Securing Communications Between Exchange Front-End Server and Other Servers

After you secure your communications between the client computers and the Exchange servers, you must secure the communications between the Exchange server and other servers in your organization. HTTP, POP, and IMAP communications between the front-end server and any server with which the front-end server communicates (such as back-end servers, domain controllers, and global catalog servers) is not encrypted. When the front-end and back-end servers are in a trusted physical or switched network, this lack of encryption is not an issue. However, if front-end and back-end servers are kept in separate subnets, network traffic may pass over nonsecure areas of the network. The security risk increases when there is greater physical distance between the front-end and back-end servers. In this case, it is recommended that this traffic be encrypted to protect passwords and data.