since TMG/ISA is being retired, has microsoft published any guidance on recommended new ways to expose exchange to the internet? it doesn't seem like there's been much improvement in this area for the past few releases of exchange: if you aren't using
TMG, you have to open a ton of ports between an OWA server on the DMZ and the exchange/AD backend. some security teams don't like to open tons of ports. i would have thought by now there would be a new method, maybe an internal exchange "proxy" so
we could just open one or two ports (SSL?) in the firewall between the dmz and that proxy, and the proxy would do all the RPC, GC, etc. communicating to the internal backend exchange and AD on all the random ports.
↧