Step 4: Protect Communications Between the Exchange Server and Other Servers

  • Article

6/2/2010

After you enable the security features to help secure the communications between your client Windows Mobile-based devices and the Exchange front-end server, you also must protect the communications between the Exchange front-end server and the back-end servers. We recommend that you use Internet Protocol Security (IPSec) to encrypt IP traffic.

HTTP, IMAP, and POP communications between the front-end server and any server with which the front-end server communicates (such as back-end servers, domain controllers, and global catalog servers) are not encrypted. When the front-end and back-end servers are in a trusted physical or switched network, the absence of encryption is not a concern. However, if front-end and back-end servers are kept in separate subnets, network traffic may pass over unsecured areas of the network. The security risk increases when there is greater physical distance between the front-end servers and the back-end servers. In such cases, we recommend that this traffic be encrypted to protect passwords and data.

Using IPSec to Encrypt IP Traffic

Windows 2000 and Windows Server 2003 both support IPSec, which is an Internet standard that allows a server to encrypt all IP traffic except IP traffic that uses broadcast or multicast IP addresses. Generally, IPSec is used to encrypt HTTP traffic; however, you can also use IPSec to encrypt IMAP, Lightweight Directory Access Protocol (LDAP), POP, RPC traffic. With IPSec, you can:

  • Configure two servers that are running Windows 2000 or Windows Server 2003 to require trusted network access.
  • Use a cryptographic checksum on every packet to transfer data that is protected from modification.
  • Encrypt, at the IP layer, any traffic between the two servers.

In a front-end and back-end topology, you can use IPSec to encrypt traffic between the front-end and back-end servers that otherwise would not be encrypted.

For more information about configuring IPSec through a firewall, see How to Enable IPSec Traffic.

For more information about using IPSec to protect communications, visit the IPSec Information Center.

See Also

Concepts

Deploying a Mobile Messaging Solution with Windows Mobile 5.0-based Devices