With individual CA servers I can configure settings to make a particular CA server external or internal facing. How exactly does external facing CA servers work with a CAS Array, and how would I go about configuring those settings?

Hi, If your CAS Array is internet facing ten you must use external CA. That certificate can be used on all servers in the CAS Array. If you have let’s say 2 CAS arrays in 2 sites, and each CAS array serves as a fallback for the other CAS array, it is recommended that you purchase a SAN certificate with the names of both CAS arrays in it. Install that certificate on all CAS servers in both arrays/sites. But there could be other scenario’s that would require you to put more names on the SAN certificate.Anil

Anil, Thanks for the reply. Even though the CAS array sits behind a firewall is there any overwhelming security concerns if I have an entire array Internet facing?

If it behind a firewall then its fine, Same configuration been follow by several ORG as per my knowledge !Anil

If you are referring to outlook anywhere/owa/activesync it's a security best practice to publish the services with TMG/ISA to internet And use a 3rd part SAN certificateJonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog

As Per my knowledge you have need to purchased a 3rd party SAN certificate. sam