How enabling SSL for OWA affects bandwidth
We are in the process of allowing certain users to access their e-mail via Outlook Web Access from the Internet. I've read a lot of Microsoft's technical data, and just about anything that pertains to Outlook Web Access and security. Secure Sockets Layer (SSL) seems to be one of the best options. Can I run SSL on my Exchange 2000 server directly? (Let's assume I do not have a front-end server -- no money.) Will SSL wreak havoc on my bandwidth?
For security purposes, you have two choices -- run Secure Sockets Layer (SSL)
or don't allow remote clients to connect to Outlook Web Access. Internet clients will most likely use Basic Authentication to connect to OWA. If you were to configure a front-end server, then Basic Authentication is the only authentication method supported on the front-end server for Outlook Web Access. You must use SSL to encrypt their usernames and passwords -- so my suggestion is, just do it.
Now, I may be preaching to the choir in your case, so let me answer your specific question. Will there be an increase in network traffic with SSL enabled? Yes. Will that saturate your bandwidth? That is hard to answer without knowing what your current bandwidth is.
What I can tell you, based on Microsoft's own performance testing, is that you will need 200% more processor power to handle the public key encryption (PKI) overhead. So, you will want to watch processor utilization carefully if you do enable SSL on your existing Exchange server. Again, enabling SSL is not an option in my opinion if you want to allow Internet users to connect.
Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:
Learning Guide: Exchange performance
SearchExchange.com Reference Center: Permissions and authentication
This was first published in November 2005