Exchange 2007 deployment considerations
Our company is in the process of upgrading from Exchange 2000 to Exchange 2007. Before I go any further, I'll give a run down of our setup to be used as a reference point when talking about what direction we need to go.We have only one domain and Exchange 2000 server. The Exchange server resides on our private LAN. We use TrendMicro Scanmail for AV and GFI MailEssentials for our spam filtering--both directly installed on the Exchange server. A Cisco PIX firewall lies between our Exchange server and the public Internet. We do have a DMZ available, but it is not used for any of our email processing. All that said, I know it's a bad setup (not using the DMZ to better protect the Exchange server from the outside) and we fully intend to fix this with the rollout of Exchange 2007. This is something I inherited and haven't been able to change it until now.My goal is to use as much of what I already have available where possible. If migrating to new solutions is a much better option, we'll look into that. It's hard to justify spending more money to replace a working solution, though (I'm mostly speaking with regards to things like our PIX firewall, TrendMicro for AV and GFI MailEssentials for spam filtering).With all of this said, let me give a general idea of where I want to go. Right now, GFI MailEssentials is not supported on an Exchange 2007 server (*yet*, anyway), so spam filtering has to move somewhere else. Part of me would just like to get AV and spam filtering off the Exchange server and onto some SMTP smarthost, anyway. I also want to properly use our DMZ in the email process so that it's in between our Exchange 2007 server and the public Internet. Whether this is an Exchange 2007 Edge Transport server, some basic Windows 2003 SMTP smarthost server running AV and spam filtering or using some ISA server possibly--I don't know. It seems there are many options to consider and I'm very torn on which to use. Oh, and we will also want to use services like Exchange ActiveSync for our Windows Mobile phones and Outlook Web Access for webmail.One thing I'm still looking for more information on is the effectiveness of an Edge Transport server as a spam filter. I've heard some people say it works well, and others say it leaves a lot to be desired with effective filtering. Does an Edge Transport server require ForeFront Security for Exchange Server to filter for spam (ie: is this a seperate addon to the Edge Transport)? If so, that just seems to be driving the cost right up more and more given the subscription need for that. I'm still trying to figure out what all Edge Transport does and doesn't do out of the box without adding on other things. Another seperate question is whether ISA server is required or not to properly publish services like OWA and ActiveSync to the web (we have never used ActiveSync yet, so I have no idea what all is required for it to work). Actually, I know it's not required, but I'm not sure what other proper alternatives there are to keep security fairly solid--espeically with what we already have (access to a DMZ, our PIX firewall, etc).Anyway, I don't want to be too long winded anymore. Any suggestions or directions to go would be very helpful. I want to make the right decision in moving to Exchange 2007. I want to make sure I'm using the proper technologies, and not wasting money given what we already have on hand. Thanks.
August 1st, 2007 7:38pm