Securing by Functional Roles of the Server

Previous page
Table of content
Next page
 < Day Day Up > 

Exchange Server 2003 servers can participate in various responsibilities in a given messaging environment. Some of these responsibilities may be intertwined due to budget constraints, business requirements, or technical justifications. No matter how the roles and responsibilities play out in the environment, it's important to secure them appropriately based on the roles of the server.

Some examples of the functional roles that Exchange Server 2003 servers can have within the messaging environment include, but are not limited to, the following:

  • Front-end Servers Front-end servers relay client requests to back-end servers and should not host information stores.

  • Connector and Relay Servers Connector or relay servers act as a bridge between different Exchange sites or organizations, as well as to foreign servers on different networks.

  • Back-end Servers Back-end servers refer to Exchange servers that are located on the internal network and do not directly face the Internet. These servers generally host information stores containing mailboxes or public folders.

Exchange Server 2003 Running on Domain Controllers

Some smaller messaging environments might consider implementing Exchange Server 2003 on a Global Catalog/domain controller (GC/DC) to save on costs and administration. On the contrary, this configuration can actually increase costs by increasing administration and maintenance, and potentially cause more downtime (both scheduled and unscheduled). An equally important reason for avoiding this configuration is to minimize security risks and other implications, such as the following:

  • Clustering is not available.

  • Performance is affected.

  • DSAccess, DSProxy, and Global Catalog services will not be load-balanced or have failover capabilities.

  • All services run under LocalSystem and might pose a greater chance of compromise.

  • Exchange administrators require physical access to the DC.

  • The server takes much longer to shut down.


Special Security Considerations for Exchange and Operating System Upgrades

If Exchange Server 2003 runs on top of Windows 2000 SP3, the admininstrator has the option of doing an in-place upgrade of the NOS to Windows 2003 Server. Because of the new security and functionality of Windows 2003, Exchange Server 2003 must make some adjustments to IIS 6.0 after the upgrade.

As the server starts up, it looks for a /lm.ds2mb/61491 key in the IIS metabase. If the key does not exist, Exchange performs the following steps:

  1. IIS switches from Compatibility Mode to Worker Process Isolation Mode.

  2. Exchange ISAPI extensions are enabled and an Application Pool is created.

  3. IIS creates the /lm.ds2mb/61491 key in the metabase.

  4. IIS automatically restarts the W3SVC service for the changes to take effect.

Each of these changes are logged in the Application Event Log.


 < Day Day Up > 

Previous page
Table of content
Next page
Microsoft Exchange Server 2003 Unleashed
Microsoft Exchange Server 2003 Unleashed (2nd Edition)
ISBN: 0672328070
EAN: 2147483647
Year: 2003
Pages: 393
Authors: Rand Morimoto
BUY ON AMAZON
C++ How to Program (5th Edition)
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Mapping Hacks: Tips & Tools for Electronic Cartography
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy