From: Roveer on
On Jun 14, 10:11 pm, "John Oliver, Jr. [MVP]" <jcolive...(a)hotmail.com>
wrote:
> Both iPod Touch, iPhone and iPad support Exchange Activesync, you will need
> a third party commercial certificate to secure communications ( I recommend
> Go Daddy SSL Cert).  I am providing link to install third party cert on SBS.
> Once installed you can go to your iPod, iPhone and iPad; Settings-Mail,
> Conacts, Calendars and choose Add Account- Microsoft Exchange.
>
> http://blogs.technet.com/b/sbs/archive/2007/08/21/how-to-install-a-pu...
>
> --
> John Oliver, Jr
> MCSE, MCT, CCNA
> Exchange MVP 2010
> Microsoft Certified Partner
>
> "Roveer" <rov...(a)erols.com> wrote in message
>
> news:484dbfab-694c-4ae2-8ee2-41b323220847(a)p31g2000vbc.googlegroups.com...
>
>
>
> > We've got a very small exchange system consisting of 4 email accounts
> > (SBS 2003).  2 of users have blackberries and we have BIS installed.
> > We are no looking at ipod touch's and ipads as another way to access
> > our email.  This works great when you are on the LAN or at one of our
> > persistant VPN'd locations, but does not work "off the network"
>
> > I've tried to get the apple devices to VPN through our Checkpoint
> > VPN-1 EDGE firewalls but am not having much luck.  This would be
> > optimal since it's secur and would place these devices on the network
> > and then the email application would work.
>
> > If I am not able to get this to work, do I have any other options?  I
> > think I read a while back about enabling some other secure protocol
> > but when I looked at it, it wanted yet another server to stand
> > between.  Just can't put up more equipment in such a small environment
>
> > Would love to have this capability, but can only strech so far to get
> > it.  Ideas?- Hide quoted text -
>
> - Show quoted text -

Please set me straight on this. Doing this (creating a cert) would
allow SSL based communication between client and exchange. But would
I not then have to expose my 2003 server to the internet on at least
some ports? Aren't there issues around doing this? I feel like I'm
missing a piece of the security puzzle. Please help me fill in the
holes.

From: Rich Matheisen [MVP] on
On Tue, 15 Jun 2010 10:26:53 -0700 (PDT), Roveer <roveer(a)erols.com>
wrote:

[ snip ]

>Please set me straight on this. Doing this (creating a cert) would
>allow SSL based communication between client and exchange. But would
>I not then have to expose my 2003 server to the internet on at least
>some ports?

Just port 443.

>Aren't there issues around doing this?

There are *always* issues with any exposure to unfiltered network
traffic. The only way to avoid that is to not connect the machine to
the Internet -- or to any network, for that matter. Unfortunately
that's rarely a practical solution.

>I feel like I'm
>missing a piece of the security puzzle.

None of us know what risks are acceptable to you. Nor do we know what,
if any, perimeter security you have in place. Or, for that matter,
what you have in place within the LAN (where I'd bet they're allowed
to use a web browser topretty much any URL).
---
Rich Matheisen
MCSE+I, Exchange MVP
From: Fritz on
Does your Exchange server accept Internet mail? If so, it's already
exposed to the Internet. ActiveSync over SSL is the way most companies do
it. I probably wouldn't bother hosting my own Exchange server for just 4
users though.


"Roveer" <roveer(a)erols.com> wrote in message
news:d91f2fd3-e089-4458-971f-9349799b9440(a)e35g2000vbl.googlegroups.com...
On Jun 14, 10:11 pm, "John Oliver, Jr. [MVP]" <jcolive...(a)hotmail.com>
wrote:
> Both iPod Touch, iPhone and iPad support Exchange Activesync, you will
> need
> a third party commercial certificate to secure communications ( I
> recommend
> Go Daddy SSL Cert). I am providing link to install third party cert on
> SBS.
> Once installed you can go to your iPod, iPhone and iPad; Settings-Mail,
> Conacts, Calendars and choose Add Account- Microsoft Exchange.
>
> http://blogs.technet.com/b/sbs/archive/2007/08/21/how-to-install-a-pu...
>
> --
> John Oliver, Jr
> MCSE, MCT, CCNA
> Exchange MVP 2010
> Microsoft Certified Partner
>
> "Roveer" <rov...(a)erols.com> wrote in message
>
> news:484dbfab-694c-4ae2-8ee2-41b323220847(a)p31g2000vbc.googlegroups.com...
>
>
>
> > We've got a very small exchange system consisting of 4 email accounts
> > (SBS 2003). 2 of users have blackberries and we have BIS installed.
> > We are no looking at ipod touch's and ipads as another way to access
> > our email. This works great when you are on the LAN or at one of our
> > persistant VPN'd locations, but does not work "off the network"
>
> > I've tried to get the apple devices to VPN through our Checkpoint
> > VPN-1 EDGE firewalls but am not having much luck. This would be
> > optimal since it's secur and would place these devices on the network
> > and then the email application would work.
>
> > If I am not able to get this to work, do I have any other options? I
> > think I read a while back about enabling some other secure protocol
> > but when I looked at it, it wanted yet another server to stand
> > between. Just can't put up more equipment in such a small environment
>
> > Would love to have this capability, but can only strech so far to get
> > it. Ideas?- Hide quoted text -
>
> - Show quoted text -

Please set me straight on this. Doing this (creating a cert) would
allow SSL based communication between client and exchange. But would
I not then have to expose my 2003 server to the internet on at least
some ports? Aren't there issues around doing this? I feel like I'm
missing a piece of the security puzzle. Please help me fill in the
holes.