Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
ssl Certifcates on exchange cluster 1
- Thread starter Fabit
- Start date
-
1
- #2
MarkArnold
IS-IT--Management
- Dec 20, 2005
- 294
You should only even consider this with a Front End. Webmail, SMTP and everything else. Never use a cluster and expose OWA etc. directly at it.
- Thread starter
- #3
MarkArnold
IS-IT--Management
- Dec 20, 2005
- 294
Security, stability and performance. Remember a FE terminates the SSL which takes a chunk of processing off the box. It's also a single point of arrival and less complex on the network for you. You can also enhance security by beefing up the internal network by restricting what the FE can talk to thus reducing the attack area.
There are a chunk of reasons. Others will add more if they are inclined to do so.
There are a chunk of reasons. Others will add more if they are inclined to do so.
- Thread starter
- #5
MarkArnold
IS-IT--Management
- Dec 20, 2005
- 294
No good" is a little strong. It will work "Unwise" and "not recommended" (my use of the word recommended, not Microsoft's) would be better.
- Thread starter
- #7
MarkArnold
IS-IT--Management
- Dec 20, 2005
- 294
It has nothing to do with the certificate. A certificate is a certificate is a certificate (pretty much in this case) It's all around the stability of the box you're connecting to, it's performance etc.
- Thread starter
- #9
MarkArnold
IS-IT--Management
- Dec 20, 2005
- 294
That doesn't make any sense.
Usually people have a redirect from to because people always forget the S.
You can't redirect someone after they've logged into OWA.
I think you need to park this one. Operating a FE is something you should do for HTTPS and SMTP. All your SMTP should be dropped onto the FE/SMTP Bridgehead first. Really all this back and forth about HTTPS is secondary because the traffic should be dropped onto the FE on the way out as well as the way in so that it doesn't sit on the cluster queue.
Usually people have a redirect from to because people always forget the S.
You can't redirect someone after they've logged into OWA.
I think you need to park this one. Operating a FE is something you should do for HTTPS and SMTP. All your SMTP should be dropped onto the FE/SMTP Bridgehead first. Really all this back and forth about HTTPS is secondary because the traffic should be dropped onto the FE on the way out as well as the way in so that it doesn't sit on the cluster queue.
- Thread starter
- #11
MarkArnold
IS-IT--Management
- Dec 20, 2005
- 294
Easy, it's a standard FE/BE configuration.
Install Windows, Install Exchange, Service Pack, Put the SSL on the website, Tick the FE boxes in Exchange, Tick the Form Based Authentication boxes and reboot it.
Another reason for the old FE/BE setup is that you cannot offer RPC over HTTPS with a cluster only setup. You HAVE to have a FE in front of the cluster because the RPC Proxy Service is not supported on a cluster. (forgot about that point) Nearly everyone goes with that solution these days as it's such a useful feature.
Install Windows, Install Exchange, Service Pack, Put the SSL on the website, Tick the FE boxes in Exchange, Tick the Form Based Authentication boxes and reboot it.
Another reason for the old FE/BE setup is that you cannot offer RPC over HTTPS with a cluster only setup. You HAVE to have a FE in front of the cluster because the RPC Proxy Service is not supported on a cluster. (forgot about that point) Nearly everyone goes with that solution these days as it's such a useful feature.
- Status
Similar threads
- Locked
- Question
- Locked
- Helpful tip
- Locked
- Question