<disclaimer> No; I don't work for ISA marketing... :-p </disclaimer>
Actually, ISA provides much more than "just OWA publishing". The Exch team took the position that with ISA (and the coming ForeFront technologies) in the mix, there was little gain and much risk in placing the FE (CAS in Exch 2007 parlance) anywhere but in the LAN. Being a Cisco-heavy shop doesn't obviate ISA deployment (although I do understand your position). In fact, many folks place ISA in the DMZ to absorb the auth- and app-layer attacks and leave their app server safely behind it. Unless you're looking to create a hugely distributed deployment, a single ISA (Std Edition) can probably serve your needs quite well. With ISA handling auth (via RADIUS if your shop is also MS-paranoid), the CAS server only ever sees auth-validated traffic. To make it neater, sweeter and more peteeter, ISA 2006 can use KCD to further strengthen your auth position. http://www.microsoft.com/technet/isa/2006/authentication.mspx should help you get a handle on the kewlnesses that ISA 2006 brings to the Exch 2007 arena. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy Hall Sent: Thursday, January 04, 2007 1:41 PM To: Focus-MS Subject: How to deploy Microsoft OWA without using ISA? We have been using OWA2000 for a few years now. The front end server sits in a DMZ and communicates to the backend server with a very painfully developed access list. In addition, you need two factor authentication to even get to the login screen. I recently attended a Microsoft presentation of the new architecture of Outlook 2007. The one thing that stuck out to me was that you can no longer put the front end server in a DMZ. It has to be on the internal network. The recommended way to publish OWA is ISA2006. I don't currently have ISA2006 anywhere in my network and we are a very heavy Cisco shop. What options do I have for publishing OWA? Purchasing ISA2006 for this one application seems a bit overkill. Any help or guidance would be appreciated. Google turns up lots of hits for doing this with ISA but doesn't give any alternative. Randy Hall - Sr. Security Engineer - CISSP The Virginian Pilot - (757) 446-2754 All mail to and from this domain is GFI-scanned.
