562 Networks

If you make any Exchange services available over the Internet, you need to set up an Exchange server in the DMZ. For example, if your Exchange server accepts inbound SMTP mail from the Internet, you must provide an SMTP connection to your Exchange server. Also, many companies place front-end Outlook Web Access (OWA) servers in the DMZ to let users access their mailboxes over a secure HTTP connection. If your organization requires news feeds (through Network News Transfer Protocol—NNTP), you might need an NNTP presence in your DMZ. Other services that might require an Exchange service in the DMZ include Instant Messaging (IM) services, conferencing services, and custom applications.

When you need to locate an Exchange server in the DMZ, you have several options for protecting the server. If you have a firewall in place, you might be able to locate the firewall proxy connections to your Exchange server inside the firewall so that the server isn’t directly exposed to the Internet. This approach is common for services such as SMTP. When you don’t have a proxy firewall, you need to set up some ACLs on the router that handles traffic to and from the Internet. Typically, the configuration on your Internet perimeter will have multiple zones that lead to a multitiered architecture. In such cases, you must limit inbound traffic to your Exchange servers to the specific services you want the servers to accept (e.g., SMTP, HTTP). Likewise, you must let only specified services travel to the Internet from your Exchange servers.

If you use standard management tools to administer and manage Exchange servers in the DMZ, you might need to implement special configurations. For example, when you locate OWA servers in the DMZ, you need to open TCP ports 80 (HTTP), 443 (Single Sockets Layer—SSL—port for HTTP), 389 (Lightweight Directory Access Protocol—LDAP), and 3268 (Global Catalog—GC) because OWA uses these ports to serve clients. However, to manage the OWA server from inside the firewall, you also need to open certain remote procedure call (RPC) ports. Management tools such as Exchange System Manager (ESM) won’t work unless you configure these ports and services to pass through the firewall.

Exchange Server is directly and indirectly at the crux of a number of new and recently announced products from Microsoft. The company’s Mac Business Unit announced on August 13 that the 2010 version of Mac Office will include Outlook, rather than Entourage, as its new e-mail client. The next Mac Office release also will feature improved Exchange and Exchange Online connectivity, the Softies said. (Microsoft Mac Office customers who need better Exchange connectivity now can use the just-finalized Entourage Web Services, Microsoft officials said.)

Additionally, Exchange ActiveSync licensees Nokia and Apple are both expected to tout the ability of users to sync with their corporate mail systems as part of their forthcoming Nokia Mobile Office and Apple Snow Leopard releases.

As many as 1 million testers have been test-driving the public beta version of Microsoft’s on-premise Exchange Server 2010 product since April of this year. Another 5 million or so testers have been working with the cloud-based complement in the form of Outlook Live, which is a slightly modified version of the Exchange Online product.

The Exchange team has said to expect the product to RTM before the end of 2009. More recently, company officials said to expect Microsoft to “launch” Windows Server 2008 R2, Windows 7 and Exchange 2010 together via a series of “business launch” events, which kick off in the U.S. on November 9.

The Exchange 2010 release includes new, integrated e-mail archive functionality; the ability to see text previews of voice mail; a new “Conversation View” feature; customizable call-routing menus; and a “MailTips” feature designed to help stamp out e-mail “faux pas.”

More than a few testers report having been impressed with the Outlook Web Access (OWA) improvements that Microsoft has made as part of the 2010 release. The new and more robust OWA supports Firefox and Safari.

Exchange 2010 is a 64-bit-only release. Other caveats: Users who want to run Exchange 2007 and Exchange 2010 together must upgrade to Exchange 2007 Service Pack (SP) 2. And Exchange 2007 also won’t work at all on Windows Server 2008 R2, so users who want to run Exchange on the latest and greatest Windows Server release have no choice but to upgrade to Exchange 2010. In-place upgrades from Exchange 2007 to Exchange 2010 seemingly are prohibited.