As you can judge from the company size, the budget is quite limited.
From what I have been reading, I understand that the best(and most expensive) solution from a security prospective would be to
Buy 2 new servers to replace the domain controllers.
Buy 2 more servers, use one as BE, one as FE for Exchange
Buy an additional server and deploy ISA on it.
An alternative to it would be, instead of an ISA server, add an additional firewall between FE and BE server to create a DMZ.
However this seems overkill and most likely would never get approved.
Any suggestions on how to do this? Do I even need a FE/BE exchange if I have only 40 users? How would that affect OWA security?
Thanks in advance
I administer a small network, watchguard firewall, 6 servers, and 40 desktops behind it. All servers are on WinStandard2003, and we run Exchange Server standard 2003 SP2.
The Exchange server is set up as a single server, and has OWA on it. Also it serves as a domain controller. The only other domain controller serves as a backup server. The remaining 4 servers are our apps/file servers. Our OWA/mail/DC server has an SSL certificate deployed, and we have several users using ActiveSync.
I have recently been told that having OWA on the Exchange server, and a domain controller to boot represent a high security risk.
Given that it is time to replace our 2 domain controller servers (they are about to get off warranty), I wanted to get some suggestions as to what the best architecture may be. As you can judge from the company size, the budget is quite limited.
From what I have been reading, I understand that the best(and most expensive) solution from a security prospective would be to
Buy 2 new servers to replace the domain controllers.
Buy 2 more servers, use one as BE, one as FE for Exchange
Buy an additional server and deploy ISA on it.
An alternative to it would be, instead of an ISA server, add an additional firewall between FE and BE server to create a DMZ.
However this seems overkill and most likely would never get approved.
Any suggestions on how to do this? Do I even need a FE/BE exchange if I have only 40 users? How would that affect OWA security?
Thanks in advance