Mobile Search in the DMZ
The documentation for Enterprise Vault Mobile Search says that it is recommended to install the server in the intranet and apply a reverse proxy in the DMZ to facilitate outside connections. My problem is that my customer doesn't think this is very secure and wants to put the Mobile Search server in the DMZ. Does anyone know what ports are required to be open in the firewall between the Mobile Search server and the other EV servers? Is it just an https connection or does it require everything that would need to be open if the firewall was between two EV servers?
thanks,
Mark
Just curious.. why do they think it's not secure? One single port open ... traffic logged to a file by Windows (the IIS logs) ... DMZ deployments not recommended for far more complex components than EV (eg CAS servers - http://blogs.msdn.com/b/brad_hughes/archive/2008/05/05/how-not-to-deploy-client-access-servers.aspx)
Also, as you have probably seen, in the Setting Up Exchange Server Archiving guide, Symantec says (with my highlighting):
<snip>
Note the following:■ Mobile Search requires access to the domain controller and Enterprise Vaultserver(s).Werecommend that in a production environment you should deployit on the intranet behind a firewall. Mobile Search should be made availableon the Internet through a reverse proxy server in the DMZ. However, a reverseproxy server in the DMZ is not mandatory, and Mobile Search can be installedwithout it.■ We recommend that in a production environment you should install MobileSearch on a separate server from Enterprise Vault and certain otherapplications.See “Prerequisites for Enterprise Vault Mobile Search in a productionenvironment” on page 195.</snip>