Seems to be topic of the day.
Your risk is that you now have 443 open to the internet, pure and simple. Is that good/bad/ugly, that is for you to decide. It is my personal opinion that the server holding my mailbox databases is the holy grail. If that goes down for some reason every single user with mail on that server notices. And as such, I try to minimize risks that can take down entire mb server. When you bring up a FE or CAS you separate your holy grail from the internet and try to minimize the risk. If some attack on 443 (say a modified DDOS that your machine doesn't know how to deal with) takes down a FE server you have limited functionality for phones and owa, if that were a mailbox server, you might have a whole office of people unable to utilize any exchange functionality. As previously stated by Carl, people understand the need for a BES server, they should also understand the need for a FE for activesync. It is the right way to do it. Have a good weekend -troy From: Weatherford, Chad [mailto:cweatherf...@scvl.com] Sent: Friday, July 17, 2009 12:21 PM To: NT System Admin Issues Subject: Port 443 Question If port 443 were opened up to our internal exchange server so iPhone's could send and receive email (testing phase; we do not have a front end OWA server or ISA server yet) what kind of risks are we opening ourselves up to? Thanks! Chad ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~