We would like to use an external e-mail as well as an internal e-mail facility in our organization. Will a single Exchange server accomplish both objectives or do we need one Exchange server for external world communication and another for internal organization communication?
What are the security norms that one should consider to meet these objectives?
From a purely technical perspective, a single Exchange server can handle both functions out of the box. You will want to have a static public IP to accept inbound Internet mail. This IP will need to be listed in a properly configured Domain Naming Service (DNS) record somewhere with the Mail Exchanger (MX) record pointing to that IP.
From a security perspective you need to make a decision concerning:
- How sensitive the assets are on your internal network and Exchange server.
- How much you're willing to invest in securing the assets concerned.
I would recommend at a bare minimum a well-configured firewall between your Exchange server and the Internet. Most organizations choose to have a front-end/back-end configuration involving two Exchange servers, with one in a Demilitarized Zone (DMZ) protected in the front end by a firewall and isolated from your corporate network by another firewall or well-configured router. The back-end server would be where all your mailboxes reside and would therefore not be directly on the Internet.
Depending on the size of your organization and how sensitive and valuable your corporate assets are, there are all sorts of incremental enhancements to this architecture. Some involve pulling the front end servers back from the DMZ and using other SMTP relay hosts. Some involve multiple firewalls and isolated networks. It all depends on how much you're willing and interested to spend in order to secure your assets.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.