Hi, we have been trying to work out the ports/services that are running between the CAS, DC and Hub Server, we so far think that DNS, LDAP, RPC and Global Catalogue running between the CAS and DCSMTP between CAS and the Hub Serveris this correct, also is there any of the services/ports that i am missing

There is no SMTP between the CAS and the HT server. I actually cannot think of any reason that E2K7 would want to communicate between a HT and a CAS server. There would be a dynamic RPC port above 1,024 also, but only to the DC/GC. If you are thinking about putting the CAS server in a DMZ, please rethink that policy, it is a very bad idea. You end up carving open a lot of ports on your internal firewall. If your organization has a policy of not allowing 'web accessible' servers on your internal network, then place an HTTP reverse proxy in your DMZ and put the CAS server on the inside network. You could use a Linux Squid proxy, an ISA Server, a BlueCoat proxy, or something else to accomplish this. It will give you better security and make your firewall configuration much simpler.

Hi, thanks for the advice, we were debating putting CAS on the DMZ hence the need to know the ports it used, We are now looking into the reverse proxy idea, and which direction we will take.

I have seen a document on the ports that E2K7 uses, but I am not sure where it is right now. I'll dig around on my hard drive and if I can find it, I'll post it on my blog and then post back here. Trust me, lobby really hard to keep all of your core E2K7 roles inside your network. You will be happy you did. And, if nothing else, Microsoft does NOT support E2K7 CA or HT servers in the DMZ.