Upgrade Exchange 2003 - 2010. DMZ configuration
Hi,
ISA will add security, if ISA not available then Exchange CAS Server need to NATed with Public IP in Firewall.
Create Send Connector in Exchange 2010 Server to forward the mails from HUB to 3rd Party system and Configure receive connector in HUB Server to receive mails from 3rd Party system. Do the same in your 3rd Party system also
Remove the Exchange 2003 infra as per the link
http://technet.microsoft.com/en-us/library/bb288905(EXCHG.80).aspx
Rgds, S Kannan
June 21st, 2011 8:54am
Use the links below as they'll help you in transitioning to exchange 2010
Exchange deployment assistant
http://technet.microsoft.com/en-us/exdeploy2010/default.aspx
Rapid Transitioning from exchange 2003 to 2010
http://msexchangegeek.com/2010/01/30/rapid-transition-guide-from-exchange-2003-to-exchange-2010/
Understanding Upgrade from Exchange 2003 to Exchange 2010
http://technet.microsoft.com/en-us/library/ff805040.aspx
Regards, Pushkal MishrA
Free Windows Admin Tool Kit Click here and download it now
June 21st, 2011 9:42am
Catmandu - during your migration nothing needs to change in the DMZ etc for mailflow, leave the mail coming in and out of exchange 2003, once you have moved all mailboxes to exchange 2010, add a send connector to exchange 2010 to send out to your SMTP service,
and switch the firewall to route inbound SMTP to exchange 2010 ensureing your receive connector is setup to receive anonymous connections.
Your right that no exchange in the DMZ is best practice, apart from an edge server which is supported. If you want to provide OWA etc out on the net you will need to do as mentioned SK with a NAT or for more security a reverse proxy like a netscaler.Stew
June 22nd, 2011 12:04am
We have Exchange 2003. Very simple setup -
1 x Front End server in DMZ
1 x Back End server in internal network.
3rd party vendor as our SMTP gateway out in the cloud who do spam handling. They send/receive mails to and from our Front End server.
Cisco ASA 5510 firewall
We don't have ISA (will consider purchasing if it's genuinely required, but would be happy to avoid purchasing it if possible).
150 low-usage users
I'm looking to upgrade to Exchange 2010, and am planning on having a single Exchange 2010 server in the internal network with all the roles on it - HT, MB, CAS. There would be no Exchange servers in the DMZ (which I understand is best practice).
Problem is, I'm not too sure what I need to do in the DMZ to ensure mail flow continues between the 3rd Party system and our internal network during a co-existence period and after it's all moved to 2010.
Would appreciate any advice, links etc.
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2011 5:23am
Thanks everyone! All three answers are very helpful and I feel a good bit more confident about it now.
Cheers!
June 22nd, 2011 9:11am