Configuring and Managing Virtual Servers

Previous page
Table of content
Next page
 < Day Day Up > 

Unless you are creating an organization with distributed Exchange protocols one or more servers dedicated to serving one protocol your exposure to managing virtual servers will likely be very limited. Some of the more common tasks you might find yourself performing for virtual servers include

  • Adding a new virtual server

  • Starting, stopping, or pausing a virtual server

  • Changing virtual server IP addresses and ports

  • Limiting inbound connections to virtual servers

  • Configuring SMTP relay settings

We examine each of these tasks in the following sections.

graphics/note_icon.gif

We examine more virtual server related items in our discussion of front-end/back-end server arrangements later in this chapter.


Adding a New Virtual Server

You might need to create a new virtual server for any number of reasons. Typically, you most commonly create an additional SMTP virtual server, and thus we examine this process here. To create a new SMTP virtual server, perform the following steps:

  1. Open the Exchange System Manager.

  2. Locate the Protocols folder for the physical server for which you want to create a new SMTP virtual server and expand it.

  3. Right-click the SMTP folder and select New, SMTP Virtual Server from the context menu.

  4. Enter the name of the new SMTP virtual server, and click Next to continue.

  5. Select the IP address and click Finish to complete the New SMTP Virtual Server Wizard. If there are no IP address/port conflicts, the new SMTP virtual server starts automatically.

  6. If you need to configure additional properties for the new SMTP virtual server, do so by right-clicking on it under the SMTP folder and selecting Properties.

Starting, Stopping, or Pausing a Virtual Server

Should you, for any reason, need to change the operational status of any virtual server, you can do so easily from the context menu. Simply right-click the appropriate virtual server and select the desired action from the context menu.

Changing Virtual Server IP Addresses and Ports

Only one virtual server can be in operation using a specific IP address/port number combination. If you create a new virtual server and your server has only one IP address, the new virtual server cannot start until it has been assigned a unique port number. To change the IP address and/or port number that is assigned to a virtual server, perform the following steps:

  1. Open the Exchange System Manager.

  2. Locate the Protocols folder for the physical server that houses the virtual server of concern and expand it.

  3. Right-click the virtual server of concern, and select Properties from the context menu.

  4. The currently configured IP address displays on the General tab, as shown in Figure 6.16.

    Figure 6.16. You must configure each virtual server with a unique IP address and port number.

    graphics/06fig16.jpg


  5. To modify the values, click the Advanced button to open the Advanced dialog box shown in Figure 6.17. From here, you can add, edit, or remove IP address and port combinations as required. Note that you can only use IP addresses that are actually assigned to the server.

    Figure 6.17. You can configure exact IP address/port number combinations for your virtual server.

    graphics/06fig17.jpg


  6. Click OK to close the Advanced dialog box.

  7. Click OK to close the virtual server Properties dialog box.

Limiting Inbound Connections to Virtual Servers

Gone are the days when you could blindly allow just anyone to access your email organization. Fortunately, Exchange provides several ways that you can configure your virtual servers to limit inbound connections and we're not even to the discussion on configuring SMTP relays! You have the following general options available to you to limit and control inbound connections to your Exchange virtual servers:

  • Granting or denying access by IP address, subnet, or domain

  • Requiring secure inbound connections

  • Requiring authenticated inbound connections

  • Restricting multiple concurrent connections and enforcing connection time limits

We briefly examine each of these items in the following sections.

Granting or Denying Access by IP Address, Subnet, or Domain

By default, your Exchange server allows inbound connections from any IP address that can reach it. This is not a very secure configuration, especially for those Exchange servers that might be more susceptible to attack by virtue of their location on the exterior of the protected, internal network.

When you deny access to a virtual server, you prevent all inbound connections from that IP address, subnet, or domain from being made. When you allow access to a virtual server, clients can access the virtual server, but still might not be able to send and receive messages if additional restrictions are in place, such as if inbound authentication is required.

To configure access to a virtual server by IP address, subnet, or domain, perform the following steps:

  1. Open the Exchange System Manager.

  2. Locate the Protocols folder for the physical server that houses the virtual server of concern and expand it.

  3. Right-click the virtual server of concern, and select Properties from the context menu.

  4. Switch to the Access tab, and click the Connection button to open the Connection dialog box shown in Figure 6.18.

    Figure 6.18. You can configure your virtual server to grant or deny access to specified IP addresses and domains.

    graphics/06fig18.jpg


  5. Configure the Connection dialog box as required to allow or deny access to IP addresses or domains.

  6. Click OK to close the Connection dialog box.

  7. Click OK to close the virtual server Properties dialog box.
Requiring Secure Inbound Connections

If you want to require secure inbound connections to increase security, you can enable SSL for your virtual server, thus providing a marked increase in communications security over the default unsecured connections. To configure SSL security for your virtual server, you need to install a server certificate first and then configure the settings you desire.

To configure SSL security for a virtual server, perform the following steps:

  1. Open the Exchange System Manager.

  2. Locate the Protocols folder for the physical server that houses the virtual server of concern and expand it.

  3. Right-click the virtual server of concern, and select Properties from the context menu.

  4. Switch to the Access tab, and click the Certificate button to start the Web Server Certificate Wizard.

  5. Click Next to dismiss the first page of the Web Server Certificate Wizard.

  6. Complete the steps required to request and submit a server certificate using the Web Server Certificate Wizard.

  7. After the certificate has been installed, return to the Access tab, and click the Communication button to open the Security dialog box shown in Figure 6.19.

    Figure 6.19. After a server certificate has been installed, you can enable SSL-secured communications to the virtual server.

    graphics/06fig19.jpg


  8. Select the Require Secure Channel check box to require SSL-secured communications to this virtual server. In addition, if you want to require only 128-bit connections, select the Require 128-bit Encryption check box. Note that clients that do not support 128-bit encryption cannot make connections to the virtual server with this check box enabled. Click OK to close the Security dialog box.

  9. Click OK to close the virtual server Properties dialog box.
Requiring Authenticated Inbound Connections

You can also require that users successfully authenticate themselves to the Exchange server before being able to make an inbound connection to the virtual server. Even if you do not plan on configuring the authentication options, you might want to consider that the default virtual server configuration allows for anonymous access, allowing anyone to potentially access your server.

To configure authentication for a virtual server, perform the following steps:

  1. Open the Exchange System Manager.

  2. Locate the Protocols folder for the physical server that houses the virtual server of concern and expand it.

  3. Right-click the virtual server of concern, and select Properties from the context menu.

  4. Switch to the Access tab, and click the Authentication button to open the Authentication dialog box shown in Figure 6.20. Note that the authentication methods available will vary by the type of virtual server you are configuring.

    Figure 6.20. You have several authentication methods from which to choose.

    graphics/06fig20.jpg


  5. Unless you are configuring a publicly accessible newsgroup server, it is advisable to configure the server to not allow anonymous connections.

  6. If you are not using SSL security, you need to remove the Basic authentication method from your virtual server as well. Basic authentication sends user credentials over the network in an unencrypted format. If SSL is in use, Basic authentication can be used with relative safety.

  7. If given the option to use Integrated Windows authentication (IWA), as in the case of an SMTP virtual server, you should always opt to use it. IWA uses standard Windows security to validate users and passes cached logon information to the Exchange server to perform authentication if this information is available. This information is already encrypted without the need for SSL, but SSL can be implemented to further secure the virtual server.

  8. Click OK to close the Security dialog box.

  9. Click OK to close the virtual server Properties dialog box.
Restricting Multiple Concurrent Connections and Enforcing Connection Time Limits

You can also very easily configure your virtual servers to limit the number of concurrent connections allowed as well as to limit the amount of time a connection remains in place. Both of these items provide somewhat increased security; however, the primary purpose is to increase the availability of the virtual server by limiting the resources users can consume.

To configure connection limits for a virtual server, perform the following steps:

  1. Open the Exchange System Manager.

  2. Locate the Protocols folder for the physical server that houses the virtual server of concern and expand it.

  3. Right-click the virtual server of concern, and select Properties from the context menu.

  4. On the General tab, shown in Figure 6.21, you can configure the maximum number of concurrent connections and the timeout limit for sessions. Note that, by default, there is no maximum limit imposed on the maximum number of concurrent connections allowed.

    Figure 6.21. You should configure the connection number and connection timeout limits to increase virtual server availability.

    graphics/06fig21.jpg


  5. Click OK to close the virtual server Properties dialog box.

Configuring SMTP Relay Settings

The final virtual server configuration item we examine is that of configuring SMTP relay settings. In recent years, we have all heard the horror stories of email servers (of all types) being abused by spammers who have located an open SMTP relay configuration. This type of situation is easily avoidable, and providing an open SMTP relay is just plain irresponsible. In addition, having an open SMTP relay is one of the quickest ways to find your organization listed on a Relay Black List (RBL), which many organizations and service providers use to filter out potential spam messages. The bottom line is that you owe it to your organization and the Internet community as a whole to ensure that your Exchange servers do not become spamming tools.

graphics/alert_icon.gif

It is important to understand that you do not need to allow relaying to all Internet hosts to enable inbound email to reach your organization. The process of relaying occurs when a user sends mail from one organization through another organization. The net result is that the email appears to have originated from the organization used as a relay instead of where it truly came from, thus masking the identity of the party actually sending the emails. Open SMTP relays are a spammer's best friend on the Internet.


To configure the SMTP relay settings, perform the following steps:

  1. Open the Exchange System Manager.

  2. Locate the Protocols folder for the physical server that houses the virtual server of concern and expand it.

  3. Right-click the virtual server of concern, and select Properties from the context menu.

  4. Switch to the Access tab, and click the Relay button to open the Relay Restrictions dialog box shown in Figure 6.22.

    Figure 6.22. You need to carefully configure relaying on Exchange servers exposed to the public.

    graphics/06fig22.jpg


  5. Configure the relay restrictions as you need. As an example, if the server in question was functioning as a front-end server, you might configure it to only allow relaying from your internal Exchange servers.

  6. Click OK to close the Relay Restrictions dialog box.

  7. Click OK to close the virtual server Properties dialog box.
     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Implementing and Managing Exchange Server 2003 Exam Cram 2 Exam 70-284
    MCSA/MCSE Implementing and Managing Exchange Server 2003 Exam Cram 2 (Exam Cram 70-284)
    ISBN: 0789730987
    EAN: 2147483647
    Year: 2004
    Pages: 171
    Authors: Orin Thomas, Will Schmied, Ed Tittel
    BUY ON AMAZON
    Developing Tablet PC Applications (Charles River Media Programming)
    MySQL Cookbook
    Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
    Mapping Hacks: Tips & Tools for Electronic Cartography
    Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
    DNS & BIND Cookbook
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy